HackingPassion.com
👻 home posts ethical hacking course newsletter shop whoami github youtube
HackingPassion.com

Zero-Day

14 posts

/greatxml-bitlocker-bypass/greatxml-bitlocker-bypass.png
GreatXML Turns Windows Defender's Offline Scan Into a BitLocker Bypass

June 12, 2026

Nightmare-Eclipse is back again, this time with a BitLocker bypass called GreatXML that runs straight through Microsoft’s own antivirus. On a Windows …

/rogueplanet-windows-defender-zero-day/rogueplanet-windows-defender-zero-day.png
RoguePlanet Windows Defender Zero Day Hands Any User Full SYSTEM Control

June 10, 2026

Nightmare-Eclipse is back, with a new exploit called RoguePlanet. Windows 10 and 11 have a new zero-day that lets a user with no rights take complete control of …

/nightmare-eclipse-microsoft-zero-day-war/nightmare-eclipse-microsoft-zero-day-war.png
Six Working Windows Zero Days and the Researcher Microsoft Called a Criminal

May 31, 2026

Six working Windows attacks are sitting in the open right now, three of them already seen in a real intrusion, and the researcher who published them did it …

/gtig-ai-zero-day/featured-image.png
Google Catches the First AI Built Zero-Day and Stops a Mass Attack Before It Starts

May 17, 2026

Google caught a criminal group that used AI to find a zero-day in a popular web admin tool and had a working exploit ready for a mass attack against thousands …

/yellowkey-bitlocker-bypass-winre/featured-image.png
YellowKey Bypasses BitLocker on Windows 11 Using Nothing But a Folder on a USB Stick

May 15, 2026

A folder copied to a USB stick is enough to bypass BitLocker encryption on Windows 11 and Windows Server 2022 and 2025, giving an attacker with a few minutes of …

/dirty-frag-linux-root/featured-image.gif
Dirty Frag Gives Root Access on Every Major Linux Distribution

May 8, 2026

A new Linux zero-day called Dirty Frag gives any local user full root access on every major Linux distribution, and right now no distribution has a patched …

/cpanel-authentication-bypass-cve-2026-41940/featured-image.png
cPanel Authentication Bypass CVE-2026-41940 Gave Attackers 64 Days of Root Access

May 1, 2026

For 64 days, attackers had root access to cPanel servers managing over 70 million websites, and nobody had to know a single password to get in. A crafted HTTP …

/copy-fail-linux-kernel-cve-2026-31431/featured-image.png
Copy Fail CVE-2026-31431: Nine Years of Root Access Hidden in the Linux Kernel

April 30, 2026

Since 2017, every major Linux distribution has been shipping a flaw that hands root access to any local user. The exploit is a 732-byte Python script that uses …

/redsun-undefend-defender-zero-days/featured-image.png
RedSun and UnDefend: Two Unpatched Windows Defender Zero-Days

April 19, 2026

Two unpatched Windows Defender zero-days have been actively exploited since April 16th, and both of them work on fully patched Windows 10, Windows 11, and …

/bluehammer-windows-defender-zero-day/featured-image.png
Windows Defender Is Being Used to Hack Windows

April 10, 2026

Windows Defender, the built-in antivirus running on every Windows machine, has a zero-day exploit with full source code sitting on GitHub. No patch, no CVE, and …

/openssl-12-cves-ai-january-2026/featured-image.png
AI Finds 12 OpenSSL Vulnerabilities Including a 27-Year-Old Bug

January 29, 2026

An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since …

/windows-one-update-ten-problems/featured-image.png
One Windows Update, Ten Problems, Two Emergency Patches

January 28, 2026

Microsoft pushed one security update. It broke at least 10 different things. 114 security fixes. Two emergency patches. PCs that won’t boot. Outlook that …

/office-zero-day-cve-2026-21509/featured-image.png
Office Zero-Day Actively Exploited - CVE-2026-21509

January 27, 2026

Microsoft Office zero-day actively exploited. Every version from 2016 to 365, including LTSC 2021 and 2024, over 400 million users. Attackers bypass all the …

/ios-webkit-zero-day-iphone-compromise-cve-2025-43529/featured-image.png
Your iPhone Just Got Owned: iOS WebKit Zero-Days Require No Click (CVE-2025-43529)

January 12, 2026

Your iPhone can be compromised by loading a webpage. No click. No download. Just visit the wrong site. Apple patched this a month ago. Only 16% of users have …