zero-day
Safeguard articles tagged "zero-day" — guides, analysis, and best practices for software supply chain and application security.
80 articles
Patch Tuesday June 2026: ~200 Flaws, 6 Zero-Days, and a Wormable Kernel RCE
Microsoft's June 2026 Patch Tuesday is among the largest on record — roughly 200 fixes, six zero-days including one exploited in the wild, and a top-severity Windows Kernel RCE. Here's what actually matters.
Zero-Day Alert: Chrome V8 CVE-2026-11645 Is Being Exploited in the Wild
Google shipped an emergency Chrome update for CVE-2026-11645, an out-of-bounds memory bug in V8 already exploited in the wild. Here is what the CVE actually means and why your browser patch window just shrank to days.
Check Point VPN Zero-Day CVE-2026-50751: Auth Bypass Under Active Exploitation
Check Point's CVE-2026-50751 lets an attacker dictate how hard the gateway checks them — and walk in without a password. It is rated CVSS 9.3, exploited since early May 2026, and already tied to a Qilin ransomware affiliate.
Zero-Day Discovery With LLM-Augmented Reachability: A Safeguard Engine Walkthrough
Pattern-matching scanners miss zero-days by definition. An engine that follows taint across package boundaries plus a model that hypothesizes exploit conditions can find what either would miss alone. Here is how that pipeline works end to end.
Pattern Scanners Can't Find Zero-Days. This Can.
Signature-based scanners only know what other people have already named. Here is the architectural reason they cannot find zero-days, and what actually does.
Anthropic's Mythos Vulnerability Scanner: An Honest Assessment of Strengths, Weaknesses, and Reasons to Be Cautious
Anthropic's Mythos model is generating buzz for AI-powered vulnerability detection. We break down what it does well, where it struggles, and why security teams should approach the results with healthy skepticism.
The Limits of Single-Model Vulnerability Scanning: A Technical Analysis of the Mythos Approach
Anthropic's Mythos model claims to find vulnerabilities in open-source code using a single LLM. We analyze where this approach falls short and why production-grade zero-day discovery requires Safeguard's Multi-Agent TAOR Deep Think AI Engine.
Launching Zero-Day Discovery: How Safeguard's Multi-Agent TAOR Deep Think AI Engine Finds Vulnerabilities Before Anyone Else
Safeguard launches its Zero-Day Discovery Engine, powered by the Multi-Agent TAOR Deep Think AI Engine — a multi-lead, multi-sub-agent architecture that performs deep CWE analysis on open-source packages to uncover vulnerabilities that traditional scanners miss.
Zero-Day Discovery In Your Dependency Graph
Most zero-days that hurt enterprises in 2026 live three or four hops deep in the dependency graph. Here is what it takes to actually find them there.
What is an Exploit
An exploit is code that weaponizes a vulnerability. Learn how exploits differ from CVEs, how attackers acquire them, and how to prioritize real exploitation risk.
From CVE To Zero-Day: The Pipeline Flip
Most security pipelines are organised around CVEs that already exist. Here is what changes when you flip the pipeline to surface zero-days first instead.
Responsible Disclosure For Discovered Zero-Days
When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.