vulnerability Archives

AppWizard

May 14, 2026

Meta faces court over Android tracking claims

Meta is facing a class action lawsuit for allegedly exploiting vulnerabilities in Android smartphones to track users' private information, linking browsing activity to Instagram and Facebook accounts. The lawsuit claims Meta unlawfully accessed and de-anonymized personal data of millions of Android users to enhance advertising profiling. A US District Court Judge ruled that most privacy-related claims in the lawsuit must proceed, stating that plaintiffs have plausibly alleged a significant intrusion upon their privacy. Meta is accused of exploiting an Android vulnerability to bypass security measures that isolate apps, allowing it to link browsing information to users' accounts. Although Meta has reportedly stopped using this tracking method, it successfully dismissed two claims related to unjust enrichment and the use of modified pixel code. Additionally, the lawsuit includes claims against Google for negligence, with one claim dismissed but another allowed to proceed. In response to regulatory pressures, Meta is introducing new features for parental supervision of teens on its platforms and plans to use AI to detect underage accounts.

Winsage

May 14, 2026

Microsoft MDASH finds Windows security flaws with AI | ETIH EdTech News

Microsoft has developed an AI security system called MDASH that has identified 16 vulnerabilities in Windows networking and authentication frameworks, with four classified as Critical, allowing for remote code execution. MDASH uses over 100 specialized AI agents to analyze code from multiple perspectives, improving the accuracy of vulnerability detection. The system has successfully detected all 21 planted vulnerabilities in a private testing environment without false positives, achieving a 96 percent recall rate against historical cases and an 88.45 percent success rate on the CyberGym benchmark. The identified vulnerabilities include issues in tcpip.sys and IKEEXT, which can be exploited remotely without needing credentials.

Winsage

May 13, 2026

Disgruntled researcher releases two more Microsoft zero-days

An anonymous researcher known as Nightmare-Eclipse has revealed two new vulnerabilities affecting Windows systems, named YellowKey and GreenPlasma, shortly after Microsoft's latest Patch Tuesday update. YellowKey is a "BitLocker bypass" that allows attackers with physical access to gain unrestricted shell access to protected machines. Experts have expressed concerns about YellowKey's potential to transform laptop theft into a serious breach notification scenario, and suggested mitigations such as implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse has also hinted that YellowKey could function as a backdoor allegedly introduced by Microsoft, although this claim remains unsubstantiated. GreenPlasma is a privilege escalation flaw for which partial exploit code has been released, but it currently triggers a User Account Control (UAC) consent prompt, requiring attackers to invest time in weaponizing it. There is no known mitigation for GreenPlasma, making it crucial for organizations to patch their systems promptly once Microsoft addresses the issue. Nightmare-Eclipse has previously disclosed five zero-day vulnerabilities this year, including BlueHammer, and has characterized their actions as a response to a perceived violation of trust. The researcher has indicated the existence of a "dead man's switch," suggesting that more disclosures could follow if their demands are not met.

Winsage

May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.

Winsage

May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.

Winsage

May 13, 2026

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Organizations using S/4HANA for critical functions should prioritize remediation efforts as SAP has confirmed there is no alternative workaround for existing vulnerabilities. They must implement specified correction instructions or support packages. Additionally, SAP has issued a HotNews note (#3733064) with a CVSS score of 9.6, indicating a high-severity vulnerability in SAP Commerce Cloud due to missing authentication checks. This vulnerability allows unauthenticated users to execute malicious actions, including configuration uploads and code injections, potentially leading to arbitrary server-side code execution. Organizations are advised to take immediate action to protect their systems.

Winsage

May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.

Winsage

May 13, 2026

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

Microsoft's May 2026 security update addresses 137 vulnerabilities, with 31 classified as critical. None of these critical vulnerabilities are currently being exploited in active attacks. Sixteen of the critical vulnerabilities involve remote code execution (RCE) issues in Microsoft products, including Microsoft Office, Microsoft Word, and Azure. Specific vulnerabilities include: - CVE-2026-32161: A use-after-free vulnerability in the Windows Native WiFi Miniport Driver. - CVE-2026-40358: A use-after-free vulnerability in Microsoft Office. - CVE-2026-41089: A stack-based buffer overflow in Windows Netlogon. Additional important vulnerabilities flagged include: - CVE-2026-33835: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. - CVE-2026-33837: Windows TCP/IP Local Elevation of Privilege Vulnerability. - CVE-2026-35416: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Talos is releasing a new Snort ruleset to detect attempts to exploit these vulnerabilities, and users are advised to update their Cisco Security Firewalls and acquire the latest rule pack via Snort.org.

Winsage

May 11, 2026

New GhostLock tool abuses Windows API to block file access

A security researcher has developed a proof-of-concept tool called GhostLock, which exploits a vulnerability in the Windows file API, specifically the 'CreateFileW' function. By manipulating the 'dwShareMode' parameter to grant exclusive access to files, GhostLock can prevent other users or applications from opening those files, resulting in a 'STATUSSHARINGVIOLATION' error. The tool automates the process of opening multiple files on SMB shares, causing access disruptions without requiring elevated privileges. This technique is intended as a disruption attack rather than a destructive one, similar to ransomware, and can serve as a diversion during intrusions. Detection of this attack relies on monitoring the open-file count with ShareAccess set to 0 at the file server layer. Dvash has provided resources for IT teams to enhance detection capabilities against this threat.

TrendTechie

May 11, 2026

Forza Horizon 6 слили на торрент-трекеры за неделю до официального релиза / Игры / iXBT Live

Forza Horizon 6 was leaked over a week before its official release due to a technical oversight by Playground Games, which involved the accidental upload of over 155 gigabytes of unencrypted game data to Steam. The leak allowed users on specialized forums to download, analyze, and launch the game, leading to the circulation of fully functional builds on piracy sites. However, those who ran the leaked version faced permanent hardware bans. The legitimate release date for Forza Horizon 6 is May 19, with the premium edition available on May 15, and it will also be offered on the Game Pass Ultimate subscription service.