All CosmicBytez Labs articles tagged #Windows, across news, security advisories, how-to guides, and projects.
A security researcher has released a public Windows zero-day exploit called LegacyHive that allows local privilege escalation to SYSTEM on fully up-to-date Windows machines. No patch is available.
A design flaw in the Cursor AI code editor on Windows executes any file named git.exe found in the root of a cloned project directory — automatically, with no prompt or warning, simply by opening the repository. Malicious repositories can weaponize this to steal SSH keys, cloud tokens, and source code on first open.
Security researcher Chaotic Eclipse released LegacyHive, a proof-of-concept exploit for a Windows User Profile Service privilege escalation vulnerability, just hours after Microsoft's July 2026 Patch Tuesday release.
Zoom has disclosed a critical improper input validation flaw in its Windows desktop client and SDK that allows unauthenticated network attackers to hijack accounts. Update to Zoom Workplace 7.0.0 immediately.
A critical use-after-free vulnerability in Google Chrome's Core component on Windows allows remote attackers to escape the browser sandbox via a crafted HTML page. Patch to Chrome 150.0.7871.125 immediately.
Researcher 'Nightmare-Eclipse' published a proof-of-concept exploit for a Windows Defender vulnerability in early June after dropping several other...
Microsoft has patched a Windows Defender zero-day vulnerability dubbed RoguePlanet after researcher 'Nightmare-Eclipse' released a working...
Microsoft has dissected GigaWiper, a destructive Windows backdoor that combines three distinct destructive capabilities — full disk wiping, fake...
A cryptographically weak random number generator in the GenerateRandomPassword function of bosh-windows-stemcell-builder allows remote attackers to...
Researchers have uncovered a novel malware artifact generated using DeepSeek that weaponizes the Chromium File System Access API to encrypt files entirely...
CISA has confirmed that ransomware gangs are actively exploiting BlueHammer, a Microsoft Defender privilege escalation vulnerability previously used in...
Hackers are actively exploiting CVE-2026-48558 in SimpleHelp remote support software to deploy Djinn Stealer, a previously undocumented cross-platform...
Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...
A path traversal flaw in Notepad++ v8.9.6.1 allows attackers to bypass the trusted directory plugin verification check using path sequences, potentially...
A critical authentication vulnerability in four ManageEngine products allows unauthenticated attackers to predict SSO session tickets and take over...
Microsoft has confirmed Windows 11 version 26H2 as the next feature update, with devices running 24H2 and 25H2 able to upgrade via a lightweight...
Microsoft's June 2026 Patch Tuesday addressed nearly 200 security vulnerabilities — the highest single-month patch count in the company's history —...
A bug introduced by June 2026 security updates causes Windows to display internal $R filenames instead of original filenames in the Recycle Bin deletion...
A self-spreading USB worm active since February 2026 hides real files behind malicious .lnk shortcuts, hijacks clipboard cryptocurrency addresses, hunts...
Microsoft Threat Intelligence has exposed a cryptocurrency clipboard-hijacking campaign active since February 2026 that spreads via malicious USB LNK...
Anonymous researcher Chaotic Eclipse released a PoC exploit for a new Microsoft Defender zero-day named RoguePlanet. The race condition flaw grants SYSTEM...
Microsoft's June 2026 Patch Tuesday is the largest single release on record, fixing 206 vulnerabilities across its software portfolio — including three...
Microsoft's June 2026 Patch Tuesday fixes three actively exploited Windows zero-days: two SYSTEM privilege escalation flaws and a BitLocker bypass...
The Windows version of the Hola Browser has been hit by a supply chain attack that bundled a cryptocurrency miner with the official installer, silently…
An AI-generated ransomware toolkit automates EDR evasion; Windows Netlogon RCE is actively exploited on domain controllers; the Miasma campaign hits Red Hat…
Microsoft announced Coreutils for Windows at Build 2026, bringing widely used Linux command-line utilities — ls, grep, cat, awk, and more — to Windows as…
A critical stack-based buffer overflow vulnerability in Arm Whois 3.11 (CVSS 9.8) allows remote attackers to execute arbitrary code by supplying oversized…
An incorrect permission assignment vulnerability in Fujitsu ServerView Agents for Windows V11.60.04 and earlier allows a local authenticated attacker to…
Belgium's national cybersecurity authority (CCB) has issued an urgent warning that threat actors are actively exploiting a recently patched critical Windows…
Use SQL to query your endpoints like a database. Deploy osquery across Linux and Windows hosts to surface process trees, network connections, user activity…
Microsoft publicly condemned unauthorized zero-day disclosures as 'never justifiable' after a security researcher published working proof-of-concept...
Strong AD passwords don't have to mean frustrated users — passphrases, breached-password checks, and self-service resets balance security and usability.
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems where domain controller lookups fail after installing the KB5087537 May 2026.
A new technical analysis reveals that many Windows kernel-mode drivers can be exploited from user mode without the physical hardware they were designed...
Trend Micro has patched an Apex One zero-day vulnerability actively exploited in attacks targeting Windows systems. The flaw, discovered in the company's...
A new Windows kernel privilege escalation zero-day dubbed MiniPlasma, released by researcher Chaotic Eclipse, grants SYSTEM-level access on fully patched...
Pwn2Own Berlin 2026 has concluded with security researchers earning over $1.29 million in prizes after successfully exploiting 47 zero-day vulnerabilities...
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed MiniPlasma that lets attackers gain...
A supply chain attack compromised official DAEMON Tools Lite installation packages distributed from daemon-tools.cc between April 8 and May 5, 2026,...
On day two of Pwn2Own Berlin 2026, competitors demonstrated 15 unique zero-day vulnerabilities and collected $385,750 in awards, successfully exploiting...
A security researcher has publicly released two unpatched Windows zero-day exploits: YellowKey, a BitLocker bypass requiring physical access, and...
An anonymous researcher has publicly disclosed two new unpatched Windows zero-days — YellowKey enabling BitLocker bypass and GreenPlasma targeting CTFMON...
Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities including nine critical flaws — but for the first time in two years, not a single...
Microsoft's May 2026 Patch Tuesday delivers security updates for 120 vulnerabilities across Windows, Edge, Office, Azure, and more — with no zero-days...
Microsoft's May 2026 Patch Tuesday addresses 138 security vulnerabilities across its product portfolio, including 30 rated Critical — with notable DNS...
A cybersecurity researcher has published proof-of-concept exploits for two unpatched Windows vulnerabilities — YellowKey (BitLocker bypass) and...
A malicious repository impersonating OpenAI's "Privacy Filter" project climbed to Hugging Face's trending list and delivered information-stealing malware...
The official website for JDownloader, one of the most widely-used open-source download managers, was compromised to distribute malicious Windows and Linux...
Microsoft is testing a redesigned Run dialog for Windows 11 that brings dark mode support and improved performance over the legacy Win+R dialog that has...
CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...
The emerging Vect 2.0 ransomware — deployed against TeamPCP supply chain attack victims — permanently destroys files larger than 131KB due to a critical...
Threat hunters warn that VECT 2.0 ransomware contains a critical flaw in its encryption implementation that acts more like a wiper for files over 131KB...
A Microsoft Windows vulnerability originally patched in a prior Patch Tuesday was incompletely remediated, leaving a residual attack surface that...
Microsoft patched 77 security vulnerabilities in March 2026 with no actively exploited zero-days, a welcome reprieve following February's five-zero-day...
Microsoft released patches for 167 security vulnerabilities in April 2026, including an actively exploited SharePoint Server zero-day and the publicly...
Microsoft is rolling out a revamped Windows Insider Program experience as part of broader plans to address performance and reliability concerns affecting...
Microsoft is rolling out passkey support for phishing-resistant passwordless authentication to Microsoft Entra-protected resources from Windows devices...
Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent...
A new ransomware operation called Kyber is targeting Windows systems and VMware ESXi endpoints, with one variant implementing Kyber1024 post-quantum...
Microsoft's April 2026 Patch Tuesday addressed 169 CVEs — the second-largest monthly update in company history — including one actively exploited...
Microsoft's April 2026 Patch Tuesday addresses a record 169 security vulnerabilities including a SharePoint zero-day actively exploited in the wild, 8...
Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities that allow attackers to gain SYSTEM or elevated...
A weekly roundup of notable cybersecurity stories: Iran-linked hackers wipe 200,000 Stryker devices, the BlueHammer Windows zero-day PoC goes public,...
Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...
A security researcher operating under the aliases 'Chaotic Eclipse' and 'Nightmare-Eclipse' has publicly released exploit code for an unpatched Windows...
Pro-Ukrainian hacktivist group Bearlyfy has conducted over 70 cyberattacks against Russian companies since January 2025, recently deploying a custom...
The command auto-approval module in Axon Code contains an OS Command Injection vulnerability. An incompatible Unix-based shell-quote parser is used on...
Microsoft has published a multi-step recovery procedure for Samsung Galaxy Book 4 laptops running Windows 11 24H2/25H2 where the Samsung Galaxy Connect...
Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area, reversing a bundling...
Microsoft has pushed an out-of-band hotpatch (KB5084597) to Windows 11 Enterprise devices to address three integer-overflow RCE flaws in RRAS, one rated...
An actively exploited protection mechanism failure in the Windows MSHTML (Trident) engine allows attackers to bypass browser security zones and shell...
Microsoft's February 2026 Patch Tuesday addresses roughly 60 vulnerabilities including six actively exploited zero-days across Windows, Office, and Azure...
Microsoft's February 2026 Patch Tuesday addresses 60 vulnerabilities including 6 actively exploited zero-days and 3 publicly disclosed issues, with...
Actively exploited zero-day in Windows RDS allows authenticated attackers with low privileges to escalate to SYSTEM. Public exploit code available....
Actively exploited Windows Shell vulnerability bypasses SmartScreen protection, allowing malicious files to execute without security warnings. Patch...
Comprehensive checklist for hardening Linux and Windows servers before production deployment. Covers OS configuration, network security, access controls,...
Build interactive IT service management dashboards using PowerShell Universal. Create real-time client portals, automated ticketing views, and...
Deploy Docker Engine natively on Windows without Docker Desktop. Covers installation, Windows container mode, lifecycle management, and troubleshooting.
Configure Windows Autopilot for zero-touch device deployment. Covers hardware hash import, deployment profiles, ESP configuration, and user-driven enrollment.
Automate Windows security baseline checks using PowerShell. Validate configurations against CIS benchmarks for password policies, audit settings, and...
Learn to analyze Windows Security Event Logs to detect brute force attacks, lateral movement, privilege escalation, and other security threats using PowerShell.
Microsoft's first security update of 2026 addresses 114 vulnerabilities including three zero-days. One flaw is actively exploited in the wild with CISA...