-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Zero Day Initiative | Breaking Cybersecurity News | The Hacker News

Category — Zero Day Initiative
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

Jun 30, 2026 Vulnerability / API Security
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as  CVE-2026-8037 , carries a CVSS score of  9.8 according to ZDI . A patch is available. If you run LoadMaster with the API enabled, update now. Progress  published its advisory on June 4  and says it has not received any reports of exploitation. On June 29, researchers at watchTowr Labs published a detailed technical write-up that walks through the full exploit chain. What the Flaw Does LoadMaster is an application delivery controller and load balancer used by enterprises to manage traffic across servers. It sits at the network edge, which makes any pre-auth flaw in it especially dangerous. The vulnerability lives in a function called  escape_quotes() , which is supposed to sanitize user input before it gets passed into a shell command. The f...
New Internet Explorer Zero-Day Vulnerability Publicly Disclosed; Identified in October 2013

New Internet Explorer Zero-Day Vulnerability Publicly Disclosed; Identified in October 2013

May 21, 2014
Oh Microsoft, How could you do this to your own Internet Explorer? Microsoft had kept hidden a critical Zero-Day vulnerability of Internet explorer 8 from all of us, since October 2013. A Critical zero-day Internet Explorer vulnerability ( CVE-2014-1770 ), which was discovered by Peter 'corelanc0d3r' Van Eeckhoutte in October 2013 just goes public today by the Zero Day Initiative (ZDI) website . Zero Day Initiative is a program for rewarding security researchers for responsibly disclosing vulnerabilities. ZDI reportedly disclosed the vulnerability to Microsoft when it was first identified by one of its researchers, on which Microsoft responded 4 month later on February 2014 and confirmed the flaw, but neither the Microsoft patch the vulnerability nor it disclosed any details about it. But due to ZDI’s 180 days public notification policy, they are obligated to publicly disclosed the details of a Zero-Day vulnerability. ZDI warned Microsoft several days ago ab...
Expert Insights Articles Videos
Cybersecurity Resources