zero-day
Safeguard articles tagged "zero-day" — guides, analysis, and best practices for software supply chain and application security.
80 articles
CVE-2023-4863: The libwebp Zero-Day That Hit Chrome and More
CVE-2023-4863 was a heap buffer overflow in libwebp's Huffman decoding that was exploited as a zero-day in the wild — and because libwebp sits inside Chrome, Firefox, and countless Electron apps, one library bug became an ecosystem-wide emergency patch.
SonicWall SMA 1000 Zero-Day: CVE-2025-23006 Pre-Auth RCE
SonicWall disclosed CVE-2025-23006, a critical deserialization vulnerability in its SMA 1000 series gateways that was actively exploited as a zero-day before patches were available.
Fortinet FortiGate Authentication Bypass: CVE-2024-55591 Explained
A critical authentication bypass in FortiOS and FortiProxy allowed attackers to gain super-admin privileges via crafted Node.js websocket requests. Here's what happened and how to protect your infrastructure.
Ivanti Connect Secure Zero-Day: CVE-2025-0282 Under Active Exploitation
A stack-based buffer overflow in Ivanti Connect Secure allowed unauthenticated remote code execution. Chinese threat actors exploited it before any patch existed.
Vulnerability Exploitation Trends in 2024: What the Data Shows
Analysis of 2024 vulnerability exploitation patterns reveals faster weaponization timelines, shifting target profiles, and the growing importance of edge device vulnerabilities.
Coordinated Disclosure Zero-Day Playbook
A playbook for coordinated disclosure of zero-day vulnerabilities, covering timelines, stakeholder management, embargo discipline, and the judgement calls in between.
FortiJump: CVE-2024-47575 FortiManager Zero-Day Exploited at Scale
CVE-2024-47575, dubbed FortiJump, allowed unauthenticated attackers to execute commands on FortiManager devices. Mandiant confirmed exploitation by a new threat cluster targeting managed Fortinet infrastructure.
Ivanti Cloud Services Appliance CVE-2024-8963: Chained Exploitation
Ivanti's Cloud Services Appliance faced chained zero-day exploitation in September 2024, with attackers combining path traversal and command injection for unauthenticated RCE.
Cisco ASA Firepower Zero-Day Trends, 2024 Edition
Six zero-days against ASA and FTD in 2024, two tied to ArcaneDoor. We chart the trend, the CVSS distribution, and the patch-to-exploit gap.
Check Point VPN Zero-Day CVE-2024-24919: Information Disclosure Under Active Exploitation
A critical information disclosure vulnerability in Check Point VPN products allowed attackers to read sensitive files including password hashes, enabling lateral movement into enterprise networks.
Taint Analysis for Zero-Day Discovery: A Primer
A practitioner's walk-through of taint analysis as a zero-day discovery technique, from classic Livshits and Lam foundations to modern flow-sensitive engines.
Palo Alto GlobalProtect Zero-Day: Response Timeline
CVE-2024-3400 hit GlobalProtect with pre-auth RCE and ongoing exploitation. Here is the response timeline, the UPSTYLE tradecraft, and what worked.