Windows

Rustinel: Open-source endpoint detection for Windows and Linux

Rustinel: Open-source endpoint detection for Windows and Linux 2026-05-11 at 08:51 By Mirko Zorz Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a […]

Rustinel: Open-source endpoint detection for Windows and Linux Read More »

No Patch for New PhantomRPC Privilege Escalation Technique in Windows

No Patch for New PhantomRPC Privilege Escalation Technique in Windows 2026-04-28 at 15:09 By Ionut Arghire A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System. The post No Patch for New PhantomRPC Privilege Escalation Technique in Windows appeared first on SecurityWeek. This

No Patch for New PhantomRPC Privilege Escalation Technique in Windows Read More »

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Incomplete Windows Patch Opens Door to Zero-Click Attacks 2026-04-27 at 20:43 By Ionut Arghire The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries. The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Incomplete Windows Patch Opens Door to Zero-Click Attacks Read More »

Windows is getting stronger RDP file protections to fight phishing attacks

Windows is getting stronger RDP file protections to fight phishing attacks 2026-04-16 at 01:19 By Sinisa Markovic Microsoft has introduced new Windows protections starting with the April 2026 security update to reduce phishing attacks that abuse Remote Desktop (.rdp) files. With these updates, the Remote Desktop Connection app displays stronger warning dialogs before a connection

Windows is getting stronger RDP file protections to fight phishing attacks Read More »

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities 2026-04-14 at 12:00 By Ionut Arghire The security defects allow attackers to escalate privileges and execute arbitrary code remotely. The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities Read More »

Hackers hijacked CPUID downloads, served STX RAT to victims

Hackers hijacked CPUID downloads, served STX RAT to victims 2026-04-13 at 16:08 By Zeljka Zorz If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between

Hackers hijacked CPUID downloads, served STX RAT to victims Read More »

BlueHammer: Windows zero-day exploit leaked

BlueHammer: Windows zero-day exploit leaked 2026-04-08 at 23:29 By Zeljka Zorz A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse. Several security researchers have fixed the bugs in the exploit

BlueHammer: Windows zero-day exploit leaked Read More »

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches 2026-04-03 at 14:57 By Anamarija Pogorelec Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches Read More »

Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost

Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost 2026-03-31 at 16:05 By Anamarija Pogorelec Microsoft released Windows 11 Insider Preview Build 29558.1000 to the Canary Channel, part of the optional 29500 build series. The build carries a set of changes focused on the Windows Console, a

Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost Read More »

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited 2026-03-11 at 12:31 By Zeljka Zorz On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively exploited. Privilege escalation vulnerabilities abound The two publicly disclosed flaws are CVE-2026-21262, a

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited Read More »

Microsoft flips Windows Autopatch to default hotpatch security updates

Microsoft flips Windows Autopatch to default hotpatch security updates 2026-03-10 at 15:32 By Sinisa Markovic Microsoft is changing the default behavior in Windows Autopatch so that hotpatch security updates are enabled automatically for eligible devices managed through Microsoft Intune or the Microsoft Graph API starting with the May 2026 Windows security update. Windows Autopatch is

Microsoft flips Windows Autopatch to default hotpatch security updates Read More »

New Defender deployment tool streamlines Windows device onboarding with single executable

New Defender deployment tool streamlines Windows device onboarding with single executable 2026-03-03 at 14:06 By Anamarija Pogorelec Microsoft’s Defender deployment tool for Windows helps administrators manage device onboarding at scale with updated progress visibility and additional controls. Simplified deployment with added administrative controls The tool adapts to the operating system and supports endpoint security across

New Defender deployment tool streamlines Windows device onboarding with single executable Read More »

Microsoft taps ASUS and Dell for the Windows 365 Cloud PC strategy

Microsoft taps ASUS and Dell for the Windows 365 Cloud PC strategy 2026-02-27 at 13:34 By Sinisa Markovic Microsoft is adding two new Windows 365 Cloud PC devices, the ASUS NUC 16 for Windows 365 and the Dell Pro Desktop for Windows 365, expanding hardware options for its cloud-based desktop service. Both devices are scheduled

Microsoft taps ASUS and Dell for the Windows 365 Cloud PC strategy Read More »

Windows 365 for Agents brings managed cloud PCs to autonomous workflows

Windows 365 for Agents brings managed cloud PCs to autonomous workflows 2026-02-24 at 13:02 By Anamarija Pogorelec Microsoft’s Windows 365 for Agents is a cloud platform that gives AI agents secure access to cloud PCs. It lets builders run copilots, agents, and automated workflows in Windows environments without managing infrastructure. The platform includes security, policy

Windows 365 for Agents brings managed cloud PCs to autonomous workflows Read More »

Microsoft extends security patching for three Windows products at a price

Microsoft extends security patching for three Windows products at a price 2026-02-24 at 11:38 By Sinisa Markovic Support is ending for three Windows products released in 2016, with deadlines beginning in October 2026. Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will reach end of support on October 13, 2026, followed

Microsoft extends security patching for three Windows products at a price Read More »

Why a decade-old EnCase driver still works as an EDR killer

Why a decade-old EnCase driver still works as an EDR killer 2026-02-05 at 14:02 By Zeljka Zorz Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This

Why a decade-old EnCase driver still works as an EDR killer Read More »

Microsoft Moves Closer to Disabling NTLM

Microsoft Moves Closer to Disabling NTLM 2026-02-02 at 13:44 By Ionut Arghire The next major Windows Server and Windows releases will have the deprecated authentication protocol disabled by default. The post Microsoft Moves Closer to Disabling NTLM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Moves Closer to Disabling NTLM Read More »

Microsoft sets a path to switch off NTLM across Windows

Microsoft sets a path to switch off NTLM across Windows 2026-02-02 at 13:13 By Sinisa Markovic Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been part of Windows for decades and continues to appear in some environments, particularly where

Microsoft sets a path to switch off NTLM across Windows Read More »

Google disrupts proxy network used by 550+ threat groups

Google disrupts proxy network used by 550+ threat groups 2026-01-29 at 18:27 By Zeljka Zorz Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single seven day period in January 2026, GTIG observed over 550 individual threat groups

Google disrupts proxy network used by 550+ threat groups Read More »

Scroll to Top