CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems ...
The Hacker News

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

CISA added two actively exploited CVEs to KEV after confirmed attacks, mandating FCEB patching by May 12, 2026.
The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
Dark Reading

Recurring Windows Flaw Could Expose User Credentials

All versions of Windows clients, from Windows 7 through current Windows 11 versions, contain a 0-day vulnerability that could allow attackers to capture NTLM authentication hashes from users of ...
SecurityWeek

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

Threat actors have been exploiting the BlueHammer Microsoft Defender vulnerability as a zero-day to gain System privileges.