Security researchers have seen the vulnerabilities being exploited to deliver shells, conduct reconnaissance, and download malware.
The post Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025 appeared first on SecurityWeek.
The title of the post isβWhat AI Security Research Looks Like When It Works,β and I agree:
In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These werenβt trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing thatβs potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NISTβs CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from Eric Youngβs original SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Googleβs.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.
AI vulnerability finding is changing cybersecurity, faster than expected. This capability will be used by both offense and defense.
More.
GTIG and Mandiant said the zero-day tracked as CVE-2026-22769 has been exploited by UNC6201 since at least 2024.
The post Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group appeared first on SecurityWeek.
A Chrome 145 update fixes CVE-2026-2441, a vulnerability that can likely be exploited for arbitrary code execution.
The post Google Patches First Actively Exploited Chrome Zero-Day of 2026 appeared first on SecurityWeek.
Impacting the βdyldβ system component, the memory corruption issue can be exploited for arbitrary code execution.
The post Apple Patches iOS Zero-Day Exploited in βExtremely Sophisticated Attackβ appeared first on SecurityWeek.
This is amazing:
Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bugs at scale. But what stood out in early testing is how quickly Opus 4.6 found vulnerabilities out of the box without task-specific tooling, custom scaffolding, or specialized prompting. Even more interesting is how it found them. Fuzzers work by throwing massive amounts of random inputs at code to see what breaks. Opus 4.6 reads and reasons about code the way a human researcher wouldΒβlooking at past fixes to find similar bugs that werenβt addressed, spotting patterns that tend to cause problems, or understanding a piece of logic well enough to know exactly what input would break it. When we pointed Opus 4.6 at some of the most well-tested codebases (projects that have had fuzzers running against them for years, accumulating millions of hours of CPU time), Opus 4.6 found high-severity vulnerabilities, some that had gone undetected for decades.
The details of how Claude Opus 4.6 found these zero-days is the interesting partβread the whole blog post.
News article.
The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely.
The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.
Tracked as CVE-2026-24858, the bug allows attackers to log into devices registered to other FortiCloud accounts.
The post Fortinet Patches Exploited FortiCloud SSO Authentication Bypass appeared first on SecurityWeek.
The vulnerability is tracked as CVE-2026-21509 and it can be exploited to bypass security features.Β
The post Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks appeared first on SecurityWeek.
Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.
The post Hackers Targeting Cisco Unified CM Zero-DayΒ appeared first on SecurityWeek.
Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released.
The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek.
Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days.
The post Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure appeared first on SecurityWeek.
Login
