top of page
ALL POSTS
Microsoft Confirms RoguePlanet Defender Zero-Day Vulnerability, Patch in Development
Key Findings Microsoft has formally acknowledged RoguePlanet, a privilege escalation zero-day in Microsoft Defender's Malware Protection Engine, assigned CVE-2026-50656 with a CVSS score of 7.8 The vulnerability exploits a race condition that can grant attackers SYSTEM-level privileges, and a patch is currently in development Security researcher Chaotic Eclipse released a working proof-of-concept that functions regardless of whether real-time protection is enabled or disabled
Jun 182 min read
Cisco SD-WAN Vulnerability Now Exploited in the Wild: Patch CVE-2026-20262 Immediately
Key Findings CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager and is actively exploited in the wild The vulnerability allows authenticated attackers to write or overwrite arbitrary files on the system Planted files can be leveraged to escalate privileges to root level All deployment types are vulnerable: On-Prem, Cloud-Pro, Cisco-managed cloud, and FedRAMP installations Cisco has released patched builds across all affected versions Attackers are already deploying suspicio
Jun 162 min read
LiteSpeed and FreeBSD Privilege Escalation Flaws Under Active Exploitation (CVE-2026-54420, CVE-2026-49413)
Key Findings LiteSpeed cPanel plugin versions before 2.4.8 contain a privilege escalation flaw actively exploited in the wild Vulnerability allows low-privileged users on shared hosting to gain full root access by abusing symlink handling Flaw affects servers running CloudLinux/CageFS and scores 8.5 on CVSS scale Patch available now in cPanel plugin v2.4.8 and WHM Plugin v5.3.2.1 Attackers use distinctive pattern of certificate endpoint calls repeated 7-10 times from single I
Jun 152 min read
CISA Adds Actively Exploited Vulnerabilities to KEV Catalog
Key Findings CISA added two actively exploited vulnerabilities to the Known Exploited Vulnerabilities catalog requiring immediate remediation CVE-2022-0492 affects Linux Kernel with CVSS 7.8, enabling privilege escalation and container escape attacks CVE-2025-48595 targets Android 14 and later with CVSS 8.4, allowing arbitrary code execution with elevated privileges Federal agencies must patch both vulnerabilities by June 5, 2026 under Binding Operational Directive 22-01 Both
Jun 32 min read
High-Severity Infrastructure Vulnerabilities Expose Critical Systems and Live Surveillance Feeds
Key Findings Ivanti ITSM vulnerability CVE-2026-9614 carries CVSS score of 8.8 and allows authenticated privilege escalation to administrator access KMW CCTV vulnerability CVE-2026-5386 has critical CVSS score of 9.1 and enables unauthenticated password reset on camera systems SaaS Ivanti deployments already patched automatically; on-premises versions 2025.4 and prior require immediate manual updates KM-IP521 and KM-IP421 camera models affected; vendor patches available but K
Jun 22 min read
Critical Security Updates: Privilege Escalation and Remote Code Execution Vulnerabilities Patched in OpenVPN Connect and Veeam
Key Findings Critical privilege escalation vulnerability (CVE-2026-9560, CVSS 9.4) in OpenVPN Connect for macOS allows local attackers to gain root access Affected versions 3.5.1 through 3.8.1 contain insecure local IPC handling in the privileged helper component Version 3.8.2 patches the vulnerability along with authentication and profile management bugs Enterprise deployments require immediate updates to secure corporate endpoints Multiple critical flaws discovered in Veeam
May 282 min read
CISA Adds Microsoft and Adobe Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added seven vulnerabilities to its Known Exploited Vulnerabilities catalog, including Microsoft Defender flaws currently under active exploitation Two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498) are being actively exploited in the wild CVE-2026-41091 allows attackers to escalate privileges to SYSTEM level with a CVSS score of 7.8 Five additional legacy vulnerabilities from 2008-2010 were added to the catalog, affecting Windows, Int
May 212 min read
MiniPlasma Windows 0-Day: SYSTEM Privilege Escalation on Fully Patched Systems
Key Findings Chaotic Eclipse released a proof-of-concept exploit for MiniPlasma, a Windows privilege escalation zero-day that grants SYSTEM privileges on fully patched systems The vulnerability exists in cldflt.sys (Windows Cloud Files Mini Filter Driver) within the HsmOsBlockPlaceholderAccess routine Originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020 and assigned CVE-2020-17103, the flaw was supposedly patched in December 2020
May 182 min read
Critical cPanel and WHM Security Update: Three New Vulnerabilities Patched to Prevent File Read, Code Execution, and Privilege Escalation
Key Findings cPanel and WHM released patches for three vulnerabilities affecting multiple versions CVE-2026-29201 allows arbitrary file read through insufficient input validation CVE-2026-29202 enables arbitrary Perl code execution for authenticated users CVE-2026-29203 exploits unsafe symlink handling for denial-of-service and potential privilege escalation No evidence of active exploitation yet, but disclosure follows recent zero-day attacks using Mirai and Sorry ransomware
May 102 min read
PhantomRPC: Windows RPC Privilege Escalation Vulnerability Discovered
Key Findings PhantomRPC is a novel local privilege escalation vulnerability in Windows RPC architecture affecting likely all Windows versions Vulnerability enables processes with impersonation privileges to escalate to SYSTEM level permissions Five distinct exploitation paths identified across local service, network service, and user contexts Differs fundamentally from "Potato" exploit family but remains unpatched despite responsible disclosure Architectural weakness creates
Apr 252 min read
Microsoft Issues Emergency Patch for Critical ASP.NET Core Privilege Escalation Vulnerability CVE-2026-40372
Key Findings Microsoft released out-of-band patches for CVE-2026-40372, a critical ASP.NET Core privilege escalation vulnerability with a CVSS score of 9.1 Successful exploitation allows attackers to gain SYSTEM-level privileges and access sensitive files The flaw stems from improper cryptographic signature verification in the DataProtection library versions 10.0.0-10.0.6 Exploitation requires three specific conditions: vulnerable NuGet package in use, runtime loading of the
Apr 222 min read
Microsoft Defender Zero-Days Under Active Exploitation; Patches Released for Two Vulnerabilities
Key Findings Three Microsoft Defender zero-day vulnerabilities are being actively exploited in the wild by threat actors BlueHammer (CVE-2026-33825) has been patched as of April Patch Tuesday; RedSun and UnDefend remain unpatched All three flaws were released by researcher Chaotic Eclipse in response to Microsoft's vulnerability disclosure handling BlueHammer and RedSun enable local privilege escalation while UnDefend causes denial-of-service and blocks security definition up
Apr 172 min read
GPUBreach: New GPU Rowhammer Attack Achieves Full System Compromise Through GDDR6 Bit-Flips
Key Findings New RowHammer attack called GPUBreach exploits GDDR6 memory bit-flips in NVIDIA GPUs to achieve full CPU privilege escalation and system compromise Attack corrupts GPU page tables to grant arbitrary GPU memory read/write access to unprivileged processes Uniquely bypasses IOMMU protections without requiring them to be disabled, unlike competing attacks Researchers demonstrated the exploit on NVIDIA RTX A6000 GPU, spawning a root shell on the host system Current mi
Apr 73 min read
54 EDR Killers Leverage BYOVD to Exploit 34 Signed Vulnerable Drivers and Bypass Security
Key Findings * 54 endpoint detection and response (EDR) killer tools detected * 34 unique signed vulnerable drivers exploited * Technique known as Bring Your Own Vulnerable Driver (BYOVD) widely used * Primarily targeting ransomware defense evasion * Three main categories of threat actors develop these tools * Kernel-mode privilege escalation is primary attack mechanism Background Endpoint detection and response (EDR) killer tools have emerged as a critical threat in modern c
Mar 191 min read
Microsoft Patches 59 Vulnerabilities, Including Six Actively Exploited Zero-Days
Key Findings Microsoft released security updates to address 59 vulnerabilities, including 6 that are actively being exploited in the wild. Of the 59 flaws, 5 are rated Critical, 52 are rated Important, and 2 are rated Moderate in severity. 25 of the patched vulnerabilities are privilege escalation, followed by remote code execution (12), spoofing (7), information disclosure (6), security feature bypass (5), denial-of-service (3), and cross-site scripting (1). The 6 actively e
Feb 112 min read
Microsoft Addresses 56 Security Flaws, Including Active Exploit and Two Zero-Days
Key Findings Microsoft released patches for 56 security vulnerabilities in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two of the patched vulnerabilities are listed as publicly known at the time of the release. The vulnerabilities include 29 privilege escalation, 18 remote code execution, four information disclosure, th
Dec 10, 20252 min read
bottom of page
