Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services
Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass.…
Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware
ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. [...]
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. [...]
A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. [...]
Cybersecurity researchers have disclosed details of a new vulnerability impacting Google's Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target's device without their approval
Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware
Attackers Can Employ a Vulnerable Driver to Target Most Windows and Linux SystemsResearchers are warning Microsoft Windows as well as many Linux distribution users to install updates that revoke permissions for a vulnerable driver that attackers can use to target most systems, allowing them to bypass UEFI Secure Boot and install a bootkit to take full control of a system.
A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. [...]
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks
Microsoft Uncovered Flaw That Affects macOS System Integrity Protection FeatureApple patched a vulnerability that allows hackers to bypass a key security feature in macOS by through third-party kernel extensions. Microsoft researchers uncovered the flaw tracked as CVE-2024-44243. The flaw could enable hackers to install rootkits and create malware with privileged access.
Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions
Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft's multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim's account
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information