Latest

GitHub Disables 73 Microsoft Repositories in 105 Seconds After Miasma Worm Compromises Azure Infrastructure and Breaks CI/CD Pipelines

Threats

GitHub Disables 73 Microsoft Repositories in 105 Seconds After Miasma Worm Compromises Azure Infrastructure and Breaks CI/CD Pipelines

GitHub has disabled 73 Microsoft repositories after the Miasma worm infiltrated Azure infrastructure through a compromised contributor account, breaking CI/CD pipelines across the Azure Functions ecosystem and triggering remote code execution on developer machines that opened the infected repos in IDEs and AI coding tools. The attack began on

By Zero Day Wire
Five Eyes Warn Chinese Military Intelligence Recruiting Government and Military Personnel Through Fake Job Offers on LinkedIn and Indeed

Threats

Five Eyes Warn Chinese Military Intelligence Recruiting Government and Military Personnel Through Fake Job Offers on LinkedIn and Indeed

The intelligence agencies of all five Five Eyes nations have issued a joint alert warning that Chinese military intelligence officers are conducting coordinated recruitment campaigns on professional networking platforms, targeting government and military personnel with access to classified or privileged information. The alert — co-authored by the FBI, MI5, the

By Zero Day Wire
PAN-OS Authentication Bypass Under Active Exploitation — Attackers Initiating Unauthorized VPN Sessions via GlobalProtect (CVE-2026-0257)

Alerts

PAN-OS Authentication Bypass Under Active Exploitation — Attackers Initiating Unauthorized VPN Sessions via GlobalProtect (CVE-2026-0257)

Palo Alto Networks Unit 42 has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability in the portal and gateway components of PAN-OS that allows unauthorized attackers to circumvent security controls and initiate VPN connections through GlobalProtect. CISA added the flaw to its Known Exploited Vulnerabilities catalog

By Zero Day Wire
Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

Threats

Nx Console VS Code Extension Compromised — 2.2 Million Installs Exposed to Credential Stealer With Sigstore Supply Chain Poisoning Capability

A compromised version of the Nx Console extension — a popular VS Code plugin with over 2.2 million installations — was published to the Visual Studio Code Marketplace after an attacker leveraged stolen developer credentials to inject a multi-stage credential stealer into the official nrwl/nx GitHub repository. The malicious

By Zero Day Wire
Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Threats

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first

By Zero Day Wire
Chaotic Eclipse Releases MiniPlasma — A Five-Year-Old Windows Zero-Day That Still Grants SYSTEM Privileges on Fully Patched Systems

Alerts

Chaotic Eclipse Releases MiniPlasma — A Five-Year-Old Windows Zero-Day That Still Grants SYSTEM Privileges on Fully Patched Systems

Chaotic Eclipse has released a third wave of Windows zero-day disclosures, publishing a proof-of-concept for a privilege escalation vulnerability codenamed MiniPlasma that grants SYSTEM privileges on fully patched Windows systems — including those running the latest May 2026 updates. The flaw resides in cldflt.sys, the Windows Cloud

By Zero Day Wire
FamousSparrow Targets Azerbaijani Oil and Gas Firm in Three-Wave Campaign Using ProxyNotShell, Deed RAT, and Kernel-Level Rootkit

Threats

FamousSparrow Targets Azerbaijani Oil and Gas Firm in Three-Wave Campaign Using ProxyNotShell, Deed RAT, and Kernel-Level Rootkit

Bitdefender Labs has documented a sustained espionage campaign by Chinese-aligned APT group FamousSparrow against an oil and gas company in Azerbaijan, carried out across three distinct waves between December 2025 and February 2026. The campaign marks a strategic pivot for the group toward South Caucasus energy infrastructure and demonstrates

By Zero Day Wire
Chaotic Eclipse Returns With Two More Windows Zero-Days — BitLocker Bypass YellowKey and CTFMON Privilege Escalation GreenPlasma

Alerts

Chaotic Eclipse Returns With Two More Windows Zero-Days — BitLocker Bypass YellowKey and CTFMON Privilege Escalation GreenPlasma

The anonymous security researcher known as Chaotic Eclipse — responsible for the BlueHammer, RedSun, and UnDefend Microsoft Defender zero-days that ZDW covered last month — has returned with two additional Windows zero-days, escalating an increasingly public confrontation with Microsoft over vulnerability disclosure handling. The first vulnerability, codenamed YellowKey, is a

By Zero Day Wire