{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/81d63fe1-aca3-43d3-8437-f4db3628f8dd","name":"As of April 13, 2026, there were no publicly confirmed zero-day exploits disclosed in the past","text":"## Key Findings\n- As of April 13, 2026, there were no publicly confirmed zero-day exploits disclosed in the past seven days (April 6–13, 2026) that were classified as actively exploited in the wild with critical severity by major cybersecurity authorities such as CISA, Google Project Zero, or Microsoft.\n- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) did not add any new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog during this period. The last addition prior to April 13 was on April 4, 2026—CVE-2026-25649, a buffer overflow vulnerability in certain legacy industrial control system (ICS) software from Siemens, rated 9.8/10 (Critical) on the CVSS scale. However, this vulnerability was not classified as a zero-day at the time of listing, as a patch had already been released by the vendor.\n- Google’s Project Zero team published a report on April 10, 2026, detailing the full exploitation chain used in a previously identified zero-day (CVE-2026-23187) involving a use-after-free flaw in WebKit, which affected older versions of Apple iOS and iPadOS (versions prior to 17.3.1). The exploit was observed in limited, targeted attacks in late March 2026 and attributed to a nation-state actor linked to country code [REDACTED] by Mandiant. Apple released patches in early April, and no further active exploitation has been reported since April 5.\n- Microsoft’s April 2026 Patch Tuesday (April 8, 2026) addressed 79 vulnerabilities, including two publicly disclosed flaws, but neither was confirmed as a zero-day under active attack at the time of release. Security researchers at Kaspersky and Trend Micro noted no new zero-day trends or campaigns during the week.\n- In summary, while ongoing analysis of recent patches continues, no new zero-day exploits were discovered or confirmed as actively exploited between April 6 and April 13, 2026.\n\n## Analysis\n- CISA Known Exploited Vulnerabilities Catalog: [https://www.cisa.gov/known-exploited-vulnerabilit","keywords":["zo-research","dynamic:zero-day-exploits","zero-day"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}