top of page
ALL POSTS
Microsoft's Abandoned MSHTA Tool Becomes Weapon for Fileless Malware Campaigns
Key Findings MSHTA, a retired Windows tool originally built for Internet Explorer, remains enabled by default on modern Windows systems and is now actively exploited for fileless malware attacks Threat actors abuse MSHTA as a Living-off-the-Land binary to execute malicious code directly in memory while masking activity as legitimate administrative tasks Multiple malware families including CountLoader, Emmenhtal Loader, PurpleFox, and ClipBanker leverage MSHTA to deliver info-
May 212 min read
Microsoft May 2026 Patch Tuesday: 137 Vulnerabilities Patched, 13 Critical
Key Findings Microsoft released 137 security updates in May 2026 Patch Tuesday with 13-16 critical vulnerabilities, marking the first month without active zero-day exploits in nearly two years AI-powered vulnerability discovery tools like Anthropic's Project Glasswing are significantly increasing patch volume across the industry, with some vendors fixing record numbers of flaws Three critical Microsoft vulnerabilities pose immediate enterprise risk: CVE-2026-41089 (Windows Ne
May 123 min read
PhantomRPC: Windows RPC Privilege Escalation Vulnerability Discovered
Key Findings PhantomRPC is a novel local privilege escalation vulnerability in Windows RPC architecture affecting likely all Windows versions Vulnerability enables processes with impersonation privileges to escalate to SYSTEM level permissions Five distinct exploitation paths identified across local service, network service, and user contexts Differs fundamentally from "Potato" exploit family but remains unpatched despite responsible disclosure Architectural weakness creates
Apr 252 min read
Microsoft Patch Tuesday April 2026 - Critical Vulnerabilities and Snort Detection Rules
Key Findings Microsoft released 165-167 critical and important security updates in April 2026, marking one of the largest Patch Tuesday releases on record Eight vulnerabilities marked critical, including remote code execution flaws in Windows TCP/IP, IKE, Active Directory, and multiple Office applications CVE-2026-32201 SharePoint spoofing vulnerability already exploited in the wild, enabling phishing and social engineering attacks CVE-2026-33825 BlueHammer Windows Defender p
Apr 143 min read
bottom of page
