Zero-Day on Security Unlocked

Zero-Day on Security Unlockedhttps://securityunlocked.com/tags/zero-day/Recent content in Zero-Day on Security UnlockedHugoen-usThu, 14 May 2026 00:00:00 +0000AI Writes the Exploit: UNC2814's Gemini Zero-Day and the Automation Gap That Just Closedhttps://securityunlocked.com/weekly-intelligence/ai-writes-the-exploit-unc2814s-gemini-zero-day-and-the-automation-gap-that-just-closed/Thu, 14 May 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/ai-writes-the-exploit-unc2814s-gemini-zero-day-and-the-automation-gap-that-just-closed/Google GTIG’s confirmation of the first AI-generated zero-day deployed in a live attack closes the loop on Monday’s AI agent vulnerability wave, connecting the attack surface (vulnerable AI frameworks) to the attack tool (AI-generated exploits) in the same reporting week.Palo Alto Captive Portal Zero-Day Under Active Chinese-Linked Exploitation, First Patches May 13https://securityunlocked.com/alerts/palo-alto-captive-portal-zero-day-under-active-chinese-linked-exploitation-first-patches-may-13/Fri, 08 May 2026 13:00:00 +0000https://securityunlocked.com/alerts/palo-alto-captive-portal-zero-day-under-active-chinese-linked-exploitation-first-patches-may-13/CVE-2026-0300 (CVSS 9.3) is an unauthenticated, root-level RCE in the PAN-OS User-ID Authentication Portal of PA-Series and VM-Series firewalls, under active exploitation by a likely China-aligned cluster Unit 42 tracks as CL-STA-1132. First hotfixes ship May 13. Anything with the Captive Portal exposed to untrusted networks needs immediate mitigation.LiteLLM's 36-Hour Exploitation Window Confirms the AI Attack Surface Has Moved Up the Stackhttps://securityunlocked.com/weekly-intelligence/litellms-36-hour-exploitation-window-confirms-the-ai-attack-surface-has-moved-up-the-stack/Thu, 30 Apr 2026 00:00:00 +0000https://securityunlocked.com/weekly-intelligence/litellms-36-hour-exploitation-window-confirms-the-ai-attack-surface-has-moved-up-the-stack/The rapid exploitation of CVE-2026-42208 in LiteLLM marks the first confirmed weaponization of the AI API proxy layer, while TeamPCP’s new ransomware partnership turns out to be a wiper with no recovery path.Three Critical Exploits Hit Management Planes and Endpointshttps://securityunlocked.com/alerts/three-critical-exploits-hit-management-planes-and-endpoints/Sun, 26 Apr 2026 16:00:00 +0000https://securityunlocked.com/alerts/three-critical-exploits-hit-management-planes-and-endpoints/Three critical vulnerabilities under active exploitation target FortiClient EMS, Adobe Acrobat Reader, and nginx-ui, collectively exposing enterprise management planes and endpoints to unauthenticated remote code execution.Defenders Under Siege: How Adversaries Turned Security Tools Into Weapons This Weekhttps://securityunlocked.com/articles/defenders-under-siege-how-adversaries-turned-security-tools-into-weapons-this-week/Tue, 21 Apr 2026 00:00:00 +0000https://securityunlocked.com/articles/defenders-under-siege-how-adversaries-turned-security-tools-into-weapons-this-week/Three incidents this week reveal the same strategic pattern: attackers turning trusted defensive infrastructure into weapons. Microsoft Defender zero-days, the Trivy scanner compromise that breached the European Commission, and UNC6783’s live-chat social engineering all exploit a cognitive constant: defenders don’t question the tools they depend on.