zero-day Archives

Tech Optimizer

April 18, 2026

Avast Antivirus: Free Protection Faces Premium Competition Pressure

Avast Antivirus offers a free version with features like real-time scanning, malware detection, a ransomware shield, and network security, appealing to budget-conscious users on multiple platforms. It has a lightweight design, regular updates, and community-driven threat intelligence. Gen Digital acquired Avast in 2022 and integrated it into its cybersecurity portfolio, focusing on transitioning users from free to premium services and emphasizing AI-driven threat detection. Avast faces competition from free alternatives like Windows Defender and premium solutions such as Bitdefender and Kaspersky, while regulatory scrutiny affects all providers. The demand for antivirus tools is driven by rising ransomware attacks and data breaches, with remote work increasing the need for endpoint protection. Risks for users include performance issues on older devices, false positives, data privacy concerns, and potential subscription traps. Future updates may incorporate more AI features, and partnerships with hardware manufacturers could expand Avast's market reach.

Winsage

April 18, 2026

‘They mopped the floor with me and pulled every childish game they could’: Disgruntled researcher releases second major Windows zero-day — claims Microsoft ‘would ruin my life, and they did’

A new zero-day vulnerability in Microsoft Defender has been disclosed by a researcher known as "Chaotic Eclipse," who has created a proof-of-concept exploit called "RedSun." This vulnerability allows local privilege escalation to SYSTEM level on Windows 10, Windows 11, and Windows Server when Microsoft Defender is active. The vulnerability has attracted attention from antivirus vendors, with some detecting it on VirusTotal due to an embedded EIRCAR in the executable. Chaotic Eclipse previously disclosed another vulnerability named BlueHammer, which also allowed local attackers to gain SYSTEM or elevated permissions. The researcher expressed dissatisfaction with Microsoft's vulnerability disclosure process, recounting negative interactions with the company. A Microsoft spokesperson stated the company's commitment to investigating security issues and supporting coordinated vulnerability disclosure.

Winsage

April 18, 2026

‘They mopped the floor with me and pulled every childish game they could’: Disgruntled researcher releases second major Windows zero-day — claims Microsoft ‘would ruin my life, and they did’

A researcher known as “Chaotic Eclipse” has revealed a new zero-day vulnerability in Microsoft Defender, called “RedSun,” which allows local privilege escalation to SYSTEM privileges on Windows 10, Windows 11, and Windows Server when Microsoft Defender is enabled. The exploit has been confirmed to function correctly, and some antivirus vendors have begun detecting it. This follows another vulnerability disclosure by the same researcher, named BlueHammer, which also allows local attackers to elevate permissions. Chaotic Eclipse expressed dissatisfaction with Microsoft’s handling of vulnerability disclosures, claiming they were threatened and experienced frustration with the company’s response. A Microsoft spokesperson stated the company is committed to investigating reported security issues and supports coordinated vulnerability disclosure.

Winsage

April 16, 2026

A zero-day BlueHammer Windows exploit was leaked by a researcher fed up with Microsoft’s Security Response Center — and the rushed fix isn’t perfect

On April 2, 2026, a security researcher named Chaotic Eclipse announced a zero-day Windows exploit called BlueHammer, which allows attackers to gain SYSTEM privileges. Will Dormann, a principal vulnerability analyst, confirmed the exploit's functionality. Chaotic Eclipse criticized the Microsoft Security Response Center (MSRC) for its perceived incompetence, suggesting that prior attempts to resolve the issue privately were ignored. Dormann indicated that budget cuts at Microsoft may have led to a decline in the quality of the MSRC. BlueHammer was neutralized in the Windows 11 CVE-2026-33825 update released on April 14, 2026, but some components may still exist.

Winsage

April 16, 2026

CISA flags Windows Task Host vulnerability as exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Windows Task Host, identified as CVE-2025-60710, which poses a risk of privilege escalation, potentially allowing attackers to gain SYSTEM privileges. This flaw affects devices running Windows 11 and Windows Server 2025 and arises from a weakness in link following. Microsoft released a patch for this issue in November 2025. CISA has added CVE-2025-60710 to its list of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. CISA encourages all organizations, including those in the private sector, to implement necessary patches and improve network security. CISA also advised organizations to follow vendor instructions for mitigations or discontinue use of the affected product if mitigations are unavailable.

Winsage

April 16, 2026

Microsoft’s latest Windows update now confirms if your PC is Secure Boot-protected

Microsoft has introduced a new feature in Windows 11 and Windows 10 that informs users about the status of Secure Boot as part of the April Patch Tuesday update. This feature includes a visual indicator that shows whether devices have the latest Secure Boot certificates, which protect against bootkit malware. The Secure Boot icon can display in green, yellow, or red, indicating different security statuses: green means secure with no actions needed, yellow indicates a pending safety recommendation, and red signals that immediate attention is required. Users can check their Secure Boot status through Settings in both operating systems. It is important to install the latest Windows updates to ensure devices have the most recent Secure Boot certificates, as older certificates will expire in June. The April updates also address 164 vulnerabilities, including eight classified as critical and two identified as zero-day flaws. Users are advised to prioritize these updates to maintain system security.

Winsage

April 15, 2026

Microsoft releases Windows 10 KB5082200 extended security update

Microsoft has released the Windows 10 KB5082200 extended security update, addressing vulnerabilities from the April 2026 Patch Tuesday, including two critical zero-day flaws. The update enhances security with new protections against phishing attacks using Remote Desktop Protocol (.rdp) files and provides updated indicators in Windows Security for new Secure Boot certificates. Users can install the update by checking for updates in the Windows Update settings. After installation, Windows 10 will upgrade to build 19045.7184, and Windows 10 Enterprise LTSC 2021 will transition to build 19044.7184. The update resolves a total of 167 vulnerabilities, including two significant zero-day issues, and includes fixes for signing into Microsoft apps, enhanced Remote Desktop security, dynamic Secure Boot status reporting, and issues affecting Intel-based devices with Connected Standby. Microsoft is also rolling out new Secure Boot certificates to replace older ones expiring in June 2026, with no known issues reported for this update.

Tech Optimizer

April 15, 2026

Avast Antivirus: Free Protection Faces Rising AI Threats in Cybersecurity Market

Avast Antivirus offers a robust free version with premium features, providing high-quality protection against cyber threats, including viruses, spyware, and ransomware. Key features include Smart Scan, Password Manager, and Network Inspector, which help users identify vulnerabilities and safeguard their data. Avast has a global user base of over 435 million and is particularly relevant in the U.S., where data breaches affect millions annually. The company operates under Gen Digital, which acquired Avast in 2022, leveraging a freemium model to attract users and upsell advanced features. Avast focuses on AI-driven threat detection and maintains a strong market position against competitors like Norton and McAfee. The global cybersecurity market has surpassed 0 billion, driven by increasing threats, and Avast counters these with machine learning capabilities. Risks for Avast include zero-day exploits, privacy concerns, and competition from built-in OS protections. Avast's cloud-based updates and multilingual support enhance its appeal, while its integration with smart home devices is planned for the future.

Winsage

April 14, 2026

Microsoft’s April Windows update fixes 165 flaws, one exploited zero-day

Microsoft has released its April 2026 Patch Tuesday updates for Windows 11, addressing a total of 165 vulnerabilities, including one zero-day exploit that has been actively targeted by malicious actors. The update aims to enhance security and improve overall system performance. Users are encouraged to promptly install the updates to mitigate risks associated with these vulnerabilities.

Winsage

April 10, 2026

Windows Zero-Day Published on Github as Microsoft Fails to Act

A security researcher named Chaotic Eclipse published a working exploit for a Windows zero-day vulnerability, called BlueHammer, on GitHub on April 2. The exploit allows attackers to gain SYSTEM-level privileges by exploiting a race condition in Windows Defender’s signature update mechanism. The exploit has gained significant attention, with over 100 forks and nearly 300 stars on GitHub. Will Dormann, a principal vulnerability analyst, confirmed that while BlueHammer is functional, it may not always operate reliably. Microsoft has not issued a patch for this vulnerability. The exploit targets the Windows Defender signature update process, allowing low-privilege attackers to manipulate a file path during operation, leading to access to the Security Account Manager (SAM) database. Currently, only 8 out of 72 cybersecurity vendors on VirusTotal flag the exploit file as malicious, which raises concerns about detection coverage. Microsoft reiterated its commitment to coordinated vulnerability disclosure but did not address the communication issues regarding the BlueHammer report.