Microsoft Fixes Two Publicly Disclosed Zero-Days
March Patch Tuesday sees Microsoft release updates for 79 flaws
Microsoft
20 articles
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software.
Patch Tuesday - March 2026
Microsoft is publishing 77 vulnerabilities this March 2026 Patch Tuesday. Microsoft is aware of public disclosure of two of today’s vulnerabilities, but with...
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. ...
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
Overview Rapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by a...
ZDI-26-185: Microsoft Windows GDI Bitmap Parsing Out-Of-Bound Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. Interaction with the GDI library...
ZDI-26-184: Microsoft Windows NDIS Driver Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
ZDI-26-183: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
ZDI-26-182: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
ZDI-26-181: Microsoft Windows win32full Improper Release Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
ZDI-26-180: Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
ZDI-26-179: Microsoft Windows win32kfull Improper Locking Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
ZDI-26-178: Microsoft Windows cdd Improper Locking Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
From the endpoint to the prompt: a unified data security vision in Cloudflare One
Cloudflare One unifies data security from endpoint to prompt: RDP clipboard controls, operation-mapped logs, on-device DLP, and Microsoft 365 Copilot scannin...
Patch diff to SYSTEM
Leveraging LLMs and patch diffing, this research details a Use-After-Free vulnerability in Windows DWM, demonstrating a reliable exploit that achieves escala...
SentinelOne Intelligence Brief: Iranian Cyber Activity Outlook
Iran-linked cyber activity may surge after strikes, targeting US and Israeli sectors; SentinelOne provides intel and urges vigilance.
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
January 2026 saw 23 actively exploited CVEs, including APT28’s Microsoft Office zero-day and critical auth bypass flaws impacting enterprise systems.
Remcos RAT Expands Real-Time Surveillance Capabilities
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows
Flaws in Popular Software Development App Extensions Allow Data Exfiltration
Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched
ZDI-26-117: RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first ...