Tagged articles

13 articles

Page 1 of 1

Jun 11, 2026 · Information Security

Nightmare Eclipse Returns: RoguePlanet Zero‑Day Grants SYSTEM on Patched Windows

On June 9, 2026, security researcher Nightmare Eclipse released the RoguePlanet zero‑day exploit that leverages a race condition in Microsoft Defender to spawn a SYSTEM‑level command prompt on Windows 10/11 machines fully patched with the June updates, while also hinting at a possible BitLocker bypass.

BitLocker bypassLocal Privilege EscalationMicrosoft Defender

0 likes · 10 min read

Nightmare Eclipse Returns: RoguePlanet Zero‑Day Grants SYSTEM on Patched Windows

Black & White Path

May 14, 2026 · Industry Insights

Pwn2Own Crushed by a 0‑Day Flood: Uncovering a Structural Security Crisis

At Pwn2Own Berlin 2026, Trend Micro’s ZDI rejected over 100 zero‑day submissions, prompting researchers to disclose vulnerabilities publicly, which forced Mozilla to issue emergency patches and exposed a systemic mismatch between AI‑driven vulnerability production and the competition’s industrial‑era review capacity, challenging existing CVD policies.

AI VulnerabilityCoordinated Vulnerability DisclosureFirefox

0 likes · 11 min read

Pwn2Own Crushed by a 0‑Day Flood: Uncovering a Structural Security Crisis

Black & White Path

May 7, 2026 · Information Security

Is the era of browser malware returning? Inside Chrome V8 zero‑day CVE‑2026‑5865

The article details the high‑severity CVE‑2026‑5865 type‑confusion flaw in Chrome's V8 engine, explains how crafted JavaScript triggers arbitrary memory access and remote code execution, and describes Google's TurboFan‑based fix for versions before 147.0.7727.55.

CVE-2026-5865ChromeType Confusion

0 likes · 4 min read

Is the era of browser malware returning? Inside Chrome V8 zero‑day CVE‑2026‑5865

Black & White Path

Apr 19, 2026 · Information Security

Why Security Researchers Deserve Respect: Lessons from the 2026 Windows Defender Zero‑Day Fallout

In April 2026 a trio of Windows Defender zero‑day bugs—BlueHammer, RedSun and UnDefend—were publicly disclosed after Microsoft’s Security Response Center repeatedly ignored the researcher’s reports, sparking a debate over responsible disclosure, corporate trust, and the urgent need to respect security professionals.

BlueHammerMicrosoftSecurity Research

0 likes · 6 min read

Why Security Researchers Deserve Respect: Lessons from the 2026 Windows Defender Zero‑Day Fallout

Black & White Path

Apr 17, 2026 · Information Security

RedSun PoC Uses Windows Defender Tag to Overwrite Files and Escalate Privileges

The RedSun proof‑of‑concept demonstrates that when Windows Defender detects a malicious file marked with a cloud‑based detection tag, it may rewrite the file to its original location instead of isolating it, allowing an attacker to replace system files and obtain administrator privileges.

Local Privilege EscalationRedSunSecurity Research

0 likes · 1 min read

RedSun PoC Uses Windows Defender Tag to Overwrite Files and Escalate Privileges

Black & White Path

Mar 25, 2026 · Information Security

How Interlock Ransomware Exploits Cisco FMC Zero‑Day CVE‑2026‑20131 for Root Access

Amazon's threat‑intel team revealed that the Interlock ransomware group has been leveraging Cisco Firepower Management Center's CVE‑2026‑20131 zero‑day—an insecure deserialization flaw that grants unauthenticated root access—since January 2026, exposing a detailed attack chain, toolset, attribution clues, impact assessment, and defensive recommendations.

CVE-2026-20131Cisco FMCDefense in Depth

0 likes · 12 min read

How Interlock Ransomware Exploits Cisco FMC Zero‑Day CVE‑2026‑20131 for Root Access

Black & White Path

Mar 3, 2026 · Information Security

How Malicious Chrome Extensions Exploit Gemini AI to Steal Local Files (CVE‑2026‑0628)

The article dissects Chrome’s high‑severity CVE‑2026‑0628 zero‑day, showing how a policy enforcement flaw in the WebView tag lets malicious extensions hijack the privileged Gemini Panel to read local files, capture audio/video, take screenshots, and achieve privilege escalation, and outlines affected versions, risk assessment, and remediation steps.

Browser SecurityCVE-2026-0628Chrome

0 likes · 10 min read

How Malicious Chrome Extensions Exploit Gemini AI to Steal Local Files (CVE‑2026‑0628)

Huolala Safety Emergency Response Center

Aug 22, 2022 · Information Security

Can Attack Simulation Strengthen Real‑World Cyber Defense?

Attack simulation, especially endpoint‑focused BAS, greatly aids purple‑team defenses by enabling comprehensive detection rule creation, yet it cannot fully replicate web zero‑day exploits due to regulatory and intelligence constraints, limiting its universality in modern cyber‑security operations.

Cyber DefenseEndpoint SecurityZero-Day

0 likes · 2 min read

Can Attack Simulation Strengthen Real‑World Cyber Defense?

MaGe Linux Operations

Jul 18, 2022 · Information Security

Google Patches Critical Chrome Zero-Day Exploited in Wild Attacks

Google has released Chrome version 103.0.5060.114 for Windows, addressing the fourth high‑severity zero‑day vulnerability patched in 2022, which was actively exploited in the wild, and urges users to update promptly as the rollout progresses globally over the coming days or weeks.

CVE-2022-0609ChromeSecurity Patch

0 likes · 4 min read

Google Patches Critical Chrome Zero-Day Exploited in Wild Attacks

MaGe Linux Operations

Jun 2, 2022 · Information Security

How a Hacker Cracked Firefox in 8 Seconds: Inside the Pwn2Own Exploit

In the Pwn2Own 2022 competition, hacker Manfred Paul exploited two critical Firefox vulnerabilities in under eight seconds, earning $100,000, while the event also uncovered major bugs across Ubuntu, Tesla, Microsoft, and Safari, highlighting the real-world impact of rapid zero‑day exploits.

FirefoxPwn2OwnZero-Day

0 likes · 6 min read

How a Hacker Cracked Firefox in 8 Seconds: Inside the Pwn2Own Exploit

Alibaba Cloud Native

Dec 16, 2021 · Information Security

Why RASP Outperforms Traffic‑Based Defenses Against Log4j2 Exploits

The Log4j2 remote code execution flaw is hard to contain because it enables arbitrary code execution and hides its traffic signatures, but Runtime Application Self‑Protection (RASP) can detect malicious behavior at the application level, offering low false‑positives and automatic component discovery without relying on constantly updated rules.

Cloud NativeJavaRASP

0 likes · 9 min read

Why RASP Outperforms Traffic‑Based Defenses Against Log4j2 Exploits

21CTO

Sep 9, 2021 · Information Security

Critical IE Zero-Day (CVE‑2021‑40444) Exploited via Malicious Office Docs – What You Need to Know

Microsoft warned on September 8 that a critical IE zero‑day (CVE‑2021‑40444) is being actively exploited through specially crafted Office documents, allowing remote code execution via ActiveX, and urged users to disable IE ActiveX controls until a patch is released.

ActiveXCVE-2021-40444IE

0 likes · 3 min read

Critical IE Zero-Day (CVE‑2021‑40444) Exploited via Malicious Office Docs – What You Need to Know

21CTO

Apr 13, 2021 · Information Security

Chrome/Edge 0‑Day, Zoom Exploit, Voice Mouse: This Week’s Top Tech News

ByteDance announced a discounted employee stock option plan, while security researchers revealed a Chrome/Edge V8 remote‑code‑execution zero‑day and a Zoom client RCE demonstrated at Pwn2Own 2021, and Logitech unveiled a Baidu‑powered voice mouse capable of transcribing 400 characters per minute.

ChromeEdgeGadgets

0 likes · 4 min read

Chrome/Edge 0‑Day, Zoom Exploit, Voice Mouse: This Week’s Top Tech News