Explore the latest 0-Day vulnerabilities news, expert insights, and cyber threat updates to stay ahead in information security.
Search across headline titles and summaries.
Background for this topic.
0-Day, also spelled as Zero-Day, is a term used in information security to describe a software vulnerability that is unknown to the party or parties responsible for patching or fixing the vulnerability. The "zero" in the term denotes that the developers have zero days to address the flaw because it has already been discovered by attackers who can exploit it to cause harm before a fix is made available.
In the context of information security, a 0-Day vulnerability is particularly dangerous because it can be actively exploited by cybercriminals to gain unauthorized access, steal sensitive data, execute malicious code, or cause service disruptions. Because the vulnerability is not widely known, protective measures and patches are typically not yet in place, leaving systems and users vulnerable until the software developer releases an update to patch the security hole.
0-Day exploits are often sold or shared on the black market among hackers and are considered valuable because they are effective against systems that are considered to be secure. Information security professionals actively work to discover and mitigate these vulnerabilities before they can be exploited, and users are encouraged to apply software updates regularly to protect themselves against known 0-Day vulnerabilities that have been patched.
Weekly headline count for the current query.
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]