Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day
Another day, another Windows exploit code
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Another day, another Windows exploit code
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai
Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks
A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024. [...]
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. [...]
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. [...]
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. [...]
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. [...]
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders
The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections.
Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.
The Chinese state-sponsored group known as UNC3886 has been found to exploit a zero-day flaw in VMware ESXi hosts to backdoor Windows and Linux systems
Microsoft fixed a security vulnerability this week that could be used by remote attackers to bypass recent patches for a critical Outlook zero-day security flaw abused in the wild. [...]
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.
It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.