Threat Hunting
The latest Threat Hunting coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-20951: Critical SharePoint RCE Vulnerability - Patch & Hunt Guide
Microsoft has issued an urgent security advisory for CVE-2026-20951, a critical remote code execution vulnerability affecting Microsoft SharePoint Server that requires immediate attention from...
Microsoft's New NTFS RCE Flaw Puts Virtualization Hosts at Immediate Risk — Here’s the Patch Plan
Microsoft has disclosed a serious vulnerability in the Windows NTFS file system that could let attackers run malicious code on a victim’s machine simply by getting them to mount a crafted disk...
CVE-2026-20838: Windows Kernel Info Disclosure Vulnerability Poses Reconnaissance Threat
Microsoft has documented a significant security vulnerability in the Windows kernel, designated CVE-2026-20838, which security researchers and IT administrators are treating as a serious...
CVE-2026-20833: Critical Windows Kerberos Information Disclosure Vulnerability Patched
Microsoft has released an urgent security update addressing CVE-2026-20833, a significant information disclosure vulnerability in Windows' Kerberos authentication stack that could expose sensitive...
Sysmon Becomes Native Windows Feature in 2025 for Streamlined Threat Hunting
Microsoft is fundamentally changing how security professionals approach Windows monitoring by integrating System Monitor (Sysmon) directly into the Windows operating system. This strategic move...
PassiveNeuron Cyber Espionage Campaign Targets Windows Servers
Kaspersky's Global Research and Analysis Team (GReAT) has uncovered an ongoing, sophisticated cyber espionage campaign specifically targeting Windows Server environments across government and...
BRICKSTORM Espionage Campaign: How Appliance Vulnerabilities and VMware Pivot Threaten Windows Security
A sophisticated and persistent espionage campaign, dubbed BRICKSTORM by cybersecurity researchers, has been stealthily targeting high-value organizations in sectors like technology and law,...
CISA GeoServer CVE-2024-36401: Patch Now and Strengthen Incident Response Plans
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory highlighting a recent incident where attackers exploited a vulnerability in GeoServer, leading to remote...
Microsoft Flags Graphics Bug That Lets Attackers Grab System Control—Here’s Your Patching Plan
Microsoft’s latest security update addresses a race condition in the Windows graphics component that could allow an attacker with local access to escalate privileges to SYSTEM level. The...
Ivanti EPMM Hackers Plant Persistent Tomcat Backdoors Using Reflective Java Loaders
The U.S. Cybersecurity and Infrastructure Security Agency has published a detailed analysis of malware that exploits two vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) to plant persistent...
CVE-2025-55319: How Agentic AI in Visual Studio Code Can Enable Remote Code Execution
A newly listed vulnerability in Microsoft’s Security Response Center, CVE-2025-55319, pulls back the curtain on a dangerous new class of attacks: prompt injections that weaponize agentic AI...
Microsoft’s September Patches Put a Target on SMB and HPC—81 CVEs, One Public Disclosure
Microsoft’s September 2025 security update lands with 81 freshly patched vulnerabilities, and the mix is anything but quiet: a publicly disclosed Server Message Block (SMB) elevation-of-privilege...