The back-and-forth over public disclosure policy does have substantial "gray area" and nuance. As Microsoft points out, the zero-day vulnerabilities that Chaotic Eclipse provided a "road map" to threat actors and some were almost immediately put to use in real-world attacks. On the other side of the coin, security researchers have long complained of unresponsive and heavy-handed communications from Microsoft.
A new report from Google Threat Intelligence Group (GTIG) and Mandiant warns of a zero-day vulnerability present in Dell RecoverPoint for Virtual Machines since 2024, and that has been actively exploited by Chinese hackers for at least that long.
A zero-day vulnerability that has been with iOS since the first iPhone launched has been identified and patched out by Apple, but with the warning that there is evidence it has been exploited in attack chains for quite some time.
Harvard University and Envoy, an American Airlines subsidiary, have confirmed data breaches linked to a zero-day vulnerability CVE-2025-61882 in Oracle’s E-Business Suite software.
Meta warns that a WhatsApp vulnerability on Apple devices allowed hackers to target some users with zero-click spyware. WhatsApp describes the zero-day vulnerability as “incomplete authorization of linked device synchronization messages.
Microsoft has released security patches for the zero-day vulnerability chain dubbed ToolShell, capable of remote code execution on SharePoint, resulting in the exploitation of at least 54 organizations worldwide.
Two zero-day vulnerabilities in Ivanti products that were disclosed in January (and patched weeks later) have turned out to be the source of a breach of MITRE, the US government-funded cybersecurity research center. China's nation-state hackers are suspected to be behind the attack given similarities in exploiting these same vulnerabilities in other incidents, but this is not confirmed as of yet.
A dozen Norwegian government ministries suffered a cyber attack exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), the Norwegian National Security Authority (NSM) has disclosed.
File transfer services play crucial roles in securing business and government operations, but companies must be aware of the inherent risks and adopt mitigations to safeguard against those risks.
A spyware vendor in Spain has been linked to a zero-day exploitation framework that impacted Windows, as well as the Chrome and Firefox browsers, from 2018 to 2021. Google researchers present markers found in its code including a script that is signed by the company.










