top of page
ALL POSTS
Microsoft Uncovers Windows Clipper Malware Campaign with USB Worm and Tor-Based Command & Control
Key Findings Windows-based clipper malware campaign active since February 2026 targets cryptocurrency wallets through USB-distributed LNK shortcut files Malware uses bundled Tor client with SOCKS5 proxy to communicate with hidden-service C2 servers, avoiding traditional IP-based infrastructure detection Attack chain involves worm component that replicates across USB drives by masking itself as legitimate documents like DOC, XLSX, and PDF files Clipper steals BIP39 seed phrase
Jun 183 min read
MiniPlasma Windows 0-Day: SYSTEM Privilege Escalation on Fully Patched Systems
Key Findings Chaotic Eclipse released a proof-of-concept exploit for MiniPlasma, a Windows privilege escalation zero-day that grants SYSTEM privileges on fully patched systems The vulnerability exists in cldflt.sys (Windows Cloud Files Mini Filter Driver) within the HsmOsBlockPlaceholderAccess routine Originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020 and assigned CVE-2020-17103, the flaw was supposedly patched in December 2020
May 182 min read
Microsoft's May 2026 Patch Tuesday Fixes 138 Bugs, Some Alarming
Key Findings Microsoft's May 2026 Patch Tuesday addressed 138 vulnerabilities across its entire product portfolio, including 30 critical flaws 16 of the patched vulnerabilities were discovered by Microsoft's new MDASH AI system, marking a significant shift in how security threats are identified Four of the AI-discovered flaws are critical remote code execution bugs in Windows No vulnerabilities were publicly disclosed or actively exploited at time of release The release coinc
May 134 min read
PhantomRPC: Windows RPC Privilege Escalation Vulnerability Discovered
Key Findings PhantomRPC is a novel local privilege escalation vulnerability in Windows RPC architecture affecting likely all Windows versions Vulnerability enables processes with impersonation privileges to escalate to SYSTEM level permissions Five distinct exploitation paths identified across local service, network service, and user contexts Differs fundamentally from "Potato" exploit family but remains unpatched despite responsible disclosure Architectural weakness creates
Apr 252 min read
Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns
Key Findings Cybersecurity researchers at Microsoft Threat Intelligence have found that attackers are circulating fake gaming tools that install a remote access trojan (RAT) when users run the files. The campaign relies on trojanized executables distributed through browsers and chat platforms, convincing victims to download software such as Xeno.exe or RobloxPlayerBeta.exe, which appear legitimate at first glance. The initial file acts as a downloader that prepares the system
Mar 12 min read
Microsoft Warns of DNS-Based ClickFix Attacks Targeting Windows Users
Key Findings Microsoft has disclosed details of a new version of the ClickFix social engineering tactic that uses DNS lookups to retrieve malware payloads. The attack tricks users into running commands through the Windows Run dialog that perform a DNS lookup to an external server controlled by the attackers. The DNS response is then executed as the second-stage payload, allowing the threat actors to reach infrastructure under their control and establish a new validation layer
Feb 152 min read
Microsoft Patch Tuesday Updates for February 2026
Key Findings Microsoft released security updates to address 58 new vulnerabilities across Windows, Office, Azure, Edge, Exchange, Hyper-V, and other components. The update includes fixes for 6 zero-day vulnerabilities that are being actively exploited in the wild. 5 of the vulnerabilities were rated as "Critical" by Microsoft. Several vulnerabilities affect high-profile targets like GitHub Copilot, IDEs, and Azure cloud services. Background This month's Patch Tuesday from Mic
Feb 101 min read
Microsoft Warns: Python Infostealers Expand from Windows to macOS
Key Findings: Microsoft warns that info-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments. Attackers are leveraging cross-platform languages like Python and abusing trusted platforms to distribute infostealer malware at scale. Background Since late 2025, Microsoft has observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix-style prompts and malicious DMG installers. These campaigns deploy macO
Feb 42 min read
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, Including One Actively Exploited
Key Findings Microsoft released its first security update for 2026, addressing 114 security flaws 8 vulnerabilities were rated Critical, and 106 were rated Important in severity The update includes 58 privilege escalation, 22 information disclosure, 21 remote code execution, and 5 spoofing flaws The update marks the third-largest January Patch Tuesday after January 2025 and January 2022 2 previously disclosed zero-day vulnerabilities were also addressed Background Microsoft r
Jan 142 min read
CVE-2025-12345: Novel Privilege Escalation Vulnerability in Cutting-Edge Software
Key Findings: A newly discovered vulnerability in the Windows Kernel, tracked as CVE-2025-62215, allows local privilege escalation. The flaw, present in all supported versions of Windows, enables a low-privileged user or process to elevate their permissions to gain SYSTEM-level access. Proof-of-concept (PoC) exploits have been publicly released, demonstrating the ability to achieve arbitrary code execution with SYSTEM privileges. The vulnerability is considered high-severity,
Nov 13, 20252 min read
bottom of page
