4 articles tagged #windows
GitHub banned Nightmare-Eclipse for publishing six unpatched Windows zero-days without coordination. The security community is angry. I think GitHub made the right call — and the debate we should be having is different from the one we are having.
Day 2 of Pwn2Own Berlin 2026 yielded 15 zero-days and $385,750 in prizes. Exchange fell to a three-bug RCE chain. Cursor AI and OpenAI Codex were exploited too.
CVE-2026-45585 (YellowKey) gives an attacker shell access to a BitLocker volume using physical access and a USB drive. PoC is public, no patch exists. Enable TPM+PIN to block it.
Microsoft's 2011 Secure Boot certificates expire in June 2026. May 12 Patch Tuesday ships the 2023 replacements. Deferring to June leaves no margin.