logo

Zero Day Initiative (ZDI) Blog

ID: d09f93f8-3031-5489-938a-2f6faf2eb313

STIX ID: identity--d09f93f8-3031-5489-938a-2f6faf2eb313

Feed Type: rss

Earliest post: 2023-10-23

Latest post: 2026-05-16

Expert vulnerability research, exploit analysis, and security advisories from the ZDI team — featuring zero-day discoveries, patch insights, and trends in vulnerability mitigation.

01/01/2020
06/04/2026
Title Date Published Describes IncidentAuthorVisible
The May 2026 Security Update Review2026-05-12TrueDustin ChildsTrue
The Apple macOS Security Update Review2026-05-12TrueDustin ChildsTrue
CVE-2026-33824: Remote Code Execution in Windows IKEv22026-04-23TrueTrendAI Research TeamTrue
The April 2026 Security Update Review2026-04-14TrueDustin ChildsTrue
Node.js Trust Falls: Dangerous Module Resolution on Windows2026-04-08TrueBobby Gould and Michael DePlanteTrue
The March 2026 Security Update Review2026-03-10TrueDustin ChildsTrue
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad2026-02-19TrueTrendAI Research TeamTrue
The February 2026 Security Update Review2026-02-10TrueDustin ChildsTrue
CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall2026-02-05TrueTrendAI Research TeamTrue
Pwn2Own Automotive 2026 - Day Two Results2026-01-22TrueDustin ChildsTrue
The January 2026 Security Update Review2026-01-13TrueDustin ChildsTrue
The December 2025 Security Update Review2025-12-09TrueDustin ChildsTrue
The November 2025 Security Update Review2025-11-11TrueDustin ChildsTrue
Pwn2Own Ireland 2025 - Day Two Results2025-10-22TrueDustin ChildsTrue
Pwn2Own Ireland 2025: Day One Results2025-10-21TrueDustin ChildsTrue
The October 2025 Security Update Review2025-10-14TrueDustin ChildsTrue
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing2025-10-08TrueSimon ZuckerbraunTrue
CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin2025-09-24TruePeter GirnusTrue
The September 2025 Security Update Review2025-09-09TrueDustin ChildsTrue
The August 2025 Security Update Review2025-08-12TrueDustin ChildsTrue
CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability2025-07-25TrueBobby GouldTrue
CVE-2025-4919: Corruption via Math Space in Mozilla Firefox2025-07-15TrueHossein LotfiTrue
The July 2025 Security Update Review2025-07-08TrueDustin ChildsTrue
The June 2025 Security Update Review2025-06-10TrueDustin ChildsTrue
Pwn2Own Berlin 2025: Day One Results2025-05-15TrueDustin ChildsTrue
The May 2025 Security Update Review2025-05-13TrueDustin ChildsTrue
CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS 2025-05-07TrueTrend Micro Research TeamTrue
The April 2025 Security Update Review2025-04-08TrueDustin ChildsTrue
The March 2025 Security Update Review2025-03-11TrueDustin ChildsTrue
CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy 2025-03-04TrueTrend Micro Research TeamTrue
The February 2025 Security Update Review2025-02-11TrueDustin ChildsTrue
Pwn2Own Automotive 2025 - Day Three and Final Results2025-01-24TrueDustin ChildsTrue
Pwn2Own Automotive 2025 - Day Two Results2025-01-23TrueDustin ChildsTrue
Pwn2Own Automotive 2025 - Day One Results2025-01-22TrueDustin ChildsTrue
Reviewing the Attack Surface of the Autel MaxiCharger: Part Two2025-01-16TrueConnor FordTrue
The January 2025 Security Update Review2025-01-14TrueDustin ChildsTrue
ZDI Threat Hunting 2024: Highlights, Trends, & Challenges2025-01-08TruePeter GirnusTrue
SolarWinds Access Rights Manager: One Vulnerability to LPE Them All2024-12-12TruePiotr BazydłoTrue
The December 2024 Security Update Review2024-12-10TrueDustin ChildsTrue
Looking at the Internals of the Kenwood DMX958XR IVI2024-11-19TrueConnor FordTrue
The November 2024 Security Update Review2024-11-12TrueDustin ChildsTrue
Multiple Vulnerabilities in the Mazda In-Vehicle Infotainment (IVI) System2024-11-07TrueDmitry JanushkevichTrue
Pwn2Own Ireland 2024: Day Three Results2024-10-24TrueDustin ChildsTrue
Pwn2Own Ireland 2024: Day Two Results2024-10-23TrueDustin ChildsTrue
Pwn2Own Ireland Day One - The Results2024-10-22TrueDustin ChildsTrue
The October 2024 Security Update Review2024-10-08TrueDustin ChildsTrue
From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities2024-10-03TrueConnor FordTrue
Exploiting Exchange PowerShell After ProxyNotShell: Part 4 – No Argument Constructor2024-09-26TruePiotr BazydłoTrue
Exploiting Exchange PowerShell After ProxyNotShell: Part 3 – DLL Loading Chain for RCE2024-09-19TruePiotr BazydłoTrue
Exploiting Exchange PowerShell After ProxyNotShell: Part 2 - ApprovedApplicationCollection2024-09-12TruePiotr BazydłoTrue

1–50 of 87

Built by the dogesec team. Copyright 2026.