Microsoft Defender
Coverage of Microsoft Defender in the Nexus archive.
- CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA confirmed that ransomware gangs are exploiting a Microsoft Defender privilege escalation vulnerability named BlueHammer, which was previously used in zero-day attacks. The flaw allows attackers to escalate privileges, potentially leading to system compromises.
- Fake LinkedIn Job Interviews & "Werkbit.io" Malware Delivery
A LinkedIn user encountered a scam involving a fake job interview for a 'TradeUpToWallStreet' strategy analyst position. The scammer, posing as recruiter 'Maya Ellison,' directed the user to download a malicious desktop application from 'werkbit.io,' which was flagged by Microsoft Defender as containing malware. The scam was promoted on LinkedIn, had over 100 applications, and included job postings for roles in Canada and the U.S.
- Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
A security researcher named Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability called RoguePlanet, which grants SYSTEM access on updated Windows systems. The exploit, a race condition with a reported 100% success rate, was published under the GitHub account MSNightmare.
- Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
Microsoft Defender has a zero-day vulnerability named 'RoguePlanet' that allows attackers to gain SYSTEM privileges. The exploit highlights a critical security flaw in the software.
- Microsoft breaks Patch Tuesday record with 206 vulnerabilities
Microsoft released 206 vulnerabilities in its latest Patch Tuesday update, the largest monthly batch on record. Experts warn this reflects a growing trend of software flaws, with AI playing a role in discovery and patching. The update included three publicly known vulnerabilities and one actively exploited zero-day in Microsoft Defender.
- Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed two actively exploited vulnerabilities in Microsoft Defender, including a privilege escalation flaw (CVE-2026-41091) rated 7.8 on the CVSS scale that could allow attackers to gain SYSTEM privileges, and a denial-of-service vulnerability. These flaws are currently being exploited in the wild.
- Microsoft warns of new Defender zero-days exploited in attacks
Microsoft has begun rolling out security patches for two Defender vulnerabilities that were actively exploited in zero-day attacks. The patches address critical security flaws in Microsoft Defender that attackers have been leveraging in real-world campaigns.
- Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher disclosed two zero-day vulnerabilities in Windows, including a BitLocker bypass and a privilege escalation impacting CTFMON. The vulnerabilities have been codenamed YellowKey and GreenPlasma. The researcher, who goes by the alias Chaotic Eclipse, previously disclosed three Microsoft Defender vulnerabilities.
- Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Microsoft Defender is incorrectly identifying legitimate DigiCert root certificates as malware, specifically flagging them as Trojan:Win32/Cerdigent.A!dha. This has caused widespread false-positive alerts and, in some cases, the removal of certificates from Windows systems.
- CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has directed U.S. federal agencies to address a critical privilege escalation vulnerability in Microsoft Defender, known as BlueHammer, which is currently being exploited in zero-day attacks. The flaw allows attackers to escalate privileges, posing a significant security risk.
- Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress warns that three zero-day vulnerabilities in Microsoft Defender—BlueHammer, RedSun, and UnDefend—are being actively exploited by threat actors to gain elevated system privileges. Two of these vulnerabilities remain unpatched, posing ongoing security risks.
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher named 'Chaotic Eclipse' has released a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability called 'RedSun,' which grants SYSTEM privileges. The exploit was published as a protest against Microsoft's handling of cybersecurity researchers.
- ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
The ThreatsDay Bulletin highlights multiple cybersecurity threats, including a Microsoft Defender 0-Day vulnerability, a SonicWall brute-force attack, and a 17-year-old Excel remote code execution (RCE) flaw. The article emphasizes the persistence of ancient vulnerabilities, supply chain risks, and creative hacking tactics.
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
A security vulnerability in the EngageLab SDK, used by Android apps, allowed unauthorized access to private data by bypassing Android's security sandbox. The flaw affected 50 million Android users, including 30 million cryptocurrency wallet installations, but has since been patched.