Skip to content
The Nexus
DossierENTITY

Microsoft Defender

Coverage of Microsoft Defender in the Nexus archive.

Earliest in view: Apr 9 · 17:26 UTCMost recent: Jun 30 · 08:53 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 30 · 08:53 UTCBLEEPING COMPUTER
    CISA: Windows BlueHammer flaw now exploited by ransomware gangs

    CISA confirmed that ransomware gangs are exploiting a Microsoft Defender privilege escalation vulnerability named BlueHammer, which was previously used in zero-day attacks. The flaw allows attackers to escalate privileges, potentially leading to system compromises.

  • SECURITYJun 26 · 15:59 UTCR/SCAMS
    Fake LinkedIn Job Interviews & "Werkbit.io" Malware Delivery

    A LinkedIn user encountered a scam involving a fake job interview for a 'TradeUpToWallStreet' strategy analyst position. The scammer, posing as recruiter 'Maya Ellison,' directed the user to download a malicious desktop application from 'werkbit.io,' which was flagged by Microsoft Defender as containing malware. The scam was promoted on LinkedIn, had over 100 applications, and included job postings for roles in Canada and the U.S.

  • SECURITYJun 10 · 05:22 UTCTHE HACKER NEWS
    Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

    A security researcher named Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability called RoguePlanet, which grants SYSTEM access on updated Windows systems. The exploit, a race condition with a reported 100% success rate, was published under the GitHub account MSNightmare.

  • SECURITYJun 9 · 23:11 UTCBLEEPING COMPUTER
    Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

    Microsoft Defender has a zero-day vulnerability named 'RoguePlanet' that allows attackers to gain SYSTEM privileges. The exploit highlights a critical security flaw in the software.

  • SECURITYJun 9 · 19:53 UTCCYBERSCOOP
    Microsoft breaks Patch Tuesday record with 206 vulnerabilities

    Microsoft released 206 vulnerabilities in its latest Patch Tuesday update, the largest monthly batch on record. Experts warn this reflects a growing trend of software flaws, with AI playing a role in discovery and patching. The update included three publicly known vulnerabilities and one actively exploited zero-day in Microsoft Defender.

  • SECURITYMay 21 · 10:55 UTCTHE HACKER NEWS
    Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

    Microsoft has disclosed two actively exploited vulnerabilities in Microsoft Defender, including a privilege escalation flaw (CVE-2026-41091) rated 7.8 on the CVSS scale that could allow attackers to gain SYSTEM privileges, and a denial-of-service vulnerability. These flaws are currently being exploited in the wild.

  • SECURITYMay 21 · 07:49 UTCBLEEPING COMPUTER
    Microsoft warns of new Defender zero-days exploited in attacks

    Microsoft has begun rolling out security patches for two Defender vulnerabilities that were actively exploited in zero-day attacks. The patches address critical security flaws in Microsoft Defender that attackers have been leveraging in real-world campaigns.

  • SECURITYMay 14 · 09:25 UTCTHE HACKER NEWS
    Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

    An anonymous cybersecurity researcher disclosed two zero-day vulnerabilities in Windows, including a BitLocker bypass and a privilege escalation impacting CTFMON. The vulnerabilities have been codenamed YellowKey and GreenPlasma. The researcher, who goes by the alias Chaotic Eclipse, previously disclosed three Microsoft Defender vulnerabilities.

  • SECURITYMay 3 · 18:11 UTCBLEEPING COMPUTER
    Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

    Microsoft Defender is incorrectly identifying legitimate DigiCert root certificates as malware, specifically flagging them as Trojan:Win32/Cerdigent.A!dha. This has caused widespread false-positive alerts and, in some cases, the removal of certificates from Windows systems.

  • SECURITYApr 23 · 11:05 UTCBLEEPING COMPUTER
    CISA orders feds to patch BlueHammer flaw exploited as zero-day

    CISA has directed U.S. federal agencies to address a critical privilege escalation vulnerability in Microsoft Defender, known as BlueHammer, which is currently being exploited in zero-day attacks. The flaw allows attackers to escalate privileges, posing a significant security risk.

  • SECURITYApr 17 · 13:21 UTCTHE HACKER NEWS
    Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

    Huntress warns that three zero-day vulnerabilities in Microsoft Defender—BlueHammer, RedSun, and UnDefend—are being actively exploited by threat actors to gain elevated system privileges. Two of these vulnerabilities remain unpatched, posing ongoing security risks.

  • SECURITYApr 16 · 20:19 UTCBLEEPING COMPUTER
    New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

    A researcher named 'Chaotic Eclipse' has released a proof-of-concept exploit for a Microsoft Defender zero-day vulnerability called 'RedSun,' which grants SYSTEM privileges. The exploit was published as a protest against Microsoft's handling of cybersecurity researchers.

  • SECURITYApr 16 · 13:05 UTCTHE HACKER NEWS
    ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

    The ThreatsDay Bulletin highlights multiple cybersecurity threats, including a Microsoft Defender 0-Day vulnerability, a SonicWall brute-force attack, and a 17-year-old Excel remote code execution (RCE) flaw. The article emphasizes the persistence of ancient vulnerabilities, supply chain risks, and creative hacking tactics.

  • SECURITYApr 9 · 17:26 UTCTHE HACKER NEWS
    EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

    A security vulnerability in the EngageLab SDK, used by Android apps, allowed unauthorized access to private data by bypassing Android's security sandbox. The flaw affected 50 million Android users, including 30 million cryptocurrency wallet installations, but has since been patched.

Microsoft Defender · Dossier · The Nexus