Chrome zero-day
-
Hackers earn $1.3 million for 47 zero-days at Pwn2Own Berlin 2026
Researchers collected $1.298 million after exploiting 47 zero-day flaws at Pwn2Own Berlin 2026, which focused on enterprise technologies and artificial intelligence. DEVCORE won the contest, and vendors now have 90 days to patch the bugs.
-
Two new Windows zero-days expose BitLocker and CTFMON flaws
A technical disclosure says two new Windows zero-days can bypass BitLocker in recovery mode and may enable privilege escalation in CTFMON, adding to a recent run of Microsoft security issues.
-
Google says hackers used AI to help find and weaponize a zero-day 2FA bypass
Google said it found what it believes is the first known in-the-wild use of AI for vulnerability discovery and exploit generation, after attackers used a zero-day Python script to bypass two-factor authentication on an open-source admin tool.
-
Adobe Reader zero-day exploited through malicious PDFs since December 2025
A technical analysis says attackers have abused a previously unknown Adobe Reader zero-day through malicious PDFs since at least December 2025. The files can run JavaScript, collect data and potentially deliver more payloads.
-
TrueConf zero-day exploited in attacks on Southeast Asian government entities
A zero-day in TrueConf client video conferencing software was exploited in attacks on Southeast Asian government entities. The flaw let a tampered update run arbitrary code, and the vendor has since patched it in Windows client 8.5.3.
-
Google patches two Chrome zero-days exploited in the wild
Google released Chrome updates to fix two high severity zero-days exploited in the wild. Both are scored 8.8. Users should update Chrome to the listed versions on Windows macOS and Linux to reduce risk.
-
Google issues patches for 129 Android flaws including actively exploited Qualcomm zero day
Google released updates that fix 129 Android vulnerabilities, including an actively exploited zero day in a Qualcomm display component. The bulletin adds two March patch levels and addresses 10 critical flaws that can enable remote code execution.
-
U.S. sanctions Russian exploit broker for buying stolen zero day tools
Matrix LLC and its owner were sanctioned under the Protecting American Intellectual Property Act after purchasing stolen zero day exploits. The action freezes U.S. assets and follows the sentencing of a former defense contractor executive.
-
Google patches actively exploited Chrome zero-day CVE-2026-2441
Google released Chrome updates to fix CVE-2026-2441, a high severity use after free bug in CSS that is being exploited in the wild. Users should update Chrome to the patched versions to reduce risk.
-
Apple issues updates to fix exploited dyld zero-day across iOS, macOS and other platforms
Apple released multiple OS updates to fix an exploited dyld memory corruption zero-day, CVE-2026-20700. The advisory credits Google Threat Analysis Group. Users should install the published updates for their devices.
