privilege-escalation

Antivirus as a Weapon: The Defender Trilogy No One Can Patch

John Z Black Apr 17, 2026

Vulnerabilities & Patching #windows-defender #zero-day #privilege-escalation #microsoft #vulnerability

A single researcher has spent April taking Windows Defender apart. The results are a set of three zero-days that turn your antivirus into a malware delivery system and then blind it so it can't see the damage.

A Disgruntled Researcher Just Handed Every Attacker a Free Windows Privilege Escalation Exploit

John Z Black Apr 7, 2026

Vulnerabilities & Patching #windows #zero-day #privilege-escalation #bluehammer #exploit #microsoft #msrc

A frustrated researcher publicly released BlueHammer, a working Windows privilege escalation zero-day, after clashing with Microsoft's disclosure process.

OpenClaw's Sixth Pairing Bug in Six Weeks Is a Full Admin Takeover

John Z Black Apr 4, 2026

Vulnerabilities & Patching #openclaw #cve-2026-33579 #privilege-escalation #ai-agents #supply-chain

CVE-2026-33579 lets anyone with the lowest access level become full admin on OpenClaw. It's the sixth pairing CVE in six weeks, and 63% of instances run without auth.