2641 matches found
vader-toctou
OPERATION VADER — TOCTOU EXPLOITATION SYLLABUS OPERATIONS...
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions...
CVE-2026-45647
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse aka Nightmare-Eclipse has released a proof-of-concept PoC exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit...
CVE-2026-45647
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
...
CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
...
CVE-2026-45647
CVE-2026-45647 describes a Time-of-check Time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint (Mac) that enables a local attacker with low privileges and no user interaction to achieve elevation of privilege. The internal details indicate a local-exploit path with medium severit...
EUVD-2026-35571
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
PT-2026-48010
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
AI brands as bait: How threat actors are using the AI hype in social engineering
In this article 1. ChatGPT-themed lure leads to phishing kit collecting credit card data 2. Claude-themed phishing campaign collected credentials and access tokens 3. "Awesome AI Windows Plugin” malvertising deploys Vidar stealer 4. Fake DeepSeek V4 installers on GitHub delivered Vidar Stealer 5...
Closing the Sim-To-Real Gap: An Evaluation Framework for Autonomous Cyber Defense Configuration of Commercial EDR
Leading commercial endpoint detection and response EDR products have shifted from operator-configured rule sets to multi-component systems where autonomous AI components operate alongside, and increasingly in place of, operator-deployed policies. Autonomous defense agents using commercial EDR as...
CVE-2026-5082
Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. The generatesessionid function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes using SHA-1 hash seeded with the built-in rand...
Synthetic APTs: The Collapse of TTP-Based Attribution
Cyber Threat Intelligence CTI attribution relies on identifying the Tactics, Techniques, and Procedures TTPs that distinguish one threat actor from another. This approach presupposes that each adversary leaves a recognizable operational fingerprint. This work investigates whether AI driven...
ZERO-APT: A Closed-Loop Adversarial Framework for LLM-Driven Automated Penetration Testing under Intelligent Defense
LLM-driven automated penetration testing agents are typically evaluated against static targets that neither detect nor respond to attacks, so their behavior under intelligent defense remains untested. The causal consistency of multi-step attack chains likewise hinges on unstable LLM reasoning, an...
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection
As threats become more coordinated and faster to execute, endpoint protection has become the proving ground for modern defense. For the seventh consecutive time, Microsoft has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. We believe this reflects both the...
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection
As threats become more coordinated and faster to execute, endpoint protection has become the proving ground for modern defense. For the seventh consecutive time, Microsoft has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. We believe this reflects both the...
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure CVD, urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a...
Malicious code in clobprice.api (npm)
A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...