Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public
Microsoft confirmed the RoguePlanet Defender zero-day (CVE-2026-50656), a privilege escalation flaw, and is developing a security patch. Microsoft has acknowledged the RoguePlanet zero-day affecting Microsoft Defender, tracked as CVE-2026-50656 (CVSS score of 7.8). The vulnerability allows privilege escalation through the Microsoft Malware Protection Engine. The company stated it is aware of the issue and is […]
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet
The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day. The flaw relies on a race condition that can provide attackers with […]
A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. [...]
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. [...]
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk
Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems. [...]
Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for 'Evil Twin' HackThis week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi "evil twin" crimes. The US FTC will send $15.3 million to Avast users. A London council said attackers stole data.
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States
Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden
Slovak cybersecurity company ESET says a newly patched zero-day vulnerability in the Windows Win32 Kernel Subsystem has been exploited in attacks since March 2023. [...]
A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza
Symantec suggests Black Basta crew beat Microsoft to the patch The Black Basta ransomware gang may have exploited a now-patched Windows privilege escalation bug as a zero-day, according to Symantec's threat hunters.…
Also: Hacker Sells Data Obtained Through Snowflake AttackThis week, Microsoft deprecated NTLM authentication, a hacker put apparently stolen Snowflake data up for sale, Ticketmaster confirmed its breach, Cisco patched Webex vulnerabilities, pro-Russian hacktivists claimed a DDoS attack in Spain and Kaspersky launched a free virus removal tool for Linux.
Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in AprilMicrosoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.
Two rounds of reports and patches may not have completely closed this hole BLACK HAT ASIA Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem.…
Also: Avast Agrees to $16.5 Million Civil Penalty to Settle Privacy InvestigationThis week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer