-
Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security featur…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A high-severity local privilege escalation (LPE) vulnerability, identified as CVE-2026-20817, has been publicly documented following the release of a proof-of-concept (PoC) exploit. Discovered in the Windows Error Reporting (WER) service, the flaw allo…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Cofense Intelligence have uncovered an ongoing campaign where threat actors abuse Windows File Explorer to distribute malware. By exploiting the legacy WebDAV protocol, attackers are tricking victims into downloading Remote…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have released a new Proof of Concept (PoC) for a vulnerability in the Windows Common Log File System (CLFS) driver. The flaw, identified as CVE-2026-2636, allows low-privileged users to force a system into a Blue Screen of Death (B…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Windows Management Instrumentation (WMI) is a critical utility built into the Windows operating system designed to help administrators monitor status and automate routine tasks. However, cybercriminals have increasingly weaponized this legitimate infra…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys.
·
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious flaw in Splunk Enterprise for Windows that lets low-privileged users hijack DLL loading and escalate to SYSTEM-level access. Tracked as CVE-2026-20140, this local privilege escalation (LPE) vulnerability stems from DLL search-order hijacking …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CharlieKirk Grabber is a Python-based Windows infostealer that focuses on rapid “smash‑and‑grab” credential theft and data exfiltration rather than long-term system control or destructive behavior. It targets browser‑stored passwords, Wi‑Fi keys, Disco…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
