
Unpatched HTTP/3 DoS in Alibaba XQUIC — 260-Byte Crash
Alibaba XQUIC unpatched HTTP/3 DoS flaw crashes servers with 260 bytes. Zimbra critical XSS patched. GigaWiper destructive backdoor analyzed.
Posts tagged: Zero-Day

Alibaba XQUIC unpatched HTTP/3 DoS flaw crashes servers with 260 bytes. Zimbra critical XSS patched. GigaWiper destructive backdoor analyzed.

CVE-2026-50746 UniFi OS CVSS 10 command injection, CVE-2026-50656 Defender RoguePlanet exploit, UAT-7810 LONGLEASH ORB malware, ColdFusion KEV deadline.

CVE-2026-43499 GhostLock grants instant root on Linux since 2011. CVE-2026-48282 ColdFusion CVSS 10 added to KEV. KDDI 12M credential breach confirmed.

CVE-2026-53359 KVM VM escape has public PoC after 16 years. Plus BeyondTrust CVSS 9.2 auth bypass and China-nexus ORB malware from Talos.

Prompt injection forces autonomous AI agents to send crypto to attackers. Plus Opera GX silent install flaw and SkillCloak 90% AI plugin evasion.

Cisco UCM zero-day exploited with public PoC. CVE-2026-45659 SharePoint RCE hits CISA KEV. DHS confirms HSIN breach. JADEPUFFER AI ransomware.

CVE-2026-46817 Oracle EBS Payments auth bypass actively exploited. Aflac Japan subsidiary breach and BlueHammer in ransomware toolkits.

CVE-2026-55200 public PoC turns SSH clients into targets. Plus 14.2M credentials exposed at six ISPs and Russian APTs exploiting messaging apps.

Miasma malware expands from npm to Go and GitHub Actions. CVE-2026-12569 Windchill RCE hits KEV. CL-STA-1062 espionage targets SE Asia governments.

CVE-2026-20245 gave attackers root on Cisco SD-WAN routers for two months pre-patch. Plus CVSS 9.8 Lantronix OT flaw and 27M credentials recovered.