#windows
14 articles
Over the past month, ZCyberNews has tracked 24 articles under the Windows tag, with the threat actors Kyber, Chaotic Eclipse, and VECT Ransomware among the most frequently observed. The coverage spans from April 12 to May 9, 2026, and highlights five key vulnerabilities: CVE-2024-1708 (CVSS 8.4), CVE-2026-33104 (CVSS 7.8), CVE-2026-8069 (CVSS 7.8), CVE-2026-26179 (CVSS 7.5), and CVE-2026-32183 (CVSS 7.5). The affected sectors include consumer electronics, gaming, government, IT, and managed service providers, with North America as the primary region. The severity mix comprises 18 high, 2 critical, and 4 medium-severity incidents.
HIGHAcer PredatorSense LPE Lets Local Users Gain SYSTEM Privileges
CVE-2026-8069: Acer PredatorSense versions 3.00.3136 to 3.00.3196 expose a misconfigured named pipe, letting any authenticated local user execute code as SYSTEM and delete...
HIGHCISA Adds Actively Exploited ConnectWise, Windows Flaws to KEV
CISA added CVE-2024-1708 (ConnectWise ScreenConnect path traversal, CVSS 8.4) and an unnamed Windows flaw to its KEV catalog based on confirmed active exploitation.
CRITICALVECT Ransomware Wiper Bug Destroys Data, Not Just Encrypts
Check Point Research found a bug in VECT ransomware's encryption logic that permanently destroys files on Windows systems — no recovery possible even after paying.
HIGHKyber Ransomware Deploys Post-Quantum Encryption in Attacks
The Kyber ransomware gang is using a variant that implements Kyber1024 post-quantum encryption to target Windows and VMware ESXi systems, according to a BleepingComputer analysis.
HIGHKyber Ransomware Deploys Dual Payloads for Windows and VMware ESXi
Kyber ransomware deploys two distinct payloads to encrypt both Windows systems and VMware ESXi servers, using a custom tool to wipe ESXi snapshots and hinder recovery. The attack chain begins with compromised RDP credentials.
HIGHPureRAT Malware Evades Detection with PNG-Stashed Payloads
PureRAT hides its Windows PE payloads inside PNG files and executes them filelessly in memory, a technique detailed by cybersecurity researchers analyzing a new sophisticated campaign.
HIGHWindows Snipping Tool Vulnerability Leaks NTLM Hashes via Malicious Links
CVE-2026-33829 in Windows Snipping Tool allows attackers to steal NTLMv2 hashes via malicious links. A public PoC exploit targets the ms-screensketch protocol to enable credential relay attacks.
HIGHMicrosoft Patches Windows win32kfull Local Privilege Escalation Vulnerability
Microsoft has patched a local privilege escalation vulnerability (CVE-2026-33104) in the Windows win32kfull driver, which could allow authenticated attackers to gain SYSTEM privileges. The flaw was disclosed by the Zero Day Initiative.
HIGHMicrosoft Windows Secure Kernel Double Free Vulnerability Enables Local
A double-free vulnerability (CVE-2026-26179) in the Microsoft Windows Secure Kernel allows local attackers to escalate privileges, potentially to SYSTEM. The flaw, rated 7.5 CVSS, requires an attacker to first execute high-privileged code.
HIGHMicrosoft Windows Snipping Tool Vulnerability Enables Remote Code Execution
A vulnerability (CVE-2026-32183) in the Microsoft Windows Snipping Tool allows remote attackers to execute arbitrary code via a malicious file or webpage, requiring only user interaction to trigger the exploit.
HIGHFake Proton VPN Sites and Gaming Mods Spread NWHStealer Malware
A new Windows information stealer dubbed NWHStealer is being distributed via fake Proton VPN websites, gaming modifications, and hardware utility downloads, targeting credentials and cryptocurrency wallets.
HIGHCISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities
CISA adds two new vulnerabilities to its KEV catalog: a Windows SmartScreen bypass (CVE-2024-21412) and an Adobe Acrobat Reader code execution flaw (CVE-2024-20662), both under active exploitation.
HIGHCVE-2024-38112: BlueHammer PoC Escalates Windows to SYSTEM
Researcher Chaotic Eclipse published a PoC for CVE-2024-38112, a Windows zero-day that grants local SYSTEM privileges, citing MS disclosure failures.
HIGHThreat Actors Weaponize MSBuild LOLBin for Fileless Windows Attacks
Cybercriminals are abusing the legitimate Microsoft Build Engine (MSBuild.exe) to execute malicious .NET code directly in memory, evading traditional detection by avoiding file drops.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.