Tag: Microsoft Defender
-
Dragon Breath’s Leaked Driver Shatters Windows Security and Neutralizes EDRs
The Chinese cyber-espionage collective Dragon Breath, also recognized by the designation APT-Q-27, has purportedly acquired a formidable new instrument for infiltrating corporate infrastructures. According to a report by Ransom-ISAC, investigators identified a vulnerable driver, dragoncore_k.sys, bearing a valid Microsoft WHQL digital signature. This component empowers adversaries to dismantle Windows security protocols, effectively neutralizing antivirus solutions…
-
The “RedSun” Zero-Day That Turns Microsoft Defender into a Malware Installer
A novel method to acquire total systemic hegemony over Windows has surfaced, and remarkably, it eschews complex kernel vulnerabilities in favor of exploiting the erratic behavior of the integrated antivirus suite. A researcher operating under the pseudonym Chaotic Eclipse has disseminated a functional zero-day exploit targeting Microsoft Defender, an instrument christened RedSun. This marks the…
-
The Trust Trap: How Cyber Marauders Are Turning WhatsApp Into a Windows Infection Engine
In the waning days of February 2026, cyber adversaries inaugurated a nascent campaign characterized by an unorthodox stratagem: the dissemination of malignant Windows artifacts via the ubiquitous channels of WhatsApp. The calculus was elegantly simple—the inherent trust placed in a familiar messaging medium erodes the user’s vigilance, facilitating an infection chain that unfolds almost imperceptibly.…
-
The Prompt Poachers: 900,000 Users Exposed as Malicious AI Extensions Siphon ChatGPT and DeepSeek Chats
Artificial intelligence extensions have seamlessly woven themselves into the fabric of everyday browser utility. Multitudes of users routinely summon the sidebar, interrogating chatbots and injecting proprietary corporate documents or intricate code snippets into the dialogue. Malefactors have adroitly preyed upon this very habit. Camouflaged as benevolent aides for interacting with neural networks, malignant add-ons proliferated…
-
The Trust Trap: How Hackers Weaponize Legitimate Google and Microsoft Login Pages via OAuth Redirection
An electronic missive imploring the recipient to “sign a document” or “authenticate an account” may not invariably lead to a fabricated domain, but rather to an entirely legitimate Microsoft or Google address. It is precisely this profound trust that malefactors have ruthlessly exploited, having mastered the manipulation of the OAuth protocol’s redirection mechanisms to orchestrate…
-
Virtual Sabotage: How Attackers Weaponized SolarWinds Help Desks to Hide Malware Inside QEMU
The Microsoft Defender threat intelligence team has documented a series of substantiated offensives targeting internet-facing SolarWinds Web Help Desk instances. Adversaries weaponized these vulnerable help desk servers as a primary point of ingress, subsequently intensifying their penetration into the internal infrastructure in a concerted bid to seize dominion over critical domain nodes. According to Microsoft…
-
MFA Under Siege: Microsoft Unveils Stealthy AiTM Attacks Striking the Energy Sector
Microsoft has disclosed a sophisticated sequence of multi-stage incursions leveraging Adversary-in-the-Middle (AiTM) session hijacking in tandem with Business Email Compromise (BEC) methodologies. The offensive specifically targeted entities within the energy sector, with adversaries weaponizing SharePoint as a primary vector for the dissemination of deleterious links and the subsequent entrenchment within compromised environments. The inaugural phase…
-
The Kernel Ghost: Mustang Panda’s New Rootkit Blinds Antivirus to Deploy ToneShell
Cyber-espionage attributed to the Chinese group HoneyMyte—also known as Mustang Panda and Bronze President—has reached a new level. Researchers have observed the deployment of an advanced version of the ToneShell malware, concealed by a kernel-level rootkit. This technique enables the covert delivery of malicious code while significantly complicating detection on compromised systems. According to data…
-
The Silence of the Scans: New NtKiller Utility Disables Antivirus at the Root
A new commodity has surfaced on underground forums for those seeking to operate more quietly—and for longer. An actor using the alias AlphaGhoul has begun promoting a utility called NtKiller, which, according to its author, can stealthily disable antivirus software and endpoint detection tools, enabling malicious payloads to run on compromised machines while evading detection.…
-
Teams Guest Phishing Bypass: Attackers Exploit External Tenants to Defeat Microsoft Defender
Expanding Microsoft Teams’ capabilities for working with external users brings not only convenience, but also new vulnerabilities. The Ontinue team has detailed a technique that exploits the peculiarities of guest access to bypass Microsoft Defender for Office 365 and leverage Microsoft’s own infrastructure to deliver phishing emails with minimal suspicion from mail filters. The issue…
-
AI-Powered Phishing: Microsoft Uncovers First-of-its-Kind Attack Using Generative Code Obfuscation
Experts at Microsoft Threat Intelligence have documented an attack in which adversaries, for the first time, employed artificial intelligence to disguise phishing code, with the aim of stealing corporate credentials from U.S.-based companies. The malicious file, delivered in SVG format, concealed its true functionality beneath a veneer of pseudo-business terminology and the imitation of an…
-
Critical Conflict: Microsoft Defender Antivirus Interferes with Siemens Industrial Control Systems
Siemens has encountered an unforeseen challenge: Microsoft’s antivirus solution is interfering with the operation of industrial facilities. The very software intended to safeguard corporate systems may inadvertently paralyze critical segments of production. The source of this risk is the Microsoft Defender antivirus suite, which is used in conjunction with Siemens Simatic PCS platforms—systems that manage…
-
SonicWall Warns: Trojanized NetExtender VPN Client Stealing Credentials in Active Campaign
Unknown threat actors have begun disseminating a counterfeit version of the SonicWall application, designed to steal credentials used to access VPNs. The campaign was uncovered by experts at SonicWall and Microsoft, who detected attempts to distribute a tampered build of the NetExtender utility, disguised as an official SonicWall application. According to the companies, the attackers…
-
Microsoft Defender is suspected of causing extremely high memory usage and black screen issues
Microsoft Defender for EndPoint is a batch security management solution provided by Microsoft for enterprise customers. Usually, enterprise IT administrators can directly view the security policies of intranet devices through endpoint protection, which is good security software for large enterprises. But if there is a problem, it may also affect the internal equipment use of…
-
Test shows Microsoft Defender has very poor malware offline detection rates
The most famous evaluation in the security software industry is AV-TEST, which checks various security software through a professional and complex process and publishes a ranking every month. Microsoft Defender is basically among the best in AV-TEST, so it is enough for users to use this software to provide security protection. The tests show that…
-
Microsoft Defender will provide cloud management and turn it into a security dashboard
Earlier, we mentioned that Microsoft is developing a new version of the Microsoft Defender antivirus software. Unfortunately, most users found that they could not log in to their account after installation. As for why it can be downloaded and installed but cannot log in to the account, the reason is now known: this version may…