zero-day
Safeguard articles tagged "zero-day" — guides, analysis, and best practices for software supply chain and application security.
79 articles
Confluence Broken Access Control Zero-Day (CVE-2023-22515) Explained
CVE-2023-22515 let unauthenticated attackers create rogue administrator accounts on Confluence Data Center and Server. Here's the broken-access-control flaw and how to fix it.
Cisco IOS XE CVE-2023-20198 Explained: The Web UI Privilege Escalation Zero-Day
CVE-2023-20198 is an unauthenticated privilege escalation in the Cisco IOS XE Web UI, rated CVSS 10.0, that let attackers implant tens of thousands of devices in days. Here is how it worked and how to remediate.
WebP (CVE-2023-4863) Explained: The libwebp Heap Overflow That Patched the Web
CVE-2023-4863 was an actively exploited heap buffer overflow in libwebp's Huffman decoder. Because the codec is vendored everywhere, one bug forced emergency patches across browsers and apps.
2026 Mid-Year Threat Landscape: Supply-Chain Worms, Agentic AI, and Edge Zero-Days
A defender's synthesis of the first half of 2026 — self-propagating package worms, the agentic-AI access-control problem, edge-appliance zero-days, and a healthcare ransomware surge — and what to prioritize next.
TeamPCP: Running a Software Supply Chain Attack Like a Production Pipeline
TeamPCP (UNC6780) is the most active actor in the 2026 supply chain corpus, weaponizing the tools developers trust most. Here is how the operation works, and why a zero-CVE campaign breaks the model most teams still rely on.
Agentic AI Security: Why Architecture Beats Model Size in Vulnerability Discovery
The CyberGym leaderboard shows the lead in AI vulnerability discovery moving to multi-agent orchestration, not raw model scale. Here is what that means for security teams betting on agentic AI.
Hacker Summer Camp 2026 Survival Guide: OPSEC for Black Hat, DEF CON 34 and BSides
A practical, opinionated field guide to surviving Hacker Summer Camp in Las Vegas this August — device hygiene, network OPSEC, talk selection, and pacing — with a preview of the AI agent and supply chain themes likely to dominate the floor.
Edge Appliances Are the Soft Underbelly: VPN Zero-Days as Initial Access in 2026
Check Point's CVE-2026-50751 and Cisco's seventh SD-WAN zero-day of the year are not isolated bugs — they are the same story. Here is why VPN and edge appliances keep becoming the front door for ransomware, and how to monitor and segment them.
Squidbleed (CVE-2026-47729): A 1997 Default Comes Back to Bite Squid
A one-line FTP-parsing bug from 1997 lets any user of a shared Squid proxy read other people's cleartext HTTP requests. We break down the root cause, why ancient defaults survive, and how to remediate.
CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day File-Write Exploited in the Wild
Cisco confirmed limited in-the-wild exploitation of CVE-2026-20262, an arbitrary file-write zero-day in Catalyst SD-WAN Manager, alongside CVE-2026-20245. Here's what the chain actually buys an attacker and why edge management planes keep ending up on the KEV list.
Defender 'RoguePlanet' Zero-Day (CVE-2026-50656): SYSTEM on Fully Patched Windows
A race condition in Microsoft Defender, dubbed RoguePlanet, reportedly hands attackers SYSTEM privileges on fully updated Windows. We break down what is confirmed, what is still hedged, and what to do while the patch is in development.
CVE-2026-45657: The Wormable-Class Windows Kernel RCE You Should Patch This Week
A CVSS 9.8 zero-day-grade remote code execution flaw in the Windows kernel's TCP/IP path lets unauthenticated attackers run code as SYSTEM with no user interaction. Here's what's confirmed, what's hype, and what to do now.