zero-day flaws Archives

Winsage

June 1, 2026

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB) has warned about the exploitation of a critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, which allows remote code execution on domain controllers without prior access or authentication. This vulnerability, characterized as a stack-based buffer overflow, was patched by Microsoft during the May 2026 Patch Tuesday. The CCB emphasized the urgency of patching vulnerable servers, noting that the vulnerability is actively being exploited. The CVSS score for this vulnerability is 9.8. Further details on the ongoing attacks have not been disclosed, and Microsoft has not updated its advisory on the vulnerability.

Winsage

May 14, 2026

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the inaugural day of Pwn2Own Berlin 2026, a total of ,000 was awarded to security researchers for exploiting 24 unique zero-day vulnerabilities. Orange Tsai earned ,000 for chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was targeted by Angelboy, TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane, each earning ,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti earned ,000 for rooting Red Hat Linux for Workstations and an additional ,000 for a zero-day in the NVIDIA Container Toolkit. Other notable exploits included k3vg3n earning ,000 for taking down LiteLLM, Satoki Tsuji and haehae earning ,000 for exploiting NVIDIA Megatron Bridge zero-days, Compass Security and maitai earning ,000 each for hacking OpenAI's Codex, haehae earning ,000 for a Chroma zero-day, and STARLabs SG earning ,000 for exploiting a LM Studio zero-day. The DEVCORE Research Team leads the competition with ,000 in earnings, followed by Valentina Palmiotti with ,000. The contest is held at the OffensiveCon conference from May 14 to May 16, with over ,000,000 in cash and prizes available. Participants must target fully patched products and demonstrate arbitrary code execution. Vendors have a 90-day window to release security fixes after zero-day flaws are disclosed. Last year, the TrendMicro Zero Day Initiative awarded ,078,750 for 29 zero-day vulnerabilities.

Winsage

April 16, 2026

CISA flags Windows Task Host vulnerability as exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Windows Task Host, identified as CVE-2025-60710, which poses a risk of privilege escalation, potentially allowing attackers to gain SYSTEM privileges. This flaw affects devices running Windows 11 and Windows Server 2025 and arises from a weakness in link following. Microsoft released a patch for this issue in November 2025. CISA has added CVE-2025-60710 to its list of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. CISA encourages all organizations, including those in the private sector, to implement necessary patches and improve network security. CISA also advised organizations to follow vendor instructions for mitigations or discontinue use of the affected product if mitigations are unavailable.

Winsage

April 16, 2026

Microsoft’s latest Windows update now confirms if your PC is Secure Boot-protected

Microsoft has introduced a new feature in Windows 11 and Windows 10 that informs users about the status of Secure Boot as part of the April Patch Tuesday update. This feature includes a visual indicator that shows whether devices have the latest Secure Boot certificates, which protect against bootkit malware. The Secure Boot icon can display in green, yellow, or red, indicating different security statuses: green means secure with no actions needed, yellow indicates a pending safety recommendation, and red signals that immediate attention is required. Users can check their Secure Boot status through Settings in both operating systems. It is important to install the latest Windows updates to ensure devices have the most recent Secure Boot certificates, as older certificates will expire in June. The April updates also address 164 vulnerabilities, including eight classified as critical and two identified as zero-day flaws. Users are advised to prioritize these updates to maintain system security.

Winsage

April 15, 2026

Microsoft releases Windows 10 KB5082200 extended security update

Microsoft has released the Windows 10 KB5082200 extended security update, addressing vulnerabilities from the April 2026 Patch Tuesday, including two critical zero-day flaws. The update enhances security with new protections against phishing attacks using Remote Desktop Protocol (.rdp) files and provides updated indicators in Windows Security for new Secure Boot certificates. Users can install the update by checking for updates in the Windows Update settings. After installation, Windows 10 will upgrade to build 19045.7184, and Windows 10 Enterprise LTSC 2021 will transition to build 19044.7184. The update resolves a total of 167 vulnerabilities, including two significant zero-day issues, and includes fixes for signing into Microsoft apps, enhanced Remote Desktop security, dynamic Secure Boot status reporting, and issues affecting Intel-based devices with Connected Standby. Microsoft is also rolling out new Secure Boot certificates to replace older ones expiring in June 2026, with no known issues reported for this update.

Winsage

December 9, 2025

Microsoft releases Windows 10 KB5071546 extended security update

Microsoft has released the KB5071546 extended security update, addressing 57 security vulnerabilities, including three critical zero-day flaws. This update is intended for Windows 10 Enterprise LTSC users and those in the ESU program. Users can install it by navigating to Settings, selecting Windows Update, and performing a manual 'Check for Updates'. The update will automatically install and prompt for a restart. After installation, Windows 10 will be upgraded to build 19045.6691, and Windows 10 Enterprise LTSC 2021 will move to build 19044.6691. The update focuses on security enhancements and bug fixes, including a remote code execution vulnerability in PowerShell (CVE-2025-54100). PowerShell 5.1 will now issue a warning when using the "Invoke-WebRequest" command to alert users about potential script execution risks. Users are advised to use the -UseBasicParsing command line argument to prevent embedded scripts from executing. Microsoft has confirmed there are no known issues with this update.

AppWizard

September 6, 2025

AI Uncovers 100+ Zero-Day Vulnerabilities in Android Apps

A team of researchers has developed an automated system using AI to identify vulnerabilities in Android applications, successfully detecting over 100 zero-day flaws in production apps. This system automates traditional vulnerability detection tasks, utilizing machine learning to analyze app behaviors, permissions, and data flows. The AI's ability to uncover critical issues, such as insecure data storage and improper API implementations, highlights the limitations of current app security protocols. While the technology shows promise, it faces challenges such as the potential for imprecise bug reports and ethical considerations regarding vulnerability ownership and disclosure methods. Experts predict that automated systems like this will become integral to app development workflows by 2025, enhancing the security of mobile applications.

Winsage

March 18, 2025

Microsoft Just Uninstalled Copilot From Your PC

Microsoft's Patch Tuesday update addressed 57 security vulnerabilities, including seven critical zero-day flaws, and is recommended for all Windows users. Users who installed updates KB5053598 for Windows 11 or KB5053606 for Windows 10 may find that Copilot has been unpinned from the taskbar and uninstalled. Microsoft stated that this issue does not affect the Microsoft 365 Copilot app. The company is working on a new update to restore access to Copilot, but users can reinstall it from the Microsoft Store. Some users are looking for ways to disable Copilot, and tools are available for its removal.

Winsage

February 13, 2025

Don’t ignore Microsoft’s February Patch Tuesday – it’s a big one for all Windows 11 users

Microsoft's February Patch Tuesday updates, released on February 11, include KB5051987 for Windows 11 24H2 and KB5051989 for Windows 11 23H2. The updates introduce enhancements to the Taskbar and File Explorer, including improved previews and animations for Taskbar icons, a new icon in the System Tray for Windows Studio Effects, and a new simplified Chinese font named Simsun-ExtG. A feature allowing certain applications to automatically restart after signing back in has also been added. File Explorer now includes a "New Folder" command in the context menu and can restore previously open tabs at logon. The updates fix various bugs, including issues with Auto HDR in games, playback interruptions for USB audio devices, and problems with USB audio drivers. They also address issues from the January 2025 security update, such as USB camera recognition and slower shutdown processes with connected controllers. On the security side, the update resolves 56 vulnerabilities, three of which are critical. Notable vulnerabilities include CVE-2025-21391 (file deletion), CVE-2025-21418 (remote code execution), CVE-2025-21377 (authentication spoofing), and CVE-2025-21376 (malicious code execution). The updates are set to install automatically, but users can check for updates manually through Windows Update.

Winsage

February 11, 2025

Windows 11 update fixes two actively exploited vulnerabilities, among others.

The latest Windows 11 update, released on February 11, 2025, addresses two critical zero-day vulnerabilities that allow malicious actors to delete files and gain unrestricted system-level access. Users are encouraged to implement the update promptly for security. The update also introduces an improved taskbar preview feature for better multitasking and a new system tray icon for applications supporting Windows Studio Effects, particularly on devices with a neural processing unit.