Zero Day

Grafana Labs hit by security breach: hackers stole privileged GitHub token, downloaded private code, then demanded ransom. The company disclosed the incident publicly.

DEVCORE dominates Pwn2Own Berlin 2026, claiming Master of Pwn title. 47 zero-days discovered, $1.3M paid out in three intense days of hacking competition.

CISA has added CVE-2026-42897, an actively exploited Microsoft Exchange Server XSS vulnerability, to its Known Exploited Vulnerabilities catalog. Federal agencies have until May 29, 2026 to remediate the flaw, which enables spoofing attacks via Outlook Web Access.

Day 3 of Pwn2Own Berlin 2026 wraps up with $908,750 awarded for 39 zero-days. Teams exploited Red Hat Linux and Windows 11 as the competition nears the million-dollar mark.

Microsoft reveals Exchange Server zero-day being actively exploited. Attackers use XSS to execute arbitrary code targeting Outlook on the web. Patch now.

Day Two of Pwn2Own Berlin 2026: $523K awarded for 24 zero-days on Day One. SharePoint, Exchange, and Safari under attack today. The race for Master of Pwn intensifies

Cisco SD-WAN controllers under active zero-day attack. Critical auth bypass flaw lets attackers grab admin access. Patch immediately if you’re running affected versions.

Windows 11 and Microsoft Edge fall to hackers at Pwn2Own Berlin. Day one: $523K paid out for 24 zero-day exploits. The bugs are real and they’re spectacular.