Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
Analytics Insight

How Hackers Operate: The Tools Behind Real-World Cybersecurity Testing

Overview:Ethical hackers follow the seven-phase Penetration Testing Execution Standard (PTES), moving from intelligence ...
The Hacker News

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities ...
Dark Reading

Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

The zero-day "nightmare" apparently isn't over for Microsoft, as a disgruntled researcher who's been feuding with the company for the past three months has dropped yet another proof-of-concept (PoC) ...
The New York Times

Bill Gates Says Epstein Tried to Use His Extramarital Affairs Against Him

The billionaire philanthropist testified on Wednesday in a closed-door congressional hearing about the Justice Department’s investigation of Jeffrey Epstein. By Matthew Goldstein Bill Gates, the ...
SecurityWeek

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. A security researcher has released another zero-day exploit targeting Microsoft’s Windows ...
The Hacker News

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet.
Bleeping Computer

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

Update: Added statement from Microsoft to the end of this article. A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two ...
Developer Tech

Anthropic says AI can turn software patches into exploits within hours

Anthropic has published research showing that its Claude Mythos Preview model can turn public software patches into working exploits within hours. The company said the process has often required ...
GitHub

motioneye_auth_rce_cve_2025_60787.rb

This module exploits a template injection vulnerability in the MotionEye Frontend. MotionEye Frontend versions 0.43.1b4 and prior are vulnerable to OS Command Injection in configuration parameters ...
LinkedIn

Threat Modeling in DevSecOps. Finding Security Problems Before They Even Exist

Most of us have seen in many projects where security questions start only after development is almost finished. The application is ready, the business team is waiting, and the release date is already ...
GitHub

langflow_unauth_rce_cve_2025_3248.rb

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code ...