Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]
A 0-Day is a software vulnerability without an available fix, creating risk because defenders have limited time to mitigate exploitation.
Search across headline titles and summaries.
Background for this topic.
0-Day describes a software vulnerability unknown to the software maker or unpatched when first exploited. Attackers can use these flaws immediately, as no official fix or signature exists to block the exploit. Such vulnerabilities often affect widely deployed software or hardware, making them valuable for targeted attacks or widespread campaigns.
Because defenders lack patches or reliable detection signatures initially, they must rely on anomaly detection, network monitoring, and threat intelligence to identify suspicious activity linked to 0-day exploits. Rapid patching once a fix is released is critical to reduce exposure. Tracking emerging 0-day threats helps prioritize defensive measures and informs risk management decisions in environments where unpatched vulnerabilities pose significant security risks.
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. [...]
This week starts small
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. [...]
YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. [...]