June "In the Trend of VM" (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities

June "In the Trend of VM" 28: Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. In the previous May edition, we covered four vulnerabilities. This time, there...

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

...

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

...

CVE-2026-50656

Technical details about CVE-2026-50656 (affected components, root cause, impact specifics, remedies) are not publicly available in the provided documents. Monitor official advisories for updates.

Microsoft Defender email security benchmarking: Key insights from one year of data

Microsoft publishes quarterly email security benchmarking data comparing Microsoft Defender against secure email gateway SEG and integrated cloud email security ICES vendors using real-world threat telemetry. A year ago, we set out to change how email security effectiveness is measured. With our...

Malicious code in fastgptmini (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d setup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt an anonymous, throwaway file-sharing host during pip install,...

MAL-2026-5776 Malicious code in fastgptmini (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4da10d62527ca4b69f4458b6a01c77f01af42c5a1631d5cc6f207070d1ade20d setup.py fetches an opaque file from https://tmpfiles.org/dl/wJwhUXDhUK6M/zvgfsj.txt an anonymous, throwaway file-sharing host during pip install,...

vader-toctou

OPERATION VADER — TOCTOU EXPLOITATION SYLLABUS OPERATIONS...

Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...

CVE-2026-45647

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The anonymous security researcher going by the name Chaotic Eclipse aka Nightmare-Eclipse has released a proof-of-concept PoC exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit...

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

CVE-2026-45647

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

CVE-2026-45647

CVE-2026-45647 describes a time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint (Mac) that can allow an authorized locally logged-in attacker to elevate privileges. The Red Hat, NVD, MSRC and CVE records consistently frame the issue as a local elevation of privileg...

CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

...

CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

...

EUVD-2026-35571

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...

PT-2026-48010

Name of the Vulnerable Software and Affected Versions Microsoft Defender for Endpoint for Mac affected versions not specified Description A time-of-check time-of-use TOCTOU race condition occurs in Microsoft Defender for Endpoint. This is a software bug where a system checks a condition such as a...

PT-2026-49756

Name of the Vulnerable Software and Affected Versions Microsoft Defender affected versions not specified Windows 10 affected versions not specified Windows 11 affected versions not specified Description An elevation of privilege flaw, publicly referred to as RoguePlanet, exists in the Microsoft...