Geek-Guy.com

Tag: Windows

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)

CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon, the service and protocol that handles authentication and security within a Windows domain environment. The…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

Windows 11 Smart App Control explained

In the ever-evolving cybersecurity landscape, Microsoft has introduced various new features in Windows 11 designed to protect users from modern workplace threats. Among such features, Smart App Control (SAC) changes how Windows devices handle, and occasionally block, unwanted or potentially malicious applications. But what exactly is Smart App Control? How does it work, who benefits…

Read more →

AI, Exploits, Global Security News, Risk Management

Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.

A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerabilities in Windows components including Defender and BitLocker. No…

Read more →

AI, Apps, Global Security News

Microsoft’s new cloud PCs place AI agents under enterprise controls

Microsoft’s Windows 365 for Agents, a cloud PC platform for agentic workloads, runs AI agents in secure environments. Organizations can direct agents with natural language to interact with applications, browsers, files, and enterprise systems. The platform is available in public preview. A conceptual computer-using agent architecture. (Source: Microsoft) Users will be able to automate workflows…

Read more →

AI, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise

Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in attack chains rises. Now cyber defenders have another cause for flaw alarm: Vulnerability exploitation has significantly pulled away from stolen credentials as the most common entry point in security breaches, according…

Read more →

Exploits, Global Security News

Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated.…

Read more →

Global Security News

When Identity is the Attack Path

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have…

Read more →

AI, APAC, Cybersecurity, Endpoint, Global Security News, Risk Management

Microsoft May security patch fails for some due to boot partition size glitch

“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of patches it contained. This issue affects devices with limited free space…

Read more →

AI, APAC, Cybersecurity, Endpoint, Global Security News, Risk Management

Microsoft May security patch fails for some due to boot partition size glitch

“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of patches it contained. This issue affects devices with limited free space…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the…

Read more →

Global Security News

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver,

Read more →

AI, APAC, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft this week released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office.  The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for…

Read more →

AI, Exploits, Global Security News

Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections,…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files between May 6 and May 7, 2026. JDownloader is a free, open-source download management application designed…

Read more →

AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

CloudZ RAT Abuses Windows Phone Link to Steal OTPs

A malware campaign is exploiting a built-in Windows feature to intercept sensitive data — without ever touching the victim’s phone.  Cisco Talos researchers identified the CloudZ remote access trojan (RAT) using a custom plugin to monitor Microsoft’s Phone Link application and potentially capture SMS-based one-time passwords (OTPs). “MFA bypass is becoming a bigger and bigger…

Read more →

AI, Global Security News

Attackers compromised Daemon Tools software to deliver backdoors

Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is widely used by gamers, developers, and IT professionals. Since April 8, 2026, the official Daemon Tools download site (at Deamon-tools[.]cc) was serving signed, trojanized Windows installers. Once installed, these…

Read more →

AI, Global Security News

Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say

Researchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-42249 Ollama is an open-source tool for running large language models locally. It’s is used by those who don’t want their…

Read more →

AI, Cybersecurity, Global Security News, malware, Network Security

New Deep#Door RAT uses stealth and persistence to target Windows

Deep#Door hides a Python RAT inside a batch file, kills Windows defenses, survives via multiple persistence methods, and exfiltrates data through a public TCP tunnel. Security researchers at Securonix uncovered a sophisticated malware campaign called Deep#Door. Threat actors employed a stealthy Python-based backdoor that uses a surprisingly simple delivery method to achieve deep, persistent access…

Read more →

Exploits, Global Security News

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA and Microsoft have warned. About CVE-2026-32202 CVE-2026-32202 stems from an incomplete patch for CVE-2026-21510, a vulnerability that, in conjunction with CVE-2026-21513, has been exploited by APT28 (aka Fancy Bear) via weaponized LNK files that bypass…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-1708 (CVSS score of 8.4) ConnectWise ScreenConnect Path Traversal…

Read more →

AI, Apps, Compliance, Endpoint, Exploits, Global Security News, Network Security, privacy, Risk Management

Microsoft’s Patch Tuesday release for April is a whopper

Windows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle we can recall. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild.  The Readiness team is recommending “Patch Now” schedules…

Read more →

AI, Exploits, Global Security News

Another Microsoft Defender privilege escalation bug emerges days after patch

Days after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) exploit, dubbed “RedSun,” GitHub user going by the name “Nightmare Eclipse” demonstrated how Microsoft Defender’s handling of certain cloud-tagged…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management

Microsoft’s Windows Recall still allows silent data extraction

Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management

Microsoft’s Windows Recall still allows silent data extraction

Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…

Read more →

AI, Global Security News

Windows is getting stronger RDP file protections to fight phishing attacks

Microsoft has introduced new Windows protections starting with the April 2026 security update to reduce phishing attacks that abuse Remote Desktop (.rdp) files. With these updates, the Remote Desktop Connection app displays stronger warning dialogs before a connection is established, shows details about the remote system, and requires users to review any request to share…

Read more →

AI, Global Security News

Microsoft to cut Windows 365 price for SMBs

Microsoft will cut the price of Windows 365 subscriptions for small and mid-sized businesses by 20% next month, though analysts expect little impact on uptake of the Desktop-as-a-Service (DaaS) platform.  The price change for Windows 365 Business takes effect May 1, 2026 for new subscriptions; existing subscribers will receive updated pricing at renewal, Microsoft explained…

Read more →

AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams. “April’s threat landscape is defined by immediate, real-world exploitation rather…

Read more →

AI, Exploits, Global Security News, Network Security, Risk Management

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited…

Read more →

AI, Cybersecurity, Exploits, Global Security News, Risk Management

Experts published unpatched Windows zero-day BlueHammer

A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports. The researcher privately reported the vulnerability to Microsoft but criticized the way the Microsoft’s Security…

Read more →

AI, Endpoint, Global Security News, malware

Malware detectors trained on one dataset often stumble on another

Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving on enterprise endpoints looks different, comes from different sources, and in many cases has been deliberately obfuscated to evade detection. A study from researchers at the Polytechnic of Porto…

Read more →

AI, Cybersecurity, Global Security News

IPVanish Threat Protection Pro blocks malicious activity before they reach the user

IPVanish launched Threat Protection Pro, a new feature for Windows and macOS that is designed to provide always-on digital security. Threat Protection Pro is powered by cybersecurity technology from VIPRE, bringing over 25 years of threat intelligence and security expertise into the IPVanish app to deliver advanced, real-time protection against malicious websites, downloads, ads, and…

Read more →

AI, Global Security News

Google’s TurboQuant cuts AI memory use without losing accuracy

Large language models carry a persistent scaling problem. As context windows grow, the memory required to store key-value (KV) caches expands proportionally, consuming GPU memory and slowing inference. A team at Google Research has developed three compression algorithms: TurboQuant, PolarQuant, and Quantized Johnson-Lindenstrauss (QJL). All three are designed to compress those caches aggressively without degrading…

Read more →

AI, APAC, Apps, Global Security News

Microsoft maps Windows 11 quality overhaul after acknowledging gaps

Microsoft is planning a broad push to improve Windows 11. The development comes just months after the company publicly admitted that the operating system fell short on performance, following user criticism. Users have been experiencing inconsistencies, recurring bugs, and performance issues. The company has now outlined a clear roadmap to enhance performance and reliability. The…

Read more →

AI, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Microsoft Issues Hotpatch for Windows 11 RRAS RCE Bugs

Microsoft has issued an out-of-band security update to address several critical vulnerabilities in Windows 11 that could allow attackers to execute malicious code through the system’s remote access management tools.  The patch targets flaws in the Windows Routing and Remote Access Service (RRAS) and is being delivered as a hotpatch, allowing systems to receive the…

Read more →