Microsoft warns of new Defender zero-days exploited in attacks
…Microsoft has released Malware Protection Engine versions 1.1.26040.8 and 4.18.26040.7, respectively, to address the two security flaws, and added that customers shouldn't have to take…
Search
Microsoft warns of Exchange zero-day flaw exploited in attacks
…While patches aren't yet available to permanently fix the vulnerability, the company added that the Exchange Emergency Mitigation Service (EEMS) will provide automatic mitigation for Exchange Server 2016, 2019, and SE…
ChatGPT share links abused to host fake outage pages to deliver malware
…Download our desktop app to continue." Unlike traditional phishing pages hosted on attacker-controlled infrastructure, the fake outage notice is rendered through ChatGPT itself. The attackers created a custom HTML page using…
Max severity Cisco Secure Workload flaw gives Site Admin privileges
…New Cisco DoS flaw requires manual reboot to revive devices Critical Cisco IMC auth bypass gives attackers Admin access Hackers exploit React2Shell in automated credential theft campaign Hackers bypass SonicWall VPN MFA…
Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks firewall zero-day exploited for nearly a month By Sergiu Gatlan May 7, 2026 06:57 AM Palo Alto Networks warned customers that suspected state-sponsored hackers have been…
Microsoft confirms Windows 11 security update install issues
…This known issue is caused by insufficient free space on the EFI System Partition (ESP), which results in the update automatically rolling back on affected devices. "This issue affects devices with limited…
Microsoft Self-Service Password Reset abused in Azure data theft attacks
…Targeting Microsoft 365 apps After hijacking the accounts, Storm-2949 used the Microsoft Graph API and custom Python scripts to enumerate users, roles, applications, and service principals, and to evaluate the long…
KnowledgeDeliver flaw exploited as a zero-day to install web shells
…It stems from the use of a shared hardcoded machine key in the web portal configuration across all KnowledgeDeliver customer deployments. ViewState deserialization Threat actors obtained the machine key and used it…
Over 116,000 Mincraft systems infected in WeedHack malware campaign
…WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems. Telemetry data from cybersecurity company McAfee…
Over 116,000 Minecraft systems infected in WeedHack malware campaign
…WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems. Telemetry data from cybersecurity company McAfee…