Search

bleepingcomputer.com › news › microsoft

Microsoft warns of Exchange zero-day flaw exploited in attacks

…Over the last 5 years, CISA has added 19 Microsoft Exchange Server vulnerabilities to its list of actively exploited security flaws, 14 of which were also abused in ransomware attacks. The Validation…

May 15, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Palo Alto Networks firewall zero-day exploited for nearly a month

…Cybersecurity and Infrastructure Security Agency (CISA) also added the CVE-2026-0300 zero-day to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure vulnerable…

May 7, 2026 · Sergiu Gatlan

theverge.com › tech › 928007

Google stopped a zero-day hack that it says was developed with AI

…it was able to “disrupt” this particular exploit, but also says hackers are increasingly using AI to find and take advantage of security vulnerabilities. The report also mentions AI as a target…

May 11, 2026 · Stevie Bonifield

bleepingcomputer.com › news › security

Drupal critical update to fix bug with high exploitation risk

…exploit for web admin tool cPanel, WHM emergency update fixes critical auth bypass bug Critical cPanel and WHM bug exploited as a zero-day, PoC now available Drupal Exploit Security Advisory Vulnerability…

May 20, 2026 · Bill Toulas

Top stories

theverge.com

Microsoft is threatening legal action for disclosing exploits

6d ago

techcrunch.com

Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch

1w ago

pcworld.com

Google just patched 150+ Chrome vulnerabilities, 22 of them critical

1w ago

tomshardware.com

AI shrinks zero-day exploit time from a year to a single day, heading toward one minute — Zero-Day Clock warns security window has collapsed

1w ago

bleepingcomputer.com › news › security

New Linux 'Dirty Frag' zero-day gives root on all major distros

…CISA added Copy Fail to its Known Exploited Vulnerabilities (KEV) Catalog last Friday, ordering federal agencies to secure their Linux devices within two weeks, by May 15. "This type of vulnerability is…

May 8, 2026 · Sergiu Gatlan

2 sources covering this — show 1 more

• Another major Linux security flaw revealed — 'Dirty Frag' allows root on all major distros, with no patch or fix available yet techradar.com

guru3d.com › story

Microsoft Faces New BitLocker Security Concerns With YellowKey

Security researcher Chaotic Eclipse, also known online as Nightmare-Eclipse, has disclosed two new Windows zero-day exploits named YellowKey and GreenPlasma. The vulnerabilities target BitLocker encryption and Windows privilege handling respectively…

May 14, 2026 · Hilbert Hagedoorn

macrumors.com › 2026 › 05 › …

Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool

…It is unclear if Apple has already patched the exploit. Apple's security notes for the macOS 26.5 update released this week mention a fix for a kernel-level vulnerability, and…

May 14, 2026 · Joe Rossignol

Discussions and forums

Hacker News · u/randersson1000 · Apr 22, 2026

Speed Matters: Why AI Software Vulnerability Exploitation is going be bad

I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …

13 5

r/netsec · u/unknownhad · 3w ago

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.

The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …

r/cybersecurity · u/Aureliand · 1w ago

Microsoft vs Chaotic Eclipse: three zero-days now actively exploited

This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…

Hacker News · u/honeylabs · 2w ago

Show HN: HoneyLabs – Public honeypot threat Intel feed and MCP server

I've been running a small fleet of honeypots for about a year. They get hit by a mix of research scanners (Censys, Shadowserver, etc.), old worms, and a bump of CVE probes the day a new Nuclei template ships. The data wa…

4 2

bleepingcomputer.com › news › security

Windows BitLocker zero-day gives access to protected drives, PoC released

…privilege escalation security issue that could be exploited to obtain a shell with SYSTEM permissions. Chaotic Eclipse describes it as a "Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability." An unprivileged…

May 13, 2026 · Bill Toulas

neowin.net › news

Microsoft, CISA warn on flaw affecting miilions of systems running major Linux distros

…Known issues The linux foundation Security flaw Microsoft Security vulnerability Cisa Lpe Red hat Escalation of privilege vulner Ubuntu Root Linux bug Known issues Security flaw Security vulnerability Lpe Escalation of privilege…

May 4, 2026 · Sayan Sen

tomshardware.com › tech-industry › cyber-security

Standard 90-day vulnerability disclosure policy is likely dead thanks to AI, expert warns that AI can weaponize patches in 30 minutes — LLM-assisted bug-hunting ushers in a new cyberworld order

…urges developers to treat "every critical security issue as P0 and fix it immediately," as they can assume that said vulnerability is already under active exploitation. To wit, "if you are reading…

May 12, 2026 · Bruno Ferreira