SecurityWeek

Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks

Microsoft released patches for CVE-2026-21509, a new Office zero-day vulnerability that can be exploited to bypass security ...

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks ...
HHS

Windows Warning: Zero-Day Attack

Microsoft is warning Windows users that they're vulnerable to a new zero-day flaw that attackers have been exploiting to remotely execute arbitrary code. "At this time, we are aware of limited, ...
CSO Online

Fortinet confirms new zero-day attacks against customer devices

All SAML SSO implementations, including FortiCloud SSO, are vulnerable to authentication bypass and malicious configuration ...
New York Post

Apple patches two zero-day flaws used in targeted attacks

The company described the activity as an “extremely sophisticated attack” aimed at specific individuals. Although Apple did not identify the attackers or victims, the limited scope strongly suggests ...
Dark Reading

SonicWall Edge Access Devices Hit by Zero-Day Attacks

SonicWall Wednesday disclosed a zero-day vulnerability impacting its SMA1000 access platform that is under active exploitation via chained attacks. CVE-2025-40602 is a medium-severity local privilege ...

China-linked hackers exploited Sitecore zero-day for initial access

An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure ...