Google’s Threat Analysis Group (TAG) and Mandiant teams observed 97 zero-day vulnerabilities exploited in the wild last year, a staggering 56% increase over 2022's 62 zero-day exploits, but shy of ...

CrushFTP, a service that provides users with secure file server software, has recently been targeted by hackers. Unfortunately, it seems as if some customers have been compromised, with thousands of ...

Last year was big for zero-day exploits, security threats that appear in the wild before vendors have a chance to develop patches. Through its sprawling network of services and research initiatives, ...

Cybersecurity firm Kaspersky has detailed more of its findings on the distribution of malware through a zero-day exploit it uncovered in Google Chrome earlier this year. The exploit was executed ...

Researchers found Chinese-linked attackers abused SonicWall VPN access and VMware ESXi zero-day flaws to escape VMs and gain ...

Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted ...

Analysis of a recent attack targeting VMware ESXi vulnerabilities from March 2025 revealed an exploit developed a year before ...

Vulnerabilities in enterprise network and security appliances accounted for nearly half of the zero-day flaws exploited by attackers last year, according to Google’s Threat Intelligence Group.

"The affected endpoint is also associated with unauthenticated DNS modification ("DNSChanger") behavior documented by D-Link, ...

Threat actors are exploiting CVE-2026-0625, a critical zero-day vulnerability in discontinued D-Link devices for remote code ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Some weeks start better than others. If you are a member of an ...

Thousands of Ivanti VPN instances have been compromised across the globe in the last five days thanks to two serious, as yet unpatched zero-day vulnerabilities disclosed last week. Ivanti Connect ...