Collecting Cyber-News from over 60 sources

Tag: windows

Legacy Microsoft Utility Fuels New Wave of Malware

May 19, 2026 5:00 PM

Tags: attack, cybercrime, malware, microsoft, powershell, tool, windows

Researchers Link MSHTA Windows Utility to Lumma Stealer, ClickFix Campaigns. Cybercriminals continue abusing Microsoft’s legacy MSHTA utility to deliver malware, with researchers saying that the default-enabled Windows component remains a favored living-off-the-land tool for PowerShell attacks, info stealers and multi-stage malware loaders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/legacy-microsoft-utility-fuels-new-wave-malware-a-31716
Internet Explorer may be dead, but its ghost still runs malware

May 19, 2026 4:00 PM

Tags: backdoor, crypto, detection, Internet, malware, microsoft, powershell, service, software, theft, tool, update, windows

A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
PureLogs infostealer is stealing credentials worldwide

May 19, 2026 4:00 PM

Tags: credentials, malicious, phishing, windows

A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/19/purelogs-infostealer-delivery-steganography/
Microsoft confirms patching issues in restricted Windows networks

May 19, 2026 2:00 PM

Tags: microsoft, network, update, windows

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-patching-issues-in-restricted-windows-networks/
Microsoft confirms patching issues in restricted Windows networks

May 19, 2026 2:00 PM

Tags: microsoft, network, update, windows

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-patching-issues-in-restricted-windows-networks/
Gentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi Systems

May 19, 2026 1:00 PM

Tags: cyber, cybercrime, linux, ransomware, threat, vmware, windows

The Gentlemen ransomware operation has rapidly emerged as one of the most active and scalable cybercrime threats since its public appearance in the second half of 2025. The Gentlemen stands out for its ability to target a wide range of enterprise systems, including Windows, Linux, NAS, BSD, and VMware ESXi environments. This lineage suggests the…
NetExec for OSCP: AD Pentesting

May 19, 2026 6:00 AM

Tags: penetration-testing, windows

This walkthrough takes you end-to-end against a Windows Server 2019 domain controller in the ignite.local lab. You start exactly where the exam drops you, First seen on hackingarticles.in Jump to article: www.hackingarticles.in/netexec-for-oscp-ad-pentesting/
MiniPlasma zeigt: Selbst gepatchtes Windows ist angreifbar

May 18, 2026 6:00 PM

Tags: microsoft, windows, zero-day

MiniPlasma verschafft SYSTEM-Rechte auf gepatchten Windows-Systemen. Der neue Zero-Day wirft Fragen zu Microsofts Patchmanagement auf. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/miniplasma-windows-zero-day-system-rechte-gepatchte-systeme-329246.html
Pwn2Own Berlin: Windows, Linux, Edge und jede Menge KI-Tools gehackt

May 18, 2026 5:00 PM

Tags: ai, linux, tool, windows

Bei der Pwn2Own in Berlin sind vor allem Betriebssysteme und KI-Tools attackiert worden. Die Teilnehmer gewannen fast 1,3 Millionen US-Dollar. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-berlin-hacker-hacken-windows-linux-edge-und-jede-menge-ki-tools-2605-208767.html
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit

May 18, 2026 3:00 PM

Tags: access, cve, edr, exploit, flaw, microsoft, service, update, vpn, vulnerability, windows

Nightmare-Eclipse’s Windows disclosure spree keeps growing: MiniPlasma is only the latest entry in what has become one of 2026’s most chaotic Windows disclosure runs.The spree began with BlueHammer, a Windows Defender privilege escalation flaw later assigned CVE-2026-33825. That was followed by RedSun and UnDefend, two additional Windows privilege escalation and denial-of-service disclosures. Huntress later reported…
Pwn2Own Berlin: Hacker hacken Windows, Linux, Edge und jede Menge KI-Tools

May 18, 2026 3:00 PM

Tags: ai, hacker, linux, tool, windows

Bei der Pwn2Own in Berlin sind vor allem Betriebssysteme und KI-Tools attackiert worden. Die Teilnehmer gewannen fast 1,3 Millionen US-Dollar. First seen on golem.de Jump to article: www.golem.de/news/pwn2own-berlin-hacker-hacken-windows-linux-edge-und-jede-menge-ki-tools-2605-208767.html
Microsoft testing adjustable taskbar, Start menu in Windows 11

May 18, 2026 2:00 PM

Tags: microsoft, windows

Microsoft has finally brought back the resizable taskbar and Start menu to Windows 11 in the latest preview version rolling out to Insiders in the Experimental channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-finally-gets-a-resizable-taskbar-and-start-menu/
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

May 18, 2026 12:00 PM

Tags: cloud, flaw, vulnerability, windows, zero-day

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems.Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver, First seen on thehackernews.com…
Forscher eskaliert: Gefährlicher Zero-Day-Exploit für Windows geleakt

May 18, 2026 12:00 PM

Tags: data-breach, exploit, windows, zero-day

Der Miniplasma genannte Exploit nutzt eine Windows-Lücke aus, die eigentlich schon seit 2020 gepatcht sein sollte. Das ist offenkundig nicht der Fall. First seen on golem.de Jump to article: www.golem.de/news/forscher-eskaliert-gefaehrlicher-zero-day-exploit-fuer-windows-geleakt-2605-208755.html
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

May 18, 2026 12:00 PM

Tags: exploit, flaw, windows, zero-day

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the…
Microsoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922

May 18, 2026 12:00 PM

Tags: cyber, microsoft, update, windows

Microsoft has acknowledged a growing issue affecting Windows 11 users: the May 2026 cumulative update (KB5089549) fails to install, resulting in error code 0x800f0922. The problem is affecting systems running Windows 11 versions 24H2 and 25H2, raising concerns among enterprise administrators and individual users who rely on timely security patches. Released on May 12, 2026,…
Microsoft confirms Windows 11 security update install issues

May 18, 2026 11:01 AM

Tags: microsoft, update, windows

Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-kb5089549-windows-11-security-update-install-issues/
New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

May 18, 2026 1:00 AM

Tags: access, cybersecurity, exploit, windows, zero-day

A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-miniplasma-zero-day-exploit-gives-system-access-poc-released/
JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers

May 16, 2026 1:00 PM

Tags: access, cyber, linux, malicious, malware, open-source, threat, unauthorized, windows

A popular open-source download manager trusted by millions suddenly became a malware delivery platform after attackers compromised its official website, replacing legitimate installers with trojanized versions targeting both Windows and Linux users. The incident, confirmed by JDownloader developers, occurred between May 6 and May 7, 2026, when threat actors gained unauthorized access to the project’s web…
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

May 16, 2026 1:00 AM

Tags: linux, microsoft, vulnerability, windows, zero-day

Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnerabilities affecting products such as Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux…
Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access

May 15, 2026 9:00 PM

Tags: access, control, exploit, microsoft, update, windows

Two unpatched Windows exploit PoCs target BitLocker protections and privilege controls after Microsoft’s May Patch Tuesday security update. The post Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-unpatched-windows-exploits-bitlocker-privilege-escalation/
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

May 15, 2026 9:00 PM

Tags: exploit, linux, microsoft, vulnerability, windows, zero-day

During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

May 15, 2026 8:00 PM

Tags: control, data, hacker, malware, rat, update, windows

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads. First seen on hackread.com Jump to article: hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/
Microsoft to automatically roll back faulty Windows drivers

May 15, 2026 3:00 PM

Tags: microsoft, update, windows

Microsoft is introducing a new Windows Update capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-automatically-roll-back-faulty-windows-drivers/
Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026

May 15, 2026 12:00 PM

Tags: ai, cyber, exploit, hacker, microsoft, nvidia, software, vulnerability, windows, zero-day

The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers demonstrated 24 unique zero-day exploits, earning a total of $523,000 in rewards, according to Trend…
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

May 15, 2026 10:00 AM

Tags: flaw, framework, vulnerability, windows, zero-day

Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections,…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical

May 15, 2026 10:00 AM

Tags: browser, chrome, cyber, flaw, google, linux, update, vulnerability, windows

Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac and 148.0.7778.167 for Linux, is being gradually deployed to users worldwide. The latest…