Safeguard
Tag

zero-day

Safeguard articles tagged "zero-day" — guides, analysis, and best practices for software supply chain and application security.

79 articles

Vulnerability Analysis

Confluence Broken Access Control Zero-Day (CVE-2023-22515) Explained

CVE-2023-22515 let unauthenticated attackers create rogue administrator accounts on Confluence Data Center and Server. Here's the broken-access-control flaw and how to fix it.

Jul 7, 20265 min read
Vulnerability Analysis

Cisco IOS XE CVE-2023-20198 Explained: The Web UI Privilege Escalation Zero-Day

CVE-2023-20198 is an unauthenticated privilege escalation in the Cisco IOS XE Web UI, rated CVSS 10.0, that let attackers implant tens of thousands of devices in days. Here is how it worked and how to remediate.

Jul 3, 20266 min read
Vulnerability Analysis

WebP (CVE-2023-4863) Explained: The libwebp Heap Overflow That Patched the Web

CVE-2023-4863 was an actively exploited heap buffer overflow in libwebp's Huffman decoder. Because the codec is vendored everywhere, one bug forced emergency patches across browsers and apps.

Jul 3, 20266 min read
Threat Intelligence

2026 Mid-Year Threat Landscape: Supply-Chain Worms, Agentic AI, and Edge Zero-Days

A defender's synthesis of the first half of 2026 — self-propagating package worms, the agentic-AI access-control problem, edge-appliance zero-days, and a healthcare ransomware surge — and what to prioritize next.

Jun 24, 20265 min read
Threat Intelligence

TeamPCP: Running a Software Supply Chain Attack Like a Production Pipeline

TeamPCP (UNC6780) is the most active actor in the 2026 supply chain corpus, weaponizing the tools developers trust most. Here is how the operation works, and why a zero-CVE campaign breaks the model most teams still rely on.

Jun 23, 20267 min read
AI Security

Agentic AI Security: Why Architecture Beats Model Size in Vulnerability Discovery

The CyberGym leaderboard shows the lead in AI vulnerability discovery moving to multi-agent orchestration, not raw model scale. Here is what that means for security teams betting on agentic AI.

Jun 21, 20267 min read
Industry Events

Hacker Summer Camp 2026 Survival Guide: OPSEC for Black Hat, DEF CON 34 and BSides

A practical, opinionated field guide to surviving Hacker Summer Camp in Las Vegas this August — device hygiene, network OPSEC, talk selection, and pacing — with a preview of the AI agent and supply chain themes likely to dominate the floor.

Jun 18, 20267 min read
Vulnerabilities

Edge Appliances Are the Soft Underbelly: VPN Zero-Days as Initial Access in 2026

Check Point's CVE-2026-50751 and Cisco's seventh SD-WAN zero-day of the year are not isolated bugs — they are the same story. Here is why VPN and edge appliances keep becoming the front door for ransomware, and how to monitor and segment them.

Jun 17, 20267 min read
Vulnerabilities

Squidbleed (CVE-2026-47729): A 1997 Default Comes Back to Bite Squid

A one-line FTP-parsing bug from 1997 lets any user of a shared Squid proxy read other people's cleartext HTTP requests. We break down the root cause, why ancient defaults survive, and how to remediate.

Jun 15, 20267 min read
Vulnerabilities

CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day File-Write Exploited in the Wild

Cisco confirmed limited in-the-wild exploitation of CVE-2026-20262, an arbitrary file-write zero-day in Catalyst SD-WAN Manager, alongside CVE-2026-20245. Here's what the chain actually buys an attacker and why edge management planes keep ending up on the KEV list.

Jun 14, 20267 min read
Vulnerabilities

Defender 'RoguePlanet' Zero-Day (CVE-2026-50656): SYSTEM on Fully Patched Windows

A race condition in Microsoft Defender, dubbed RoguePlanet, reportedly hands attackers SYSTEM privileges on fully updated Windows. We break down what is confirmed, what is still hedged, and what to do while the patch is in development.

Jun 13, 20267 min read
Vulnerabilities

CVE-2026-45657: The Wormable-Class Windows Kernel RCE You Should Patch This Week

A CVSS 9.8 zero-day-grade remote code execution flaw in the Windows kernel's TCP/IP path lets unauthenticated attackers run code as SYSTEM with no user interaction. Here's what's confirmed, what's hype, and what to do now.

Jun 12, 20267 min read
zero-day — Safeguard Blog