Microsoft Defender
-
Microsoft says AI chatbot recommendations were used to steer users to cryptojacking sites
Microsoft said it blocked a cryptojacking campaign that used AI chatbot recommendations and search poisoning to steer users to fake software downloads, with more than 150 malicious domains identified and ScreenConnect used to deploy miners.
-
Microsoft says two Defender flaws are under active exploitation
Microsoft said two Defender vulnerabilities, including one that could lead to SYSTEM privileges, are under active exploitation. CISA has added both flaws to its known exploited list and set a June 3 deadline for federal agencies.
-
Microsoft Defender wrongly flags DigiCert root certificates as malware
Microsoft Defender mistakenly flagged DigiCert root certificates as malware after an April 30 signature update, removing some from Windows trust stores. Microsoft says the false positives are fixed and no extra action is needed.
-
Researchers: Stealit malware uses Node.js single-executable feature to spread
Fortinet researchers said the Stealit malware campaign is abusing Node.js’ experimental Single Executable Application feature and, in some variants, Electron, to distribute stealers and a RAT via counterfeit installers on file‑sharing sites.
-
New Tool ‘Defendnot’ Manipulates Windows Security to Disable Microsoft Defender
The newly developed tool ‘Defendnot’ exploits a Windows Security API to disable Microsoft Defender by masquerading as a fake antivirus product, raising significant security concerns about system manipulations.
