Neowin News Feed for: Exploit

Hackers are selling a Windows exploit for $220,000 on the dark web

Ivan Jenic — Tue, 10 Mar 2026 01:32:01 +0000

A Windows exploit that grants system-level access to attackers is currently up for sale on the dark web for $220,000. Read more...

Microsoft rolls out August 2025 security patches for Exchange Server

Usama Jawad — Tue, 12 Aug 2025 19:10:01 +0000

Microsoft has released August 2025 Security Updates (SUs) for Exchange Server deployments, containing fixes for the recent, high-severity CVE-2025-53786 flaw. Read more...

Google Project Zero exposes security flaw in libxslt library used in GNOME applications

Usama Jawad — Tue, 05 Aug 2025 13:36:01 +0000

Google's Project Zero team has publicly disclosed a UAF flaw in the popular libxslt library following GNOME's inability to fix it within 90 days of private reporting. Read more...

Microsoft takes legal action against bad actors using AI for sophisticated exploitation

Paul Hill — Sat, 11 Jan 2025 08:32:01 +0000

Microsoft has obtained a court order to seize a website as part of legal action against malicious actors leveraging AI tools to hack online accounts. Read more...

Three million Saflok locks can be opened by crooks due to 36-year-old security holes

Martin Hodás — Sat, 23 Mar 2024 00:00:01 +0000

Common electronic locks used in hotels still suffer from vulnerabilities reported to the manufacturer in 2022. It allows the hackers to forge universal keycards that can open any door. Read more...

New malware bypassing Windows SmartScreen is hungry for your data, and it wants it all

Martin Hodás — Tue, 16 Jan 2024 15:30:01 +0000

Data-harvesting malware Phemedrone exploits vulnerability in Windows Defender SmartScreen to avoid warnings and checks. It collects various sensitive data and sends them to the hackers. Read more...

ChatGPT was tricked into generating valid activation keys for Windows 95

Sayan Sen — Mon, 03 Apr 2023 17:30:02 +0000

OpenAI's ChatGPT was successfully tricked into generating valid activation keys for Windows 95. Although it refused at first, a revised prompt was able to trick the AI without the chatbot realizing. Read more...

Use this Python utility developed by CISA to detect hacking in Microsoft cloud environments

Usama Jawad — Fri, 24 Mar 2023 09:56:01 +0000

U.S. federal cybersecurity agency CISA has developed a Python-based utility to detect signs of hacking in Microsoft cloud environments including Microsoft 365, Azure, and Azure Active Directory (AAD). Read more...

Meet SH1mmer, the big bad Chromebook exploit no one is talking about

Dean Howell — Mon, 30 Jan 2023 19:19:09 +0000

SH1MMER, a dangerous new ChromeOS exploit that was released on Friday the 13th, has flown under the radar for two weeks, and there's nothing stopping you from having a little fun with it. Read more...

The PlayStation 5 has been jailbroken but the exploit is quite limited

Paul Hill — Mon, 03 Oct 2022 16:22:01 +0000

Modders have managed to jailbreak the PlayStation 5 using a WebKit exploit in an old PS5 firmware. The exploit is quite limited at this point, but work will likely continue to make it more useful. Read more...

Microsoft Weekly: Printer nightmares, Teams capabilities, and the death of SwiftKey for iOS

Usama Jawad — Sat, 01 Oct 2022 17:16:01 +0000

This edition of Microsoft Weekly recaps a bunch of Windows 11 2022 Update issues, new features introduced to the Dev Channel, recent capabilities added to Teams, and the death of SwiftKey for iOS. Read more...

Google announces new Vulnerability Reward Program specifically for open source software

Usama Jawad — Tue, 30 Aug 2022 11:00:02 +0000

Google has revealed an expansion to its Vulnerability Reward Program (VRP). It is designed to encourage privately reporting security flaws in open source software in exchange for monetary rewards. Read more...

Janet Jackson song is now an official exploit for Windows PCs

Usama Jawad — Thu, 18 Aug 2022 13:36:01 +0000

The MITRE Corporation has officially declared that Janet Jackson's music video of Rhythm Nation is an exploit. It has assigned it a CVE ID nearly two decades after its initial discovery. Read more...

Following Chrome, Edge gets emergency update for high severity 0-day exploit too

Usama Jawad — Thu, 07 Jul 2022 06:54:01 +0000

Following in the footsteps of Chrome, Edge has received an update to fix a rather severe 0-day exploit too. This is because the issue affects all browsers based on Chromium, including Edge. Read more...

Google Chrome receives emergency security update for 0-day exploit

Usama Jawad — Tue, 05 Jul 2022 06:40:02 +0000

Google has rolled out security updates for Chrome across various channels to fix a handful of issues, including one 0-day exploit. Details of the problem are private for now but it has high severity. Read more...

Microsoft Weekly: Edge on the rise, exploits, and a Windows 11 build

Usama Jawad — Sat, 04 Jun 2022 17:16:01 +0000

This week's digest recaps a hefty amount of news related to Microsoft Edge, some about a Windows 11 Dev Channel build, and an exploit that affects virtually all supported versions of Windows. Read more...

Google issues warning about state-sponsored hackers from North Korea exploiting Chrome

Usama Jawad — Thu, 24 Mar 2022 18:52:01 +0000

Google has issued a warning about a sophisticated exploit kit being used to target news media, IT, crypto, and fintech personnel. The attackers were reportedly state-sponsored North Korean groups. Read more...

Microsoft issues warning about Active Directory privilege escalation attack

Usama Jawad — Tue, 21 Dec 2021 07:04:01 +0000

Microsoft has issued an advisory about an Active Directory privilege escalation attack. The vulnerabilities have already been patched but unpatched domain controllers are more at risk now than ever. Read more...

Google is rolling out emergency fix for Chrome to patch attack exploit

Steven Parker — Tue, 14 Dec 2021 11:38:01 +0000

Thanks to an as yet undisclosed critical vulnerability in Chrome 96, confirmed to be actively being exploited in the wild, Google is rolling out an update to Chrome 96, which y'all should update to. Read more...

Razer is fixing a bug which gives admin rights on Windows using just a Razer mouse

Usama Jawad — Mon, 23 Aug 2021 08:22:01 +0000

Razer has confirmed that it is working on patching an easily exploitable security issue which allows a local attacker to gain admin privileges to your system using just a Razer mouse or a dongle. Read more...

Microsoft releases new patch for PrintNightmare, recommends immediate installation

Usama Jawad — Tue, 10 Aug 2021 16:58:18 +0000

Microsoft has released another patch for the critical PrintNightmare vulnerability. It makes major changes to the Point and Print functionality on Windows, and immediate installation is recommended. Read more...

Microsoft confirms PrintNightmare patch breaks Zebra printers, but there's good news too

Sayan Sen — Fri, 09 Jul 2021 06:00:01 +0000

Microsoft has confirmed that its update KB5004945 breaks Zebra printers preventing them from working properly. The company will release a new patch within the next few days that will fix the problem. Read more...

Microsoft: Our PrintNightmare patch is effective, you're just using Windows wrong

Usama Jawad — Fri, 09 Jul 2021 04:56:01 +0000

Despite claims to the contrary, Microsoft says that its PrintNightmare patch works as intended. It states that security researchers who are calling it ineffective are using insecure configurations. Read more...

Microsoft's patch for PrintNightmare vulnerability can be bypassed completely [Update]

Abhay V — Wed, 07 Jul 2021 21:26:02 +0000

Security researchers are reporting that Microsoft's fix for the PrintNightmare vulnerability that rolled out to most Windows versions is ineffective, and can let attackers completely bypass it. Read more...

Microsoft provides further mitigations for PrintNightmare exploit, awards it "high" severity

Usama Jawad — Sun, 04 Jul 2021 05:12:01 +0000

Microsoft has offered some further mitigations against the highly dangerous PrintNightmare exploit. The company has also given it a CVSS rating of 8.8/10, which almost awards it "critical" severity. Read more...

Microsoft is investigating a critical Windows Print Spooler exploit called PrintNightmare

Usama Jawad — Fri, 02 Jul 2021 05:48:01 +0000

An exploit called "PrintNightmare" is being investigated by Microsoft. It potentially affects all versions of Windows. U.S. CISA has marked it as "critical" as it can lead to remote code execution. Read more...

Google discloses new Rowhammer technique that alters memory contents of newer DRAM chips

Usama Jawad — Wed, 26 May 2021 04:44:01 +0000

"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass. Read more...

Exploit released for Windows 10 HTTP protocol flaw that was fixed by update KB5003173

Subir Kathuria — Mon, 17 May 2021 22:34:02 +0000

A security researcher has published code on GitHub that takes advantage of an exploit recently patched by Microsoft. The Redmond firm recommends users install the latest patches to avoid issues. Read more...

Microsoft Defender will now automatically break the attack chain in Exchange Server exploits

Usama Jawad — Fri, 19 Mar 2021 16:04:01 +0000

Microsoft has enabled Defender Antivirus to automatically mitigate a recent vulnerability in on-premises Exchange server instances. This acts only as a temporary workaround to break the attack chain. Read more...

Microsoft Weekly: An unfortunate Exchange, Ignite in the spring, and Windows generations

Florin Bodnarescu — Sun, 07 Mar 2021 15:52:01 +0000

The week brought us Ignite news, Exchange on-prem vulnerability news, and even some expected Insider build news. Make sure to catch up with everything that happened via our handy overview. Read more...

On-premises Exchange servers are under attack from a state-sponsored group

Usama Jawad — Wed, 03 Mar 2021 13:04:01 +0000

Microsoft has revealed that on-premises Exchange servers are under attack from a state-sponsored group operating from China and utilizing 0-day exploits. Exchange Online is safe from the threat. Read more...

Google's Threat Analysis Group uncovers an ongoing campaign targeting security researchers

Ather Fawaz — Tue, 26 Jan 2021 06:56:01 +0000

Malicious actors, reportedly from North Korea, are targeting security researchers with social engineering attacks using fake social media accounts, exploit claims, and injected malware. Read more...

iPhones of multiple Al Jazeera journalists hit by a zero-click hack

Ather Fawaz — Mon, 21 Dec 2020 06:10:01 +0000

According to a report, dozens of journalists - mostly from Al Jazeera - had their iPhones hacked via an Israeli firm's spyware. Four attackers have been linked to the UAE and Saudi Arabia. Read more...

Google now offering bigger bounties for finding exploits in Chrome's JavaScript engine

Usama Jawad — Wed, 09 Dec 2020 06:10:01 +0000

Google has updated the rules for its Chrome Vulnerability Rewards Program, offering bigger bounties and bonuses for security researchers who discover security exploits in Chrome's JavaScript engine. Read more...

Sony is permanently banning PS5 owners selling access to PlayStation Plus Collection

Usama Jawad — Fri, 27 Nov 2020 06:30:02 +0000

Sony is issuing permanent bans to PlayStation 5 owners who are engaging in an exploitative technique of selling access to the PlayStation Plus Collection games available for free on their new console. Read more...

Google discloses a zero-day vulnerability in Windows, currently exploited in the wild

Abhay V — Fri, 30 Oct 2020 20:32:01 +0000

Google's Project Zero team has disclosed a zero-day vulnerability in Windows that enables elevated code execution that is currently being exploited. Microsoft is expected to patch the bug next month. Read more...

Twitter says state-actors may have gained access to people's phone numbers

Paul Hill — Tue, 04 Feb 2020 08:08:01 +0000

Twitter has revealed that hackers attempted to match phone numbers to Twitter usernames. It said the hack may have been state-backed, possibly being linked to Iran, Israel, or Malaysia. Read more...

Linux/Unix exploit allows some restricted commands to be run as root without clearance

Ather Fawaz — Tue, 15 Oct 2019 06:54:01 +0000

A subset of users with sudo access could have run commands restricted to root users by leveraging a discovered exploit in a function return call that changes the user ID in Linux and Unix systems. Read more...

Microsoft issues fixes for two critical, wormable vulnerabilities in Windows

Muhammad Jarir Kanji — Tue, 13 Aug 2019 22:04:01 +0000

Microsoft has identified and patched two critical vulnerabilities in Windows Remote Desktop Services that affect Windows 7 through 10. The two Bluekeep-like vulnerabilities are also wormable. Read more...

German cybersecurity agency identifies critical flaw in VLC Media Player [Update]

Muhammad Jarir Kanji — Sat, 20 Jul 2019 18:30:01 +0000

CERT-Bund, the computer emergency response team of Germany, has identified a critical security flaw in the popular VLC Media Player that would allow remote code execution and more. Read more...