Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
SecurityWeek

No Exploits Required

RunZero’s Tod Beardsley explores why the architecture of modern networks creates security challenges that patches and CVEs ...
Linux Journal

The Growth of Vulnerability Management: The Rise of Agentic AI Pentesting

Autonomous Agents: Solutions like XBOW provide a more independent experience by allowing the AI to create its own logic or ...
Dark Reading

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

The zero-day "nightmare" apparently isn't over for Microsoft, as a disgruntled researcher who's been feuding with the company for the past three months has dropped yet another proof-of-concept (PoC) ...
SecurityWeek

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. A security researcher has released another zero-day exploit targeting Microsoft’s Windows ...
The Hacker News

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet.
Bleeping Computer

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

Update: Added statement from Microsoft to the end of this article. A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two ...
Developer Tech

Anthropic says AI can turn software patches into exploits within hours

Anthropic has published research showing that its Claude Mythos Preview model can turn public software patches into working exploits within hours. The company said the process has often required ...
Infosecurity-magazine.com

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark

Anthropic’s Claude Mythos outperformed OpenAI’s GPT5.5 on real‑world Google Chrome vulnerability exploits, a new benchmark designed to test the performance of frontier AI models to exploit real-world ...
CSOonline

HP Poly VoIP vulnerability sets the stage for executive voice deepfakes

The remote code execution flaw enables root access and voice attacks on HP Poly VoIP phones, including eavesdropping and the ability to collect audio to generate deepfakes. HP has released patches for ...
crypto

Gnosis Pay exploit tied to Zodiac delay module as users exit

Gnosis Pay users were urged to withdraw funds after an active exploit linked to the platform’s Zodiac delay module, according to posts from Gnosis co-founder Martin Köppelmann and blockchain security ...