microsoft

Your Antivirus Is Harvesting Passwords Now: BlueHammer Hits CISA KEV

John Z Black Apr 23, 2026

Vulnerabilities & Patching #microsoft #windows-defender #bluehammer #cve-2026-33825 #zero-day #cisa-kev #credential-theft #endpoint-security

The BlueHammer flaw has moved from a research curiosity to an active threat. This Windows Defender zero-day turns your security software into a password harvester by exploiting a race condition to steal credentials. CISA says patch now.

Antivirus as a Weapon: The Defender Trilogy No One Can Patch

John Z Black Apr 17, 2026

Vulnerabilities & Patching #windows-defender #zero-day #privilege-escalation #microsoft #vulnerability

A single researcher has spent April taking Windows Defender apart. The results are a set of three zero-days that turn your antivirus into a malware delivery system and then blind it so it can't see the damage.

165 CVEs in One Day. Two Zero-Days. One Kerberos Bug That Should Have Your Full Attention.

John Z Black Apr 14, 2026

Vulnerabilities & Patching #patch-tuesday #microsoft #cve #kerberos #cisa-kev #forticlient #zero-day

Microsoft dropped 165 CVEs today including two zero-days, a critical Kerberos credential relay vulnerability, and a FortiClient EMS flaw with a 48-hour CISA deadline. Here's how to prioritize.

Microsoft's Security Theater, Two Acts

John Z Black Apr 10, 2026

Policy, Law & Governance #microsoft #fedramp #gcc-high #wireguard #veracrypt #government-cloud #open-source-security #security-theater

FedRAMP reviewers called Microsoft's government cloud documentation 'a pile of shit' and authorized it anyway. Same week, Microsoft silently locked out the developers of WireGuard and VeraCrypt. Two stories, same company, same problem.

A Disgruntled Researcher Just Handed Every Attacker a Free Windows Privilege Escalation Exploit

John Z Black Apr 7, 2026

Vulnerabilities & Patching #windows #zero-day #privilege-escalation #bluehammer #exploit #microsoft #msrc

A frustrated researcher publicly released BlueHammer, a working Windows privilege escalation zero-day, after clashing with Microsoft's disclosure process.

AI-Written Phishing Emails Get Clicked 450% More Often. The Data Is In.

John Z Black Apr 6, 2026

AI Security #ai #phishing #microsoft #rsac-2026 #tycoon2fa #mfa-bypass #social-engineering

Microsoft telemetry shows AI-assisted phishing lures hit a 54% click-through rate versus 12% for traditional campaigns, a 450% increase that breaks conventional security awareness training.

CrowdStrike and Microsoft Are Sharing Data Now. Yes, Really.

John Z Black Apr 5, 2026

Security Operations & Resilience #crowdstrike #microsoft #defender #siem #partnership #falcon

CrowdStrike's Falcon SIEM can now ingest Microsoft Defender telemetry, and Formula 1 is somehow responsible.

LinkedIn's Been Scanning Your Chrome Extensions. All 6,000 of Them.

John Z Black Apr 4, 2026

Privacy & Digital Rights #linkedin #microsoft #browser-fingerprinting #chrome-extensions #gdpr #privacy

Research confirmed LinkedIn scans for 6,236 Chrome extensions and fingerprints your browser without telling you. Microsoft says it's for your protection. The extension list says otherwise.

RSAC 2026 Day One: Every Vendor Went Agentic, the Government Went Missing

John Z Black Mar 24, 2026

Policy, Law & Governance #rsac-2026 #ai-security #agentic-ai #cisa #government-cybersecurity #google-cloud #microsoft #crowdstrike #wiz

RSAC 2026 opened with a wave of autonomous AI security launches from Google, Microsoft, CrowdStrike, and Wiz. Reportedly absent from the program: CISA, the FBI, and the NSA.

RSAC 2026 Opens Monday: Here's What the Cybersecurity Industry Will Be Talking About All Week

John Z Black Mar 22, 2026

Security Operations & Resilience #rsac #rsac2026 #agentic-ai #conference #microsoft #booz-allen #cyber-policy #ai-security

RSAC 2026 opens Monday at Moscone Center. Agentic AI, human manipulation, and post-breach resilience are the dominant themes -- here's what to watch and why this year feels different.

Patch Cycles Are Now Running Behind the Exploit Curve

John Z Black Mar 19, 2026

Vulnerabilities & Patching #exploit-window #patch-management #kev #telnetd #rapid7 #microsoft #vulnerability-operations

A GNU telnetd PoC is already circulating. CISA added another KEV entry. Rapid7 says exploited high/critical vulns surged 105% and attack timelines collapsed. Meanwhile teams are still digesting Microsoft's 83-vulnerability March dump.

Two Vulnerabilities, Two Patches, One Message: Critical Enterprise Flaws Need Immediate Attention

John Z Black Mar 15, 2026

Vulnerabilities & Patching #patch-management #microsoft #windows-11 #hpe #aruba #enterprise-security #rce #vulnerability

Microsoft shipped an emergency out-of-band RRAS patch days after Patch Tuesday. HPE has a switch vulnerability that lets attackers reset admin passwords with zero credentials. Both need patching now.

March Patch Tuesday: Two Zero-Days Already Public, Plus a SolarWinds Deadline That's Right Now

John Z Black Mar 12, 2026

Patch Tuesday #patch-tuesday #microsoft #zero-day #solarwinds #cisa #cve #vulnerability-management

Microsoft patched 79+ flaws including two publicly disclosed zero-days. No confirmed active exploitation yet, which is rare. But the SolarWinds Web Help Desk CISA deadline is today, and 'publicly disclosed' means attackers already have the blueprints.

Patch Week From Hell: Microsoft, Adobe, SAP, and HPE All Drop Critical Fixes at Once

John Z Black Mar 11, 2026

Vulnerability Management #patch-tuesday #microsoft #adobe #sap #hpe #zero-day #vulnerability-management

March 2026 might be the worst coordinated patching week in years. Microsoft, Adobe, SAP, and HPE all dropped critical fixes in the same 48-hour window. Here's what to patch first.