zero day
12 posts
Nginx patched. Assume breach.
NGINX issued the nginx-poolslip patch. Operator analysis of what is confirmed, what is not, and what must change at the proxy boundary.
The zero-day wasn't the failure.
Luxembourg's national telecoms network collapsed from one Huawei zero-day. The failure was architectural, not vendor-specific. Concentration was the control gap.
The IIS virtual directory that won't stop bleeding
Technical analysis of the Exchange Server zero-day, the frontend-to-backend trust boundary it abuses, and what fires in EDR and IIS telemetry.
Microsoft's patch cadence is not the problem
The Exchange zero-day is the fifth in the same pattern since 2021. Why patching faster is not the fix, and what actually reduces blast radius.
AI just broke 2FA at scale
AI was used to develop a zero-day 2FA bypass deployed at mass scale. The control's economic assumption has been falsified in the wild.
Attackers weaponized AI to bypass 2FA at scale
A reported AI-developed zero-day 2FA bypass in mass use removes the assumption that 2FA terminates the account takeover chain.
Four Windows 11 zero-days on one desk
One researcher controls the release cadence on four Windows 11 zero-days, including BitLocker bypass yellowkey and LPE greenplasma.
Patch status is not your risk variable
Operator brief on yellowkey and greenplasma, two public Windows 11 zero-days from the bluehammer and redsun researcher. What failed. What must now be true.
Dirty Frag roots every kernel
Technical analysis of CVE-2026-3490 'Dirty Frag' - a page_frag refcount UAF in the Linux kernel enabling local root on stock 5.15-6.8 kernels.
Your patched kernel is still vulnerable
Dirty Frag - CVE-2026-31337, CVSS 7.8 - is a UAF in the Linux kernel's IPv4 fragment reassembly path. Container-to-host root on every major distro.
Chrome's fourth zero-day of 2026 ships mid-cycle
Fourth Chrome zero-day of 2026 is a V8 type confusion. Inside the exploit chain, sandbox escape, and the patch gap attackers are weaponising right now.
Chrome Zero-Day Exploited in 2026
CVE-2026-2783, a zero-day in Chrome's V8 engine, was exploited in targeted attacks against sensitive data handlers. No file writes occurred; execution stayed within the browser process. Detection failures stemmed from normal-looking network behavior and lack of alerts across EDR and SIEM systems.