Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
PcworldCVE-2026-50656Microsoft scrambles to patch a Defender security flaw called RoguePlanet
A zero-day vulnerability in Microsoft Defender lets attackers gain full system access on up-to-date Windows 10 and 11 PCs. No fix yet.
4 days ago
Copilot, LiteLLM and the AI trust boundary gap
SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a CVE, a verify command, and a fix.
1 week ago
Microsoft Working To Patch 'RoguePlanet' Zero-Day - Slashdot
wiredmikey shares a report from SecurityWeek: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security...
1 week ago
It Security NewsCVE-2026-50656Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender - IT Security News
Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed “RoguePlanet” by security researcher NightmareEclipse. The vulnerability, classified as an elevation-of-p...
1 week ago
It Security NewsCVE-2026-50656Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch - IT Security News
Microsoft has officially acknowledged a critical zero-day vulnerability in Microsoft Defender, publicly dubbed “RoguePlanet,” and confirmed it is actively developing a security patch to address the flaw. Tracked as CVE-2026-50656, the vulnerability was formally published on June 16, 2026, by…Read mo...
1 week ago
The Hacker NewsCVE-2026-50656Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft is preparing a patch for RoguePlanet, a Defender flaw tracked as CVE-2026-50656 that can enable privilege escalation.
1 week ago
It Security NewsCVE-2026-50656Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) - IT Security News
Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, which has been assigned…Read more →
1 week ago
Help Net SecurityCVE-2026-50656Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) - Help Net Security
Microsoft has acknowledged the elevation of privilege Microsoft Defender bug (CVE-2026-50656) triggered via the "RoguePlanet" exploit.
1 week ago
OnmsftCVE-2026-50656Microsoft Confirms RoguePlanet Defender Zero-Day, Patch in Development
Microsoft has confirmed CVE-2026-50656, the RoguePlanet Defender zero-day that can grant SYSTEM privileges on Windows 10 and 11.
1 week ago
The Eastern HeraldCVE-2026-42824Microsoft Copilot Hacked a Third Time — and IT Teams Can't Fight Back
Varonis researchers used SearchLeak to turn Microsoft 365 Copilot into a one-click data theft tool — the third such exploit in a year. CVE-2026-42824 is now patched.
1 week ago
The Hacker NewsCVE-2026-42824One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one trusted link.
1 week ago
New attack turned Microsoft 365 Copilot into 1-click data theft tool
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL.
1 week ago
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users.
2 weeks ago
AI is making Patch Tuesday (kinda) fun again
Unless you're an admin or vulnerability manager – then you're totally screwed
2 weeks ago
Blame AI: Patch Tuesday Hits Record 206 CVEs
Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.
2 weeks ago
Week in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecast - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: OWASP Agent Memory Guard: Stop AI agents from being
3 weeks ago
Edge Flaws Put Browser Security In Focus Arabian Post
Edge Flaws Put Browser Security In Focus Arabian Post. clearfix> <?xml encoding=UTF-8>Microsoft Edge users have been urged to update their browsers after three security flaws tied to the Pwn2Own hacking contest were publicly detailed, including one v
3 weeks ago
It Security NewsCVE-2026-45495Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code - IT Security News
Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495 and reported by Orange Tsai of DEVCORE, the flaw carries a CVSS…Read more →
3 weeks ago
Arabian PostCVE-2026-45495Edge flaws put browser security in focus
Edge flaws put browser security in focus : Latest in - Arabian Post
3 weeks ago
It Security NewsCVE-2026-33829Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers - IT Security News
A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click. This behavior is the same bug class as CVE-2026-33829 in the Snipping Tool, but Microsoft has…Read more →
3 weeks ago
The Hacker NewsCVE-2026-33829Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Unpatched Windows search: URI flaw leaks NTLMv2 hashes via SMB requests; disclosed April 2026, enabling relay attacks.
3 weeks ago
It Security NewsCVE-2026-33829Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers - IT Security News
Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler Vulnerability Security researchers from…Read mor...
3 weeks ago
NotebookcheckCVE-2026-41089Windows Netlogon CVE-2026-41089 exploited: Priority patch needed
CVE-2026-41089, a critical Windows Netlogon flaw rated CVSS 9.8, is now actively exploited. Unpatched domain controllers face full SYSTEM-level compromise with no credentials needed.
3 weeks ago
CybersecuritynewsCVE-2026-33829Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers
A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click.
3 weeks ago
