zero-day vulnerabilities Archives

Winsage

May 16, 2026

Windows 11 and Microsoft Edge Hacked at Pwn2Own Berlin 2026

On May 14, Pwn2Own Berlin 2026 began, where researchers earned ,000 for 24 unique zero-day vulnerabilities. Cheng-Da Tsai, also known as Orange Tsai, achieved a significant Edge sandbox escape, earning ,000, and later exploited Microsoft Exchange for remote code execution, earning an additional ,000. Tsai accumulated 17.5 Master of Pwn points, contributing to DEVCORE's lead with ,000 in total earnings. Other researchers, including Angelboy and TwinkleStar03, earned ,000 for an Improper Access Control vulnerability, while Marcin Wiązowski and Kentaro Kawane also contributed successful exploits. By the end of Day One, DEVCORE led with ,000, and the event featured a prize pool exceeding ,000,000 across 31 targets. As of Day Two, a total of ,750 had been awarded for 39 unique vulnerabilities, with DEVCORE leading at 40.5 points and ,000 in earnings.

Winsage

May 14, 2026

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the inaugural day of Pwn2Own Berlin 2026, a total of ,000 was awarded to security researchers for exploiting 24 unique zero-day vulnerabilities. Orange Tsai earned ,000 for chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was targeted by Angelboy, TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane, each earning ,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti earned ,000 for rooting Red Hat Linux for Workstations and an additional ,000 for a zero-day in the NVIDIA Container Toolkit. Other notable exploits included k3vg3n earning ,000 for taking down LiteLLM, Satoki Tsuji and haehae earning ,000 for exploiting NVIDIA Megatron Bridge zero-days, Compass Security and maitai earning ,000 each for hacking OpenAI's Codex, haehae earning ,000 for a Chroma zero-day, and STARLabs SG earning ,000 for exploiting a LM Studio zero-day. The DEVCORE Research Team leads the competition with ,000 in earnings, followed by Valentina Palmiotti with ,000. The contest is held at the OffensiveCon conference from May 14 to May 16, with over ,000,000 in cash and prizes available. Participants must target fully patched products and demonstrate arbitrary code execution. Vendors have a 90-day window to release security fixes after zero-day flaws are disclosed. Last year, the TrendMicro Zero Day Initiative awarded ,078,750 for 29 zero-day vulnerabilities.

Winsage

May 14, 2026

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher disclosed two new zero-day vulnerabilities affecting Microsoft systems: YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that operates as a backdoor within the Windows Recovery Environment, impacting Windows 11 and Windows Server 2022/2025. Exploiting YellowKey involves copying specially crafted files to a USB drive, connecting it to a Windows computer, and rebooting into WinRE. The researcher expressed skepticism about Microsoft's response time to this vulnerability, noting that using TPM+PIN does not mitigate the risk. GreenPlasma is a privilege escalation vulnerability that allows an unprivileged user to obtain a shell with SYSTEM permissions through arbitrary section creation in Windows CTFMON. The proof-of-concept for this exploit is incomplete but indicates potential manipulation of trusted privileged services or drivers. Additionally, a related attack against BitLocker was detailed by French cybersecurity firm Intrinsec, which exploits a boot manager downgrade using CVE-2025-48804 to bypass encryption protections on fully patched Windows 11 systems. This method allows attackers to boot from a controlled WIM while the boot manager checks the legitimate one, executing with the decrypted BitLocker volume. Despite Microsoft releasing fixes for this defect in July 2025, a flaw in Secure Boot verification allows a vulnerable boot manager to bypass BitLocker safeguards. To mitigate these risks, enabling a BitLocker PIN at startup and migrating to a new boot manager certificate is recommended.

Winsage

May 13, 2026

Disgruntled researcher releases two more Microsoft zero-days

An anonymous researcher known as Nightmare-Eclipse has revealed two new vulnerabilities affecting Windows systems, named YellowKey and GreenPlasma, shortly after Microsoft's latest Patch Tuesday update. YellowKey is a "BitLocker bypass" that allows attackers with physical access to gain unrestricted shell access to protected machines. Experts have expressed concerns about YellowKey's potential to transform laptop theft into a serious breach notification scenario, and suggested mitigations such as implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse has also hinted that YellowKey could function as a backdoor allegedly introduced by Microsoft, although this claim remains unsubstantiated. GreenPlasma is a privilege escalation flaw for which partial exploit code has been released, but it currently triggers a User Account Control (UAC) consent prompt, requiring attackers to invest time in weaponizing it. There is no known mitigation for GreenPlasma, making it crucial for organizations to patch their systems promptly once Microsoft addresses the issue. Nightmare-Eclipse has previously disclosed five zero-day vulnerabilities this year, including BlueHammer, and has characterized their actions as a response to a perceived violation of trust. The researcher has indicated the existence of a "dead man's switch," suggesting that more disclosures could follow if their demands are not met.

Tech Optimizer

May 4, 2026

Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities

Cybersecurity researchers at Wiz’s ZeroDay.Cloud event in London exploited two significant vulnerabilities in PostgreSQL, tracked as CVE-2026-2005 and CVE-2026-2006, which were disclosed on May 4, 2026. The vulnerabilities were found in the pgcrypto extension, affecting public-key decryption and symmetric decryption functions. CVE-2026-2005 allows privilege escalation via a buffer overflow during public-key decryption, while CVE-2026-2006 enables attackers to corrupt memory through inadequate checks in symmetric decryption. PostgreSQL has released patches for these vulnerabilities across versions 14.21 to 18.2, and MariaDB addressed a related issue in versions 11.4.10 and 11.8.6. Database administrators are advised to apply updates and audit logs for suspicious activity.

Winsage

April 19, 2026

Windows Defender Security Flaws Actively Exploited by Hackers

Three vulnerabilities in Microsoft Defender, known as BlueHammer (CVE-2026-33825), RedSun, and UnDefend, are being actively exploited by hackers. BlueHammer has been patched, while RedSun and UnDefend remain unpatched. The public release of exploit code has accelerated real-world attacks, affecting Windows 10, Windows 11, and Windows Server systems. Attackers have begun exploiting these vulnerabilities, leading to concerns about privilege escalation, disruption of security updates, and the rapid spread of attacks.

Winsage

April 9, 2026

BlueHammer: Windows zero-day exploit leaked

A proof-of-concept (PoC) exploit called BlueHammer has been released on GitHub, targeting an unpatched local privilege escalation vulnerability in Windows. The exploit, attributed to users Chaotic Eclipse and Nightmare Eclipse, has been modified by security researchers to work on updated versions of Windows 10, 11, and Windows Server. The exploit manipulates Microsoft Defender to create a Volume Shadow Copy, allowing access to sensitive registry files and enabling the extraction of NTLM password hashes. This facilitates the alteration of a local Administrator's password and subsequent login. The exploit can duplicate the Administrator's security token and create a malicious Windows Service that runs with SYSTEM privileges. While there are no reports of BlueHammer being exploited by malicious actors, researchers warn that such PoC code can be weaponized quickly. Microsoft has committed to investigating reported security issues related to this vulnerability.

Tech Optimizer

March 16, 2026

Avast One Basic Tops Free Malware Scanners in 2026 Amid Rising Cyber Threats

Avast One Basic has been recognized as the leading free malware scanner for PC protection in 2026, noted for its virus and spyware detection capabilities, Wi-Fi vulnerability scans, and seamless performance during resource-intensive tasks. It features automatic software updates and email spam protection. The tool conducts thorough system scans, manages app patches, and has a user-friendly interface. It outperforms competitors like Microsoft Defender in Wi-Fi analysis and has superior detection rates for emerging threats. Avast One Basic plays a crucial role in driving adoption for Gen Digital products, with high download numbers translating into premium subscriptions. It addresses rising cyber threats, including AI-powered attacks, and is compliant with stringent data standards in Europe. Future enhancements are planned to target zero-day attacks and integrate additional services.

Winsage

March 11, 2026

Microsoft releases Windows 10 KB5078885 extended security update

Microsoft has released the Windows 10 KB5078885 extended security update, which addresses vulnerabilities identified during the March 2026 Patch Tuesday. This update resolves two zero-day vulnerabilities and a critical issue preventing certain devices from shutting down properly. Users of Windows 10 Enterprise LTSC or those in the ESU program can install it via Settings under Windows Update. The update upgrades Windows 10 to build 19045.7058 and Windows 10 Enterprise LTSC 2021 to build 19044.7058. The update focuses on security enhancements and bug fixes, addressing a total of 79 vulnerabilities, including two actively exploited ones. Key fixes include: - A new warning dialog in Windows System Image Manager for confirming trusted catalog files. - Enhancements to File History for backing up files with specific Chinese and Private Use Area characters. - Stability improvements for specific GPU configurations. - Additional high-confidence device targeting data for Secure Boot certificates. - Adjustments to Chinese fonts for compliance with GB18030-2022A standards. - A fix for Secure Launch-capable PCs with Virtual Secure Mode unable to shut down or hibernate after a previous security update. - Resolution of an issue affecting folder renaming with desktop.ini files in File Explorer. The update also addresses a known issue preventing Windows 10 devices from shutting down or hibernating when System Guard Secure Launch is enabled. Microsoft is deploying new Secure Boot certificates to replace those expiring in June 2026, which are crucial for validating boot components and preventing security risks. There are currently no known issues associated with this update.

Winsage

February 16, 2026

Multiple Flaws Found in Microsoft Windows & Office — Could Let Hackers In

Microsoft has identified at least six zero-day vulnerabilities in Windows and Microsoft Office that were actively being exploited by hackers before patches were released. These vulnerabilities allow attackers to compromise systems with minimal user interaction, such as clicking on malicious links or opening compromised Office documents. Notable examples include a Windows Shell Security Bypass (CVE-2026-21510) and an Office File Exploit that can execute malicious code. The vulnerabilities pose serious risks, including active exploitation, remote code execution, and the potential for malware installation and credential theft. Microsoft has released security patches to address these vulnerabilities, and users are urged to install them immediately. The affected systems include all supported versions of Windows and Microsoft Office applications. Users are advised to install updates, be cautious with emails and links, enable security tools, and keep software up to date.