zero-day flaws

Winsage
June 10, 2026
Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.
Winsage
June 1, 2026
The Centre for Cybersecurity Belgium (CCB) has warned about the exploitation of a critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, which allows remote code execution on domain controllers without prior access or authentication. This vulnerability, characterized as a stack-based buffer overflow, was patched by Microsoft during the May 2026 Patch Tuesday. The CCB emphasized the urgency of patching vulnerable servers, noting that the vulnerability is actively being exploited. The CVSS score for this vulnerability is 9.8. Further details on the ongoing attacks have not been disclosed, and Microsoft has not updated its advisory on the vulnerability.
Winsage
May 14, 2026
On the inaugural day of Pwn2Own Berlin 2026, a total of ,000 was awarded to security researchers for exploiting 24 unique zero-day vulnerabilities. Orange Tsai earned ,000 for chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was targeted by Angelboy, TwinkleStar03, Marcin WiÄ…zowski, and Kentaro Kawane, each earning ,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti earned ,000 for rooting Red Hat Linux for Workstations and an additional ,000 for a zero-day in the NVIDIA Container Toolkit. Other notable exploits included k3vg3n earning ,000 for taking down LiteLLM, Satoki Tsuji and haehae earning ,000 for exploiting NVIDIA Megatron Bridge zero-days, Compass Security and maitai earning ,000 each for hacking OpenAI's Codex, haehae earning ,000 for a Chroma zero-day, and STARLabs SG earning ,000 for exploiting a LM Studio zero-day. The DEVCORE Research Team leads the competition with ,000 in earnings, followed by Valentina Palmiotti with ,000. The contest is held at the OffensiveCon conference from May 14 to May 16, with over ,000,000 in cash and prizes available. Participants must target fully patched products and demonstrate arbitrary code execution. Vendors have a 90-day window to release security fixes after zero-day flaws are disclosed. Last year, the TrendMicro Zero Day Initiative awarded ,078,750 for 29 zero-day vulnerabilities.
Winsage
April 16, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Windows Task Host, identified as CVE-2025-60710, which poses a risk of privilege escalation, potentially allowing attackers to gain SYSTEM privileges. This flaw affects devices running Windows 11 and Windows Server 2025 and arises from a weakness in link following. Microsoft released a patch for this issue in November 2025. CISA has added CVE-2025-60710 to its list of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. CISA encourages all organizations, including those in the private sector, to implement necessary patches and improve network security. CISA also advised organizations to follow vendor instructions for mitigations or discontinue use of the affected product if mitigations are unavailable.
Winsage
April 16, 2026
Microsoft has introduced a new feature in Windows 11 and Windows 10 that informs users about the status of Secure Boot as part of the April Patch Tuesday update. This feature includes a visual indicator that shows whether devices have the latest Secure Boot certificates, which protect against bootkit malware. The Secure Boot icon can display in green, yellow, or red, indicating different security statuses: green means secure with no actions needed, yellow indicates a pending safety recommendation, and red signals that immediate attention is required. Users can check their Secure Boot status through Settings in both operating systems. It is important to install the latest Windows updates to ensure devices have the most recent Secure Boot certificates, as older certificates will expire in June. The April updates also address 164 vulnerabilities, including eight classified as critical and two identified as zero-day flaws. Users are advised to prioritize these updates to maintain system security.
Winsage
December 9, 2025
Microsoft has released the KB5071546 extended security update, addressing 57 security vulnerabilities, including three critical zero-day flaws. This update is intended for Windows 10 Enterprise LTSC users and those in the ESU program. Users can install it by navigating to Settings, selecting Windows Update, and performing a manual 'Check for Updates'. The update will automatically install and prompt for a restart. After installation, Windows 10 will be upgraded to build 19045.6691, and Windows 10 Enterprise LTSC 2021 will move to build 19044.6691. The update focuses on security enhancements and bug fixes, including a remote code execution vulnerability in PowerShell (CVE-2025-54100). PowerShell 5.1 will now issue a warning when using the "Invoke-WebRequest" command to alert users about potential script execution risks. Users are advised to use the -UseBasicParsing command line argument to prevent embedded scripts from executing. Microsoft has confirmed there are no known issues with this update.
AppWizard
September 6, 2025
A team of researchers has developed an automated system using AI to identify vulnerabilities in Android applications, successfully detecting over 100 zero-day flaws in production apps. This system automates traditional vulnerability detection tasks, utilizing machine learning to analyze app behaviors, permissions, and data flows. The AI's ability to uncover critical issues, such as insecure data storage and improper API implementations, highlights the limitations of current app security protocols. While the technology shows promise, it faces challenges such as the potential for imprecise bug reports and ethical considerations regarding vulnerability ownership and disclosure methods. Experts predict that automated systems like this will become integral to app development workflows by 2025, enhancing the security of mobile applications.
Winsage
March 18, 2025
Microsoft's Patch Tuesday update addressed 57 security vulnerabilities, including seven critical zero-day flaws, and is recommended for all Windows users. Users who installed updates KB5053598 for Windows 11 or KB5053606 for Windows 10 may find that Copilot has been unpinned from the taskbar and uninstalled. Microsoft stated that this issue does not affect the Microsoft 365 Copilot app. The company is working on a new update to restore access to Copilot, but users can reinstall it from the Microsoft Store. Some users are looking for ways to disable Copilot, and tools are available for its removal.
Winsage
February 13, 2025
Microsoft's February Patch Tuesday updates, released on February 11, include KB5051987 for Windows 11 24H2 and KB5051989 for Windows 11 23H2. The updates introduce enhancements to the Taskbar and File Explorer, including improved previews and animations for Taskbar icons, a new icon in the System Tray for Windows Studio Effects, and a new simplified Chinese font named Simsun-ExtG. A feature allowing certain applications to automatically restart after signing back in has also been added. File Explorer now includes a "New Folder" command in the context menu and can restore previously open tabs at logon. The updates fix various bugs, including issues with Auto HDR in games, playback interruptions for USB audio devices, and problems with USB audio drivers. They also address issues from the January 2025 security update, such as USB camera recognition and slower shutdown processes with connected controllers. On the security side, the update resolves 56 vulnerabilities, three of which are critical. Notable vulnerabilities include CVE-2025-21391 (file deletion), CVE-2025-21418 (remote code execution), CVE-2025-21377 (authentication spoofing), and CVE-2025-21376 (malicious code execution). The updates are set to install automatically, but users can check for updates manually through Windows Update.
Search