Windows
-
Unpatched Windows Search URI flaw could leak NTLMv2 hashes
Researchers said an unpatched Windows search: URI flaw could leak NTLMv2 hashes through a crafted link. Microsoft did not fix the issue after disclosure in April 2026, and the report advised SMB and NTLM mitigations.
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
-
Windows MiniPlasma zero-day proof of concept gives attackers SYSTEM access
A researcher has released a proof-of-concept Windows exploit called MiniPlasma that can elevate a standard account to SYSTEM on fully patched systems, according to tests on current Windows 11 builds and the disclosure.
-
Two new Windows zero-days expose BitLocker and CTFMON flaws
A technical disclosure says two new Windows zero-days can bypass BitLocker in recovery mode and may enable privilege escalation in CTFMON, adding to a recent run of Microsoft security issues.
-
Microsoft warns of exploited zero-click Windows flaw exposing sensitive data
Microsoft and CISA said attackers are exploiting CVE-2026-32202, a zero-click Windows flaw that can expose sensitive information. The issue stems from an incomplete fix for an earlier vulnerability linked to Russian espionage activity.
-
Researchers find Lotus Wiper targeting Venezuela’s energy and utilities sector
Researchers said a new wiper called Lotus Wiper hit Venezuela’s energy and utilities sector in late 2025 and early 2026, erasing recovery options and using Windows tools to destroy data across infected systems.
-
GIGABYTE Control Center flaw could allow remote file writes on Windows systems
GIGABYTE Control Center has a critical arbitrary file-write flaw that could allow remote unauthenticated attacks on Windows systems with pairing enabled. The vendor has released version 25.12.10.01 to address the issue.
-
Kaspersky flags expanding ‘Tsundere’ botnet that uses Ethereum to host C2 details
Kaspersky researchers have identified an expanding Windows-targeting botnet called Tsundere that deploys a Node.js-based payload via MSI or PowerShell, retrieves C2 details from the Ethereum blockchain and offers a control panel and marketplace for operators; attribution remains unclear.
-
Active exploitation reported for 7‑Zip ZIP symbolic link vulnerability
NHS England Digital warned that CVE-2025-11001, a 7‑Zip vulnerability affecting symbolic link handling and allowing remote code execution, is being actively exploited; 7‑Zip 25.00 released in July 2025 contains fixes and users are urged to update.
-
Researchers find 10 typosquatted npm packages delivering cross‑platform credential stealer
Researchers reported a set of 10 typosquatted npm packages, uploaded on July 4, 2025 and downloaded over 9,900 times, that deploy an obfuscated, multi-stage information stealer which harvests credentials from browsers and system keyrings on Windows, Linux and macOS.
