Vulnerabilities
Nightmare-Eclipse released MiniPlasma May 13, 2026 — a working SYSTEM-level exploit for cldflt.sys on fully patched Windows 11. The bug is CVE-2020-17103, patched by Microsoft in December 2020. The 2020 PoC still works — and no 2026 patch exists.
Vulnerabilities
A Defender signature update flagged DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha and quarantined them worldwide. Microsoft fixed it in 1.449.430.0. The underlying DigiCert breach is the bigger story.
Threat Intelligence
The OAuth phishing kit is plumbed end-to-end through legitimate SaaS, which is exactly the point.
Vulnerabilities
CISA confirmed active exploitation of two vulnerabilities — a ConnectWise ScreenConnect path traversal flaw linked to Medusa ransomware and a Microsoft Windows Shell spoofing bug attributed to Russian APT28 — adding both to its Known Exploited Vulnerabilities catalog with a federal patching deadline of May 12, 2026. WASHINGTON, D.C. — The Cybersecurity
Trending
A Chinese state-linked contract hacker, Xu Zewei, has been extradited from Italy to the United States and charged for his alleged role in the Silk-Typhoon (Hafnium) campaigns that targeted U.S. universities conducting COVID-19 vaccine research and later thousands of Microsoft Exchange email servers worldwide. WASHINGTON, D.C. — In a
Vulnerabilities
Microsoft has patched a serious Entra ID (Azure AD) misconfiguration that exposed an “agent-only” role for Microsoft Graph PowerShell that was not properly restricted to Microsoft’s own internal agents. Attackers who obtained secrets for a service-principal-linked app registration could exploit this role to escalate privileges and pivot to long-term
Microsoft Ecosystem
A newly-tracked threat cluster, UNC6692, is using social-engineering-driven Teams-chats to pose as IT support, tricking employees into installing a custom modular malware toolkit called SNOW. The attack signals a shift from pure-email-phishing to "chat-based intrusion." MOUNTAIN VIEW, CALIFORNIA — A sophisticated new threat cluster, identified by the Google Threat
Microsoft Ecosystem
An out-of-band update arrives days after the April Patch Tuesday release triggered critical LSASS crashes and BitLocker recovery prompts across enterprise domain controllers. REDMOND, WA — Microsoft has released a series of emergency out-of-band (OOB) updates to address a cascade of failures introduced by its April 2026 "Patch Tuesday"
Microsoft Ecosystem
A new human-operated intrusion playbook leverages cross-tenant communication to bypass traditional email security, targeting high-privilege credentials through "Helpdesk" deception. REDMOND, WA — Microsoft Threat Intelligence has issued a critical warning regarding a sophisticated surge in "Helpdesk Impersonation" attacks conducted via Microsoft Teams. The campaign, which targets enterprise
Vulnerabilities
A disgruntled security researcher has publicly released proof-of-concept code for three critical vulnerabilities in Microsoft Defender, leaving over a billion users exposed as two flaws remain unpatched. REDMOND, WA — The global cybersecurity community is on high alert following the unauthorized leak and subsequent exploitation of three zero-day vulnerabilities within Microsoft
Microsoft Ecosystem
The inaugural live hacking event at Microsoft’s Redmond campus resulted in the discovery of nearly 700 vulnerabilities, including over 80 high-impact flaws in Cloud and AI infrastructure. REDMOND, WA — Microsoft has officially concluded its "Zero Day Quest" 2026, awarding a total of $2.3 million to security
Vulnerabilities
The addition of both legacy vulnerabilities and 2026 zero-days signals a "two-front war" for defenders: securing modern cloud-facing infrastructure while purging decade-old exploits still being used in the wild. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency (CISA) has added seven new vulnerabilities to its Known Exploited