Skip to main content

Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

© 2026 ZeroDayAttack · Public data from CISA · NIST · MITRE · FIRST · OSV · GitHub · abuse.ch — not a security advisory.

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

Search

166 results

For "exploit" across CVEs, vendor advisories, threat actors, IOCs, security research, and news.

All166 Vulnerabilities50 Threat actors8 Vendor advisories7 Research50 News50 IOCs1

Instant answer

Public exploits available

CVEs we've correlated with at least one ExploitDB entry, Metasploit module, or public PoC. Sort by recency.

Featured CVEs

CVE-2026-31431High· 7.8Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability22 h ago
CVE-2024-21338High· 7.8Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability22 h ago
CVE-2008-0015High· 8.8 Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability22 h ago

Research

50

jfrog
Inside EveryOps APAC: What India and Australia’s Tech Leaders Are Focused On
Last June, we hosted the first EveryOps Day in Sydney - born from the convergence of DevOps, DevSecOps, and AI/MLOps we were witnessing across every industry in APAC. A year later, with AI's proliferation across software delivery and securi
1 d ago
rapid7
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273 , a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same d
CVE-2026-35273 · CVE-2013-3821 · CVE-2017-3548
1 d ago

CVE-2024-0012

Critical· 9.8

Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

22 h ago

CVE-2023-38035Critical· 9.8Ivanti Sentry Authentication Bypass Vulnerability22 h ago

CVE-2021-27876High· 8.1Veritas Backup Exec Agent File Access Vulnerability22 h ago

CVE-2025-59287Critical· 9.8Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability22 h ago

CVE-2025-61882Critical· 9.8Oracle E-Business Suite Unspecified Vulnerability22 h ago

All exploit-available CVEs

SentinelOne + Claude: Integrations for AI Visibility, Governance, and Defense

Enterprise adoption of Claude across teams, workflows, and business functions is happening at a pace unlike virtually any technology before it. While the innovation opportunity is obvious, so are many of the risks. From the exposure of sens

LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets

arXiv:2606.12887v1 Announce Type: new Abstract: Bitcoin's Lightning Network (LN) can be exploited as a covert, low-cost command-and-control (C&C) channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain pr

DIG: Oracle-Guided Directed Input Generation for One-Day Vulnerabilities

arXiv:2606.13037v1 Announce Type: new Abstract: One-day vulnerabilities pose significant risks due to delayed or incomplete patch adoption. Generating proof-of-concept (PoC) inputs is therefore essential for assessing real-world impact. The

The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems

arXiv:2606.13079v1 Announce Type: new Abstract: Nowadays, the autonomous execution of cyberattacks capable of causing substantial real-world harm is widely regarded as one of the critical red lines that frontier AI systems must not cross. W

The Invisible Ink of the Android Malware World: A Longitudinal Study on the Usage of Covert Communication Channels

arXiv:2606.13107v1 Announce Type: new Abstract: Proxies, VPNs and Tor have long helped the privacy community and users in censored regions to fight censorship. However, the same tools can be maliciously exploited by malware and botnets to c

Who Pays the Price? Stakeholder-Centric Prompt Injection Benchmarking for Real-world Web Agents

arXiv:2606.13385v1 Announce Type: new Abstract: Web agents driven by large language models (LLMs) are increasingly deployed in real-world environments, where they operate over untrusted web content and execute actions with direct consequenc

Cybersecurity Threat Hunting and Vulnerability Analysis Using a Neo4j Graph Database of Open Source Intelligence

arXiv:2301.12013v3 Announce Type: replace Abstract: Open source intelligence is a powerful tool for cybersecurity analysts to gather information both for analysis of discovered vulnerabilities and for detecting novel cybersecurity threats a

CISA BOD 26-04: Frequently asked questions about the new risk-based patching directive

CISA issued BOD 26-04, which replaces BOD 22-01 with a four-variable vulnerability prioritization model requiring federal agencies to patch the most dangerous vulnerabilities in as few as three days. Key takeaways BOD 26-04 replaces

A tale of two eras

Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating

When Your AI Agent’s Memory Becomes a Security Liability

Key Findings: Check Point Research identified a critical vulnerability chain in LangGraph, an open-source framework from the creators of LangChain that enables developers to build complex, stateful, and controllable AI agent workflows using

Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Introduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the do

JailbreakOPT: Tool-Assisted Iterative Jailbreak Prompt Optimization

arXiv:2606.11425v1 Announce Type: new Abstract: Jailbreak attacks expose persistent safety weaknesses in large language models (LLMs), but existing stateless single-turn methods face a trade-off: hand-crafted prompts are expressive but stat

Evaluating and Combating the Impact of Concept Drift on the Performance of Machine Learning-Based Phishing Detection Systems

arXiv:2606.11471v1 Announce Type: new Abstract: The expansion of the digital domain has resulted in a substantial increase in digital communication, with email emerging as one of the most prominent channels. The proliferation of email commu

WHET: Welding Homomorphic Encryption to Accelerator Architectures

arXiv:2606.11541v1 Announce Type: new Abstract: Fully homomorphic encryption (FHE) enables computations on encrypted data without decryption, offering strong data privacy at the expense of substantial computational and memory overheads. Pri

T2S: A Rehearsal-Based Approach for Extraction-Resistant Model Watermarking

arXiv:2606.11698v1 Announce Type: new Abstract: Model watermarking safeguards AI model intellectual property by embedding distinctive knowledge that induces unique behavioral signatures. The primary technical challenge lies in ensuring wate

Grammar-Constrained Decoding Can Jailbreak LLMs into Generating Malicious Code

arXiv:2606.11817v1 Announce Type: new Abstract: Large Language Models (LLMs) are increasingly used for code generation, raising concerns that they may be misused to produce malicious code. Meanwhile, Grammar-Constrained Decoding (GCD) has b

WarpGuard: Protected-Site Control-Flow Integrity for CUDA SASS Binaries

arXiv:2606.11871v1 Announce Type: new Abstract: Recent CUDA exploitation work shows that GPU memory bugs can escalate into device-side control-flow corruption, as kernels later consume corrupted return continuations, function pointers, disp

On the Study of Biometric Spoofing Detection using Deep Learning

arXiv:2606.11505v1 Announce Type: cross Abstract: Biometric systems are increasingly deployed in security applications; however, they remain vulnerable to spoofing attacks, in which attackers exploit counterfeit biometric data to gain unaut

Adv-TGD: Adversarial Text-Guided Diffusion for Face Recognition Impersonation Attacks

arXiv:2606.11615v1 Announce Type: cross Abstract: The widespread adoption of face recognition (FR) technologies raises serious privacy concerns, as facial data can be exploited without consent. To address this challenge, we propose Adv-TGD,

Mind your key: An Empirical Study of LLM API Credential Leakage in iOS Apps

arXiv:2606.12212v1 Announce Type: cross Abstract: The rapid integration of large language models (LLMs) into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LL

Reinforcement Learning Disrupts Gradient-Based Adversarial Optimization

arXiv:2606.12251v1 Announce Type: cross Abstract: Gradient-based adversarial attacks remain a dominant threat to deep neural networks (DNNs), as they exploit gradient information to efficiently optimize adversarial perturbations. To address

Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts

arXiv:2504.13398v4 Announce Type: replace Abstract: Most blockchains cannot hide the binary code of programs (i.e., smart contracts) running on them. To conceal proprietary business logic and to potentially deter attacks, many smart contrac

Cryptographic transformations over polyadic rings

arXiv:2512.12580v2 Announce Type: replace Abstract: This article introduces a novel cryptographic paradigm based on nonderived polyadic algebraic structures. Traditional cryptosystems rely on binary operations within groups, rings, or field

"Do Not Mention This to the User": Detecting and Understanding Malicious Agent Skills in the Wild

arXiv:2602.06547v4 Announce Type: replace Abstract: LLM-based coding agents increasingly rely on third-party extensions called skills, which bundle natural language instructions and helper scripts that execute with full user privileges. Com

Bypassing Prompt Guards in Production with Controlled-Release Prompting

arXiv:2510.01529v4 Announce Type: replace-cross Abstract: Ball et al. recently established that prompt filtering for AI alignment faces a fundamental barrier: under standard cryptographic assumptions, no filter running significantly faster

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Overview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendor website is an "in-line gateway that manages, encrypts, and s

CVE-2026-10520 · CVE-2026-10523 · CVE-2023-38035 · CVE-2020-15505

The Human Vulnerabilities & Exploits (HVE) Framework

arXiv:2606.10083v1 Announce Type: new Abstract: The cybersecurity community has invested over two decades in building standardized frameworks, the Common Vulnerabilities and Exposures (CVE) system, the Common Vulnerability Scoring System (C

RadKey: An LLM-Guided RF Backscatter System for Through-Wall Keystroke Inference

arXiv:2606.10148v1 Announce Type: new Abstract: In today's digitally connected world, keyboards remain the primary interface for inputting sensitive information, making them a persistent target for eavesdropping attacks. While prior keystro

Assessing Automated Prompt Injection Attacks in Agentic Environments

arXiv:2606.10525v1 Announce Type: new Abstract: Indirect prompt injection poses a critical threat to LLM agents that interact with untrusted external data, yet automated attack methods--proven effective for jailbreaking--remain underexplore

Context-Based Adversarial Attacks on AI Code Generators: Vulnerability Analysis and Implications

arXiv:2606.10945v1 Announce Type: new Abstract: AI-powered code generation systems have transformed software development but introduce critical inference-time security vulnerabilities. This research presents a systematic investigation of co

When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems

arXiv:2606.11022v1 Announce Type: new Abstract: Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered.

A Longitudinal Study of Recently Observed Malicious Domains: Characteristics, Infrastructure, and Abuse Patterns

arXiv:2606.11111v1 Announce Type: new Abstract: We present a longitudinal study of approximately 1.52 million malicious domains observed on VirusTotal (VT) between January and May 2026. Domains were selected on the basis of detection by at

In Defense of Information Leakage in Concept-based Models

arXiv:2606.10669v1 Announce Type: cross Abstract: Concept-based models (CMs), deep neural networks that ground their predictions on representations aligned with human-understandable concepts (e.g., "round", "stripes", etc.), have been shown

Personalized 3D Spatiotemporal Trajectory Privacy Protection with Differential and Distortion Geo-Perturbation

arXiv:2511.22180v2 Announce Type: replace Abstract: The rapid advancement of location-based services (LBSs) in three-dimensional (3D) domains, such as smart cities and intelligent transportation, has raised concerns over 3D spatiotemporal t

Best Software Composition Analysis Services: Top 8 in 2026

What are software composition analysis services? Software Composition Analysis (SCA) services are automated tools that scan codebases to find, identify, and manage open-source components, detecting security vulnerabilities (CVEs), licensing

Microsoft Patch Tuesday for June 2026 - Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for June 2026, which includes 206 vulnerabilities affecting a range of products, including 32 that Microsoft marked as "critical". Out of 32 "critical" entries, 28 are remote code execution

CVE-2026-42985 · CVE-2026-47291 · CVE-2026-44803 · CVE-2026-44812 · CVE-2026-42992

Patch Tuesday - June 2026

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month's Patch

CVE-2026-33825 · CVE-2026-45585 · CVE-2026-45498 · CVE-2026-41091

Rapid7 Gains Access To Anthropic's Project Glasswing To Explore Frontier AI For Cybersecurity

Wade Woolwine is Senior Director, Product Security at Rapid7. Rapid7 is excited to join Anthropic's Project Glasswing, which includes access to Claude Mythos Preview, giving our teams the opportunity to explore how frontier AI can support l

ScaleDisturb: Exploiting Temporal Asymmetry to Amplify Read Disturbance in Modern DRAM Chips

arXiv:2606.07761v1 Announce Type: new Abstract: DRAM suffers from read disturbance phenomena (e.g., RowHammer and RowPress), where repeatedly accessing or continuously keeping open a DRAM row (aggressor row) induces bitflips in other physic

SoK: Reconstruction Attacks on Synthetic Tabular Data (Insights from Winning the NIST CRC)

arXiv:2606.08372v1 Announce Type: new Abstract: Synthetic data is increasingly promoted as a privacy-preserving substitute for releasing sensitive tabular records, yet its central adversarial threat ("reconstruction", the recovery of an ind

Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection

arXiv:2606.08403v1 Announce Type: new Abstract: Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection fa

AutoSUT: The Environment Semantics Gap in Structured CTI for Adversary Emulation

arXiv:2606.08700v1 Announce Type: new Abstract: Structured Cyber Threat Intelligence (CTI) is increasingly used for adversary emulation, detection evaluation, and cyber range design. However, these workflows still require a target System Un

Hardening Agent Benchmarks with Adversarial Hacker-Fixer Loops

arXiv:2606.08960v1 Announce Type: new Abstract: Agent benchmarks score submissions with outcome verifiers that are typically hand-written and brittle, leaving them open to reward hacking. We audit 1,968 tasks across five terminal-agent benc

Customization under Fire: Plugin Poisoning in Text-to-Image Ecosystem

arXiv:2606.09151v1 Announce Type: new Abstract: The prosperity of text-to-image (T2I) models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation (LoRA) plugins, which allow users to customize and share model capa

Security-First Approach to API Pipeline Development with Zero-Trust Architecture

arXiv:2606.09062v1 Announce Type: new Abstract: Modern enterprises face an accelerating onslaught of API-targeted threats amid a rapidly expanding attack surface. Record volumes of software vulnerabilities continue to accelerate dramaticall

Context-Fractured Decomposition Attacks on Tool-Using LLM Agents: Exploiting Artifact Provenance Gaps

arXiv:2606.09084v1 Announce Type: new Abstract: Tool-using LLM agents interact with the world through actions that persist state in artifacts (e.g., workspace files or logs). Consequently, jailbreak defenses must reason about cross-step com

Steganography Without Modification: Hidden Communication via LLM Seeds

arXiv:2606.09135v1 Announce Type: new Abstract: We demonstrate that widely deployed Large Language Model (LLM) inference stacks harbor a steganographic channel that requires no modification to model weights, sampling code, or output distrib

What the Eyes See, the LLMs Miss: Exploiting Human Perception for Adversarial Text Attacks

arXiv:2606.09700v1 Announce Type: new Abstract: Large language model (LLM)-powered content moderation systems have become a critical defense against harmful online content. However, these systems primarily operate on tokenized text and larg