Zero-Day on HackingPassion.com : root@HackingPassion.com-[~]

GreatXML Turns Windows Defender's Offline Scan Into a BitLocker Bypass

Fri, 12 Jun 2026 10:51:38 +0200

Nightmare-Eclipse is back again, this time with a BitLocker bypass called GreatXML that runs straight through Microsoft’s own antivirus. On a Windows machine that has run a Defender offline scan even once, the recovery mode hands over a command shell with full access to the encrypted drive, while BitLocker still reports the disk as locked and protected. Microsoft has no patch for it. He published GreatXML the day after RoguePlanet, right after the June Patch Tuesday where Microsoft had just fixed his first BitLocker bypass, the largest Patch Tuesday yet at close to 200 fixes in a single day.

RoguePlanet Windows Defender Zero Day Hands Any User Full SYSTEM Control

Wed, 10 Jun 2026 12:01:36 +0200

Nightmare-Eclipse is back, with a new exploit called RoguePlanet. Windows 10 and 11 have a new zero-day that lets a user with no rights take complete control of a fully updated machine, and Microsoft has no patch for it. He dropped it on Patch Tuesday, June 9th, a few hours after Microsoft shipped its largest Patch Tuesday yet, nearly 200 fixes in a single day.

Some of those fixes closed his own earlier bugs. So while Microsoft was busy sealing the gaps he had already found, he opened a new one in public. For weeks he had been vague about whether anything was coming in June, switching between yes and no, and then he just did it.

Six Working Windows Zero Days and the Researcher Microsoft Called a Criminal

Sun, 31 May 2026 15:08:03 +0200

Six working Windows attacks are sitting in the open right now, three of them already seen in a real intrusion, and the researcher who published them did it after he says Microsoft refused him, deleted the account he reported bugs through, and paid him nothing. Microsoft removed his account, called his actions criminal, and pointed at its crime unit. Both stories are out there, and the security world cannot agree on who is more to blame.

Google Catches the First AI Built Zero-Day and Stops a Mass Attack Before It Starts

Sun, 17 May 2026 13:18:03 +0200

Google caught a criminal group that used AI to find a zero-day in a popular web admin tool and had a working exploit ready for a mass attack against thousands of systems. Google has never named the tool. The attack never launched. What gave them away was a CVSS severity score inside the code for a vulnerability that has never been officially rated. The AI made up a number that does not exist.

YellowKey Bypasses BitLocker on Windows 11 Using Nothing But a Folder on a USB Stick

Fri, 15 May 2026 11:09:13 +0200

A folder copied to a USB stick is enough to bypass BitLocker encryption on Windows 11 and Windows Server 2022 and 2025, giving an attacker with a few minutes of physical access a command prompt with unrestricted access to everything on the encrypted drive.

The tool is called YellowKey. It was published on May 12, 2026, as a working proof of concept on GitHub. Windows 10 is not affected. There is no patch. Microsoft has not assigned a CVE number. And the researcher who found it believes it looks like something that was put there deliberately.

Dirty Frag Gives Root Access on Every Major Linux Distribution

Fri, 08 May 2026 10:24:54 +0200

A new Linux zero-day called Dirty Frag gives any local user full root access on every major Linux distribution, and right now no distribution has a patched kernel available. The researcher planned to give distributions until May 12 to prepare. Someone leaked the exploit five days early, and it went public before a single distribution had a fix ready.

Hyunwoo Kim (@v4bel) found both vulnerabilities and quietly reported them to the Linux kernel security team at the end of April, including working exploits and patches. The plan was to give Linux distributions until May 12 to prepare fixes before anything went public. On May 7, he told the group of distribution maintainers about it and set that five-day hold in motion. That same day, someone else published the exploit online. The agreement was clear: if that happened, everything would go public immediately. Kim released the full details within hours. Two CVEs have since been assigned: CVE-2026-43284 for the IPsec variant, which now has a patch in the kernel mainline, and CVE-2026-43500 for the RxRPC variant, which has no patch anywhere yet. How the exploit got out early is still unknown. The patch for the IPsec bug had been sitting on a public kernel mailing list since April 30, so someone paying close attention to kernel development could have spotted it there. Or someone inside the distribution group leaked it. Nobody knows.

cPanel Authentication Bypass CVE-2026-41940 Gave Attackers 64 Days of Root Access

Fri, 01 May 2026 12:49:42 +0200

For 64 days, attackers had root access to cPanel servers managing over 70 million websites, and nobody had to know a single password to get in. A crafted HTTP request was enough, and two-factor authentication made no difference. The company behind the software was told about it two weeks before the patch dropped. Their first response was that nothing was wrong.

Whoever gets in walks away with root access to the entire server through WHM: the hosted sites, the databases behind them, the email accounts, the certificates, and every credential stored on that machine. With that level of access, someone can read every hosted account, modify files and databases, create permanent backdoor accounts, install malware, steal credentials, and potentially pivot from there into customer networks. Compromising one cPanel server does not mean compromising one website. It means compromising everyone sharing that machine.

Copy Fail CVE-2026-31431: Nine Years of Root Access Hidden in the Linux Kernel

Thu, 30 Apr 2026 13:13:08 +0200

Since 2017, every major Linux distribution has been shipping a flaw that hands root access to any local user. The exploit is a 732-byte Python script that uses only what comes built into Python by default. It works on Ubuntu, Amazon Linux, RHEL, and SUSE without a single modification, leaves nothing on disk, and bypasses almost every file integrity monitoring tool in existence, because the file it corrupts is never actually written to.

RedSun and UnDefend: Two Unpatched Windows Defender Zero-Days

Sun, 19 Apr 2026 10:57:14 +0200

Two unpatched Windows Defender zero-days have been actively exploited since April 16th, and both of them work on fully patched Windows 10, Windows 11, and Server 2019 and later, including machines that installed this month’s Patch Tuesday updates. One of them makes Defender write the attacker’s payload into System32 by itself, then stands back and lets Windows run it as SYSTEM. The other blocks Defender from receiving any new virus definitions and lies to the EDR management console about it, showing green checkmarks on machines that are already fully compromised. 😏

Windows Defender Is Being Used to Hack Windows

Fri, 10 Apr 2026 11:15:27 +0200

Windows Defender, the built-in antivirus running on every Windows machine, has a zero-day exploit with full source code sitting on GitHub. No patch, no CVE, and confirmed working on fully updated Windows 10 and 11. A researcher who says Microsoft went back on their word just handed every attacker paying attention a privilege escalation that takes any low-privileged account straight to NT AUTHORITY\SYSTEM. On Windows Server the result is different but still serious: a standard user ends up with elevated administrator access. 😏

AI Finds 12 OpenSSL Vulnerabilities Including a 27-Year-Old Bug

Thu, 29 Jan 2026 14:18:28 +0100

An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since 1998. 🧐

OpenSSL is the cryptographic library that encrypts roughly two-thirds of all internet traffic. It runs on 95% of IT organizations worldwide. Banks use it. Hospitals use it. Governments use it. Cloud platforms, enterprise applications, operating systems, critical infrastructure. When OpenSSL has a vulnerability, the entire internet has a problem.

One Windows Update, Ten Problems, Two Emergency Patches

Wed, 28 Jan 2026 14:10:10 +0100

Microsoft pushed one security update. It broke at least 10 different things. 114 security fixes. Two emergency patches. PCs that won’t boot. Outlook that crashes. Remote Desktop that fails. Shutdown buttons that do nothing. And Microsoft is still investigating why some systems show a black screen and never start again. 🧐

A Windows and Microsoft story that keeps getting worse.

This was one of the largest Patch Tuesday releases in history. 114 vulnerabilities fixed, 8 rated Critical, 106 Important. The breakdown: 57 privilege escalation flaws, 22 remote code execution bugs, and 22 information disclosure vulnerabilities. Three zero-days in total, one actively exploited in the wild and two publicly known before Microsoft could patch them. In 2025 alone, Microsoft patched 1,130 CVEs across the year, 12% more than 2024.

Office Zero-Day Actively Exploited - CVE-2026-21509

Tue, 27 Jan 2026 14:10:36 +0100

Microsoft Office zero-day actively exploited. Every version from 2016 to 365, including LTSC 2021 and 2024, over 400 million users. Attackers bypass all the protections Microsoft built to stop malicious documents. Just open the file, and they are in. Microsoft pushed an emergency patch on a Sunday. 🧐

CVE-2026-21509. CVSS 7.8.

Someone sends a Word document, an Excel file, a PowerPoint. The target opens it. No macro warning pops up, no “enable content” button appears. The embedded object just executes and the attacker has access.

Your iPhone Just Got Owned: iOS WebKit Zero-Days Require No Click (CVE-2025-43529)

Mon, 12 Jan 2026 12:12:00 +0100

Your iPhone can be compromised by loading a webpage. No click. No download. Just visit the wrong site. Apple patched this a month ago. Only 16% of users have updated. 🤔

StatCounter data from January 2026:

→ iOS 26 (all versions): 16% of iPhones

→ iOS 18 (unpatched): over 60% of iPhones

For comparison, iOS 18 reached 63% adoption by January 2025. iOS 26 is at less than one quarter of that rate. The lowest adoption Apple has seen in years.