Cybersecurity 101
Zero-Day Exploit vs Zero-Day Vulnerability vs Zero-Day Attack
The three "zero-day" terms explained — vulnerability, exploit, and attack — how they connect on a timeline, why they are dangerous, and how to defend.
Nicholas Robert
Cybersecurity writer and analyst. Covering breaches, threats, and vulnerabilities — analysis beyond the headline.
Vulnerabilities
Windows Netlogon CVE-2026-41089 Is Now Under Active Exploitation, Belgian CCB Warns
Belgium's national cybersecurity authority warned on May 29 that CVE-2026-41089, a critical pre-auth buffer-overflow RCE in Windows Netlogon, is now being exploited against unpatched domain controllers. Microsoft patched the flaw in its May 12 Patch Tuesday release.
Nation-State Cyber Threats
Operation Dragon Weave Targets Czech Republic and Taiwan With AdaptixC2 Spear-Phishing
Seqrite Labs disclosed Operation Dragon Weave, a China-aligned cyber-espionage campaign delivering an AdaptixC2 agent against government, research, academic, technology, and financial-services targets in the Czech Republic and Taiwan via spear-phishing ZIPs.
Vulnerabilities
WP Maps Pro Flaw CVE-2026-8732 Is Being Exploited to Mint Admin Accounts on 15,000 Sites
CVE-2026-8732, a CVSS 9.8 flaw in the WP Maps Pro WordPress plugin, lets any unauthenticated attacker mint an administrator account on 15,000 affected sites. Wordfence blocked 2,858 exploitation attempts in a single 24-hour window. Patch is in v6.1.1.
Nation-State Cyber Threats
Gamaredon Hides a Fileless GammaWorm Inside NTFS Alternate Data Streams to Spy on Ukraine
Sekoia documented an FSB-linked Gamaredon campaign whose GammaWorm hides fileless VBScript modules inside NTFS Alternate Data Streams to spy on Ukrainian government, military, and critical-infrastructure targets while leaving almost no trace on disk.
Supply Chain Attack
codexui-android npm Package Is Quietly Stealing OpenAI Codex Tokens From 29,000 Weekly Users
The npm package codexui-android, a remote web UI for OpenAI Codex with 29,000 weekly downloads, has been exfiltrating users' Codex authentication tokens to an attacker server for the past month. The package is still live on npm.
Password Security
Dashlane Locked User Accounts After a Brute-Force Attack on Its New-Device-Token Flow
Dashlane confirmed that an external party brute-forced the token check on its new-device-registration flow, and the company's automatic protections suspended targeted accounts. The lockout is the protection working — the news is what attackers went after.
Vulnerabilities
HP Poly VVX and Trio VoIP Phones: CVE-2026-0826 Unauthenticated RCE Patched on Disclosure Day
Rapid7's Stephen Fewer disclosed CVE-2026-0826 on June 1 — an unauthenticated stack-based overflow in HP Poly VVX and Trio enterprise VoIP phones with a CVSSv4 of 9.2 — alongside HP firmware fixes released the same morning after a five-month coordinated disclosure cycle.
Cybersecurity 101
What Is an Exploit in Cybersecurity?
A clear guide to exploits — what they are, how they differ from vulnerabilities, how they work, the common types, and how to defend against them.
Supply Chain Attack
Microsoft Names 'Mini Shai-Hulud' Wave of 14 npm Typosquats Stealing Cloud and CI/CD Secrets
Microsoft Threat Intelligence has named a new npm supply-chain wave the Mini Shai-Hulud campaign. A single maintainer alias, vpmdhaj, published 14 typosquatted packages in four hours that harvest AWS, HashiCorp Vault, npm, and GitHub Actions secrets from CI/CD runners.
Cyber Attacks
Dutch Politie and NCSC Dismantle Asocks Residential Proxy Botnet of 17 Million Devices
Dutch Politie and NCSC-NL took down 200 Netherlands-based servers running Asocks, a residential proxy service built from at least 17 million infected consumer devices. The takedown weakens the IP-reputation assumptions every defender relies on.
Cybersecurity 101
Common Types of Software Vulnerabilities
A clear guide to the common types of software vulnerabilities — from memory and injection flaws to broken authentication, access control, and misconfigurations.