LegacyHive: 'Bone-shattering' zero-day from Microsoft's serial tormentor not the haymaker that was promised
Experts say it’s a useful post-compromise tool, for those with the brain cells required to put it together
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
Weekly headline count for the current query.
Experts say it’s a useful post-compromise tool, for those with the brain cells required to put it together
Weeks after the exploit code dropped, Redmond has finally ships a fix for the Defender zero-day
At least two vulnerabilities are already under attack
CVE-2026-20230 under exploitation, while an earlier SD-WAN 0-day looks even worse than we thought
Second Catalyst SD-WAN Manager flaw exploited as an 0-day this month
University of Nottingham is first of many, Shiny tells The Reg
Another day, another Windows exploit code
Revenge is a dish best served code
Google paid researcher a tidy $55K bounty for its discovery
Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7
Good luck, sys admins
Following days of criticism from the security community, Redmond dials back rhetoric, insists vulnerability hunters not in its legal crosshairs
Six 0-days, three under active exploitation, more to come on July 14?
Emergency patches out now for those managing the millions of domains assumed to be affected
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it.…
Second try's a charm?
Second try's a charm? Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are exploiting a zero-click Windows flaw that can expose sensitive information on vulnerable systems.…
Or it's a bunch of pre-IPO hype. Either way, we're giving it the once-over on this week's episode Kettle Anthropic dropped a doozy on us this week with the launch of Mythos, an AI model it says is able to find and exploit zero-day vulnerabilities with a shocking level of ability. …
Just what FOSS developers need – a flood of AI-discovered vulnerabilities Opinion Anthropic describes Project Glasswing as a coalition of tech giants committing $100 million in AI resources to hunt down and fix long-hidden vulnerabilities in critical open source software that it's finding with its new Mythos AI program. Or as The Reg put it, "an AI model that can generate zero-day vulnerabilities."…
Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.…