News

Huntress has issued a warning about three security vulnerabilities in Microsoft Defender that are currently being exploited by cybercriminals. These flaws, identified as BlueHammer, RedSun, and UnDefend, allow attackers to elevate their privileges on compromised systems. The vulnerabilities were disclosed as zero-days by a researcher named Chaotic Eclipse, meaning that they had not been patched at the time of warning, raising concerns about the potential for further exploitation. It is important for users to ensure their systems are updated and fortified against such threats to protect their data and security. Source: [publication name].

The National Institute of Standards and Technology (NIST) has revised its Common Vulnerabilities and Exposures (CVE) framework to better prioritize high-impact software vulnerabilities. This new approach aims to enhance the process of identifying and addressing critical security flaws in software. By focusing on the most significant vulnerabilities, NIST intends to streamline vulnerability remediation efforts, ensuring that resources are allocated effectively to mitigate risks. This update reflects a commitment to improving cybersecurity practices and protecting users from potential threats. The changes are expected to support software developers and organizations in enhancing their security measures. Source: [publication name].

A North Korean hacking group, known as Sapphire Sleet, is reportedly using a strategy called ClickFix to target macOS users. They issue fraudulent job offers and fake Zoom software updates as a way to deliver malware that harvests personal information and login credentials from affected devices. This campaign illustrates the ongoing threat posed by cyber attackers to steal sensitive data, highlighting the importance for users to remain vigilant against suspicious links and offers. Individuals are advised to verify the authenticity of job proposals and software updates before engaging with them. Maintaining up-to-date security practices is crucial to protect personal information from such malicious attacks. Source: CyberSathi.in.

Microsoft has announced that the original Secure Boot certificate for Windows is nearing its expiration date. This certificate is crucial for maintaining the security of devices running Windows operating systems. As a part of a significant security maintenance initiative, users are urged to update their PCs promptly to ensure continued protection. The updates will help in sustaining the integrity of system boot processes and mitigating potential vulnerabilities. Keeping devices up to date is essential for safeguarding against cyber threats. Users should check for available updates to avoid issues arising from the expiration of the certificate.

Artificial intelligence models are now capable of discovering software vulnerabilities and generating exploits faster than traditional methods, creating significant security risks for enterprises. While AI integration into development will eventually strengthen code, the transition period presents a critical vulnerability window that attackers will exploit. Organizations face dual challenges: rapidly hardening existing software and defending systems still containing unpatched vulnerabilities. Security experts recommend enterprises strengthen incident response plans, reduce system exposure, and integrate AI-driven security tools into their defensive strategies. As threat actors leverage AI capabilities to identify zero-day vulnerabilities, companies must act urgently to modernize their cybersecurity approaches before malicious actors weaponize these powerful tools at scale. Source: Wiz Security Blog.

Microsoft has released updates that address 167 security vulnerabilities in its Windows operating systems and related software. Among these issues is a zero-day vulnerability in SharePoint Server and a weakness in Windows Defender known as 'BlueHammer.' Additionally, Google Chrome has fixed its fourth zero-day vulnerability of 2026, while Adobe Reader has issued an emergency update to resolve a flaw that could allow remote code execution. These updates highlight the importance of keeping software updated to protect against potential exploits. Users are advised to apply these updates promptly to enhance their cybersecurity. Source: CyberSathi.in.

A new malware called 'CanisterWorm' has emerged, targeting systems in Iran for data destruction. This worm is spread through insecure cloud services and specifically aims at computers set to Iranian time zones or using Farsi as the default language. The group behind this attack seems to be motivated by financial gain and appears to be trying to capitalize on the current tensions in Iran. Organizations and users in affected regions are advised to enhance their security measures to protect against such threats. Regular data backups and system updates are recommended to mitigate potential damage. Source: [publication name].

The U.S. Justice Department, alongside Canadian and German authorities, has successfully dismantled the infrastructure of four significant botnets that had compromised over three million Internet of Things (IoT) devices, including routers and web cameras. The botnets, named Aisuru, Kimwolf, JackSkid, and Mossad, were responsible for a series of powerful distributed denial-of-service (DDoS) attacks that could incapacitate a wide range of targets. This operation marks a significant effort to enhance cybersecurity and mitigate the risks associated with such large-scale attacks. Internet users are urged to secure their IoT devices to prevent future compromises. Source: [publication name].

An Iranian-linked hacktivist group has announced it carried out a wiper attack on Stryker, a prominent medical technology company headquartered in Michigan. Reports indicate that Stryker’s largest facility outside the U.S., located in Ireland, has temporarily sent its workforce of over 5,000 employees home due to the incident. Additionally, an automated message at the company’s U.S. headquarters alerts that they are facing an emergency situation in the building. These developments highlight growing concerns over the vulnerability of critical infrastructure to cyberattacks. Authorities are likely to investigate the extent of the breach and ensure that measures are put in place to safeguard sensitive information. Source: [publication name].

Microsoft has released its March 2026 security updates, addressing 77 vulnerabilities across its Windows operating systems and additional software applications. Unlike previous months, there are no critical 'zero-day' vulnerabilities reported this time. However, organizations using Windows should prioritize some of these patches due to potential risks. It's important for users and IT administrators to stay informed about the updates to ensure their systems remain secure against possible cyber threats. Regular application of patches can help maintain the safety of user data and enhance overall cybersecurity posture. Source: CyberSathi.in.

Artificial Intelligence-based assistants are becoming increasingly popular among developers and IT professionals. These autonomous programs can access a user's computer, files, and online services to automate various tasks. However, their rapid adoption is raising new security concerns for organizations. The use of these tools is reshaping security priorities and creating challenges in distinguishing between trusted colleagues and potential insider threats. This blurring of roles is further complicated by the varying levels of expertise among users, from advanced hackers to beginners. As AI becomes more integrated into workplace processes, it is crucial for organizations to address these emerging risks. Source: [publication name].

A technical analysis reveals significant inaccuracies in Windows documentation for the GetProcessHandleFromHwnd API, which was exploited in a UAC bypass vulnerability via Quick Assist. The API's documented security properties don't match its actual implementation. Claims about UI Access requirements, Windows hook usage, and user-level restrictions were found to be incomplete or incorrect. The API was first introduced in Windows Vista through oleacc.dll. Historical code analysis shows the API has evolved significantly over the years, with the Win32k kernel implementation differing substantially from documented behavior. Understanding these discrepancies is crucial for identifying potential security vulnerabilities in Windows privilege escalation attacks.