The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges.

The post Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day appeared first on SecurityWeek.

PUBLIC DEFENDER By Brian Livingston You may think you can make easy money by betting on sports and political events in so-called prediction markets such as Polymarket and Kalshi. I’d bet that you’d lose your shirt. If bettors believe there’s a 75 percent chance that interest rates will rise, for instance, you can bet 75 […]

The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode.

The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek.

Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM.

The post New Windows Zero-Day Exploit ‘RoguePlanet’ Released appeared first on SecurityWeek.

ISSUE 23.22 • 2026-06-01 PUBLIC DEFENDER By Brian Livingston Waves of state-sponsored malware attacks are expected to overwhelm traditional antivirus software as early as July 2026. By then, hacker teams will surely gain access to powerful large language models (LLMs) such as Anthropic’s Mythos Preview and OpenAI’s GPT-5.4-Cyber. In April 2026, Anthropic and OpenAI announced […]

The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition.

The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.

PUBLIC DEFENDER Microsoft ruined Windows’ local account — but here’s the fix By Brian Livingston Windows users have installed the operating system for decades using what’s known as a local account. But Microsoft has nibbled away at end users’ independence to the point that most people are finding it impossible to set up Windows without […]

PUBLIC DEFENDER By Brian Livingston The maker of the popular Claude large language model (LLM) — which became the number-one download from US app stores in February 2026 — recently announced a powerful service called Claude Mythos. The new LLM has reportedly discovered thousands of security holes in every major operating system and Web browser. […]

WINDOWS 11 By Martin Brinkmann Here’s a surprising speed boost for everyday, heavy-duty tasks. It works on many Windows setups and costs nothing. When Microsoft rolled out Dev Drive for Windows 11 back in 2023, it slapped a massive “For Developers Only” sign on the feature. The pitch was that enterprise programmers compiling millions of […]

The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges.

The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.

PUBLIC DEFENDER By Brian Livingston I explained in my April 6, 2026, column that USB devices are becoming one of the most common ways hackers spread malware, using modified little gizmos that stroll past firewalls and are undetectable by security suites. At the end of that column, I promised to give you new information as […]

Microsoft addressed 165 vulnerabilities affecting its various products and underlying systems, including one actively exploited vulnerability in Microsoft Office SharePoint, in this month’s Patch Tuesday update. 

“By my count, this is the second-largest monthly release in Microsoft’s history,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a blog post Tuesday.

Microsoft didn’t explain why its monthly batch of patches grew so large this month, but Childs noted that many vulnerability programs are experiencing a significant increase in submissions found by artificial intelligence tools. “For us, our incoming rate has essentially tripled, making triage a challenge, to say the least,” he added. 

The zero-day vulnerability — CVE-2026-32201 — has a CVSS rating of 6.5 and allows attackers to view sensitive information and make changes to disclosed information. Microsoft said the improper input validation defect in Microsoft Office SharePoint allows unauthenticated attackers to perform spoofing over a network.

The Cybersecurity and Infrastructure Security Agency added the zero-day to its known exploited vulnerabilities catalog shortly after Microsoft’s disclosure. 

Microsoft also addressed a high-severity vulnerability — CVE-2026-33825 — that was publicly known at the time of release. The vendor said the defect in Microsoft Defender is more likely to be exploited and could allow unauthorized attackers to elevate privileges locally.

“What starts as a foothold can quickly become full system domination,” Jack Bicer, director of vulnerability research at Action1, said in a blog post about the vulnerability. 

“Once exploited, it allows full control over endpoints, enabling data exfiltration, disabling security tools and lateral movement across networks,” Bicer said.

Proof-of-concept exploit code for the defect is publicly available, which increases the likelihood of exploitation in the wild, he added.

Microsoft disclosed two critical vulnerabilities this month — CVE-2026-33824 affecting Windows IKE Extension and CVE-2026-26149 affecting Microsoft Power Apps — but designated both of the defects as less likely to be exploited.

More than three-quarters of the vulnerabilities disclosed this month are less likely to be exploited, according to Microsoft. Meanwhile, the company designated 19 vulnerabilities as more likely to be exploited.

The full list of vulnerabilities addressed this month is available in Microsoft’s Security Response Center.

The post Microsoft drops its second-largest monthly batch of defects on record appeared first on CyberScoop.

ISSUE 23.14 • 2026-04-06 PUBLIC DEFENDER By Brian Livingston As if we didn’t already have enough malware to worry about, malicious hackers and state-sponsored cybercrime teams are turning ordinary-looking USB drives and cables into weapons that can infect or fry — within a single second — any computer or electronic component you plug them into. […]

PUBLIC DEFENDER By Brian Livingston Most of the “smart” devices in your home or office are constantly uploading personal information about you to data brokers who sell your profile to all comers — but there are ways to prevent this leakage of your life to people who clearly don’t have your best interests at heart. […]

PUBLIC DEFENDER By Brian Livingston Installing “agentic AI” such as Microsoft’s Copilot, OpenAI’s GPT Atlas, and other artificial-intelligence helpers is a big trend among businesses and individual computer users — but big problems come along with such bots. A white paper published by Kiteworks, a data-management firm, says 60 percent of companies using agentic AI […]

Want to learn how attackers bypass endpoint products? Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SacredCashCowTipping2020.pdf 3:41 – Alternate Interpreters 9:19 – Carbon Black Config Issue 15:07 – Cisco […]

The post Webcast: Sacred Cash Cow Tipping 2020 appeared first on Black Hills Information Security, Inc..

💾

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?  In this one-hour podcast, originally recorded as […]

The post BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem. appeared first on Black Hills Information Security, Inc..

💾

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?  In this one-hour webcast, we introduce a somewhat […]

The post Webcast: Endpoint Security Got You Down? No PowerShell? No Problem. appeared first on Black Hills Information Security, Inc..

Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential […]

The post Getting PowerShell Empire Past Windows Defender appeared first on Black Hills Information Security, Inc..

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

The post Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up appeared first on Black Hills Information Security, Inc..