CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-4250link is external Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537link is external Microsoft DirectX NULL Byte Overwrite Vulnerability...

PT-2026-42162

Name of the Vulnerable Software and Affected Versions Microsoft Defender affected versions not specified Description A heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network. A heap-based buffer overflow occurs when an application writes mo...

Microsoft Defender Denial of Service Vulnerability

Microsoft Defender contains an unspecified vulnerability that allows for denial of service...

Microsoft Defender Link Following Vulnerability

Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally...

Microsoft Defender 后置链接漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. Microsoft Defender has a postback link vulnerability, which stems from improper link resolution before file access. This vulnerability could allow authorized attackers to gain local privileges...

GenAI-Driven Threat Detection with Microsoft Security Copilot

Defending against today's increasingly sophisticated cyberattacks requires security analysts to continuously translate evolving attacker tradecraft into detection logic. This places defenders in a reactive posture, requiring constantly updated expertise across an increasingly fragmented security...

CVE-2026-41091

creationtimestamp| type| source ---|---|--- 2026-05-19 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1878 2026-05-20 10:16:09+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-489 2026-05-20 14:10:08+00:00| seen|...

GHSA-3H23-RRPC-3P87 Caddy Defender trusted proxy client IP bypass

Impact Caddy Defender used r.RemoteAddr when evaluating whether a request should be blocked. RemoteAddr is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the original...

Caddy Defender trusted proxy client IP bypass

Impact Caddy Defender used r.RemoteAddr when evaluating whether a request should be blocked. RemoteAddr is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the original...

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

Microsoft Defender Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

Microsoft Defender Denial of Service Vulnerability

...

Microsoft Defender Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network...

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. There is a security vulnerability in Microsoft Defender, and this vulnerability stems from a denial-of-service attack...

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. There is a security vulnerability in Microsoft Defender, which stems from a heap buffer overflow. Unauthorized attackers may execute code through the network as a result of this vulnerability...

VulnCheck KEV: CVE-2026-45498

Microsoft Defender Denial of Service Vulnerability...

PT-2026-42157

Name of the Vulnerable Software and Affected Versions Microsoft Malware Protection Engine versions 1.1.26030.3008 through 1.1.26040.8 Description An improper link resolution issue before file access, known as link following, exists within the Microsoft Malware Protection Engine component of...

VulnCheck KEV: CVE-2026-41091

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

PT-2026-42161

Name of the Vulnerable Software and Affected Versions Microsoft Defender Antimalware Platform affected versions not specified Description An issue exists in the Microsoft Defender Antimalware Platform involving uncontrolled resource consumption. This can be exploited to cause a denial of service,...

PT-2026-42048

Impact Caddy Defender used r.RemoteAddr when evaluating whether a request should be blocked. RemoteAddr is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually the proxy, not the original...