Windows Defender
Coverage of Windows Defender in the Nexus archive.
- Attackers Use AI to Automate EDR Evasion Testing
Attackers used AI to automate testing of malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. Python scripts were employed to evaluate evasion capabilities.
- Exploits Turn Windows Defender into Attacker Tool
Three proof-of-concept exploits are being actively used to turn Microsoft's Windows Defender into an attacker tool, with two remaining unpatched. This vulnerability in a built-in security platform poses a significant security risk.
- Hackers are abusing unpatched Windows security flaws to hack into organizations
A security researcher disclosed three vulnerabilities in Windows Defender along with exploit code. Hackers are now exploiting these flaws in real-world attacks, as reported by a cybersecurity firm.
- 'Harmless' Global Adware Transforms Into an AV Killer
A seemingly benign adware update called Dragon Boss, released in March 2025, established persistence through scheduled tasks and configured Windows Defender to exclude future payloads, effectively evading detection. The update's actions highlight a shift from harmless adware to a more dangerous threat capable of bypassing antivirus protections.
- BlueHammer abuses Windows Defender's update process to gain SYSTEM access
BlueHammer exploits a zero-day vulnerability in Windows Defender's update process to gain SYSTEM access. The article details the attack method and its implications for cybersecurity.