AI Assistants Used as Covert Command-and-Control Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication
Microsoft
20 articles
Bypassing Administrator Protection by Abusing UI Access
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn’t exi...
ZDI-26-083: Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit...
ZDI-26-082: Microsoft Exchange InterceptorSmtpAgent Reliance on Untrusted Inputs Security Feature Bypass Vulnerability
This vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentication is not required to ex...
ZDI-26-081: Microsoft Windows win32kfull Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to...
Microsoft Fixes Six Zero Day Vulnerability in February Patch Tuesday
Six actively exploited zero-day bug have been patched by Microsoft
BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign
In November 2025, Elastic Security Labs observed an intrusion affecting a multinational organization based in Southeast Asia. During the analysis of this act...
[remote] Windows 10.0.17763.7009 - spoofing vulnerability
Windows 10.0.
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six...
Phorpiex Phishing Delivers Low-Noise Global Group Ransomware
High-volume phishing campaign delivers Phorpiex malware via malicious Windows Shortcut files
New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation
ZDI-26-068: Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an ...
ZDI-26-067: Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an ...
[remote] windows 10/11 - NTLM Hash Disclosure Spoofing
windows 10/11 - NTLM Hash Disclosure Spoofing
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says
Explore scaling options for AWS Directory Service for Microsoft Active Directory
You can use AWS Directory Service for Microsoft Active Directory as your primary Active Directory Forest for hosting your users’ identities. Your IT teams ca...
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR...
Microsoft Releases Patch for Office Zero Day Amid Evidence of Exploitation
Microsoft urged customers running Microsoft Office 2016 and 2019 to apply the patch to be protected
Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Cont...
Cyber Risks Among CEOs’ Top Worries Amid Weak Short Term Growth Outlook
PwC’s 29th Global CEO Survey shows cyber risk rising to the top of CEO concerns as confidence in short term business growth weakens