News9Live on MSN

Windows Snipping Tool flaw exposed: PoC exploit leaks NTLM hashes silently

A critical Windows Snipping Tool vulnerability (CVE-2026-33829) allows attackers to steal Net-NTLM hashes through malicious ...

United States issues a warning about Microsoft Excel

A 2009 exploit of Microsoft Excel has returned, and companies in South Africa that have yet to update could lose control of ...

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft ...
CSO Online

Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook

Microsoft details a cross-tenant social engineering technique that tricks employees into granting remote access and enables ...

Microsoft’s Patch Tuesday release for April is a whopper

Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even ...

Rejected By Microsoft, 3 Defender Zero-Days Are Now Actively Exploited

The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques. Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond 🧵👇 ...

Hackers are abusing unpatched Windows security flaws to hack into organizations

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit ...

Researchers warn Microsoft Defender vulnerability is already being exploited

A security researcher known as Chaotic Eclipse recently disclosed a vulnerability dubbed "Red Sun" affecting Microsoft ...
Windows Report

RedSun Exploit Hits Microsoft Defender Zero-Day, Grants SYSTEM Access

RedSun exploit targets Microsoft Defender zero-day, granting SYSTEM access on fully patched Windows systems with no patch ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...

Is Anthropic's Mythos AI too powerful? Bankers and ministers get into a huddle and raise concerns - key points to know

Discover why global financial leaders are worried about Anthropic's powerful Mythos AI model, exploring its potential risks ...
The Hacker News

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Three Defender zero-days exploited since April 10, 2026, enabling privilege escalation and DoS, forcing isolation of affected ...