cyber·news

HIGH

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

The Hacker News supply-chainbreachesmalware +19 19d ago

INFO

'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

rss:darkreading 25d ago

INFO

It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight

rss:darkreading 24d ago

INFO

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

The Hacker News 24d ago

INFO

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

The Hacker News 24d ago

INFO

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

The Hacker News 22d ago

INFO

Can Laws Stop Deepfakes? South Korea Aims to Find Out

rss:darkreading 19d ago

INFO

Processes and Culture Top Reasons Behind Data Breaches

rss:darkreading 16d ago

INFO

When Identity is the Attack Path

The Hacker News 16d ago

INFO

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The Hacker News 15d ago

INFO

Meta settles school district lawsuit claiming addictive design harmed students' mental health

The Record 14d ago

INFO

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News 14d ago

INFO

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

The Hacker News 12d ago

INFO

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Hacker News 11d ago

INFO

RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries

SecurityWeek 10d ago

INFO

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

SecurityWeek 8d ago

INFO

California AG sues 23andMe over 2023 breach exposing health data

BleepingComputer 7d ago

INFO

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

SecurityWeek 3d ago

INFO

Chrome 149 Patches 429 Vulnerabilities

SecurityWeek 1d ago

INFO

EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers

The Record 1d ago

HIGH

Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector

SecurityWeek breachesransomwaresupply-chain +4 17d ago

INFO

Most Remediation Programs Never Confirm the Fix Actually Worked

The Hacker News 24d ago

INFO

Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut

rss:darkreading 17d ago

INFO

Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks

rss:darkreading 15d ago

INFO

What 2026 DBIR Confirms: Attacks Are Living in the Browser

BleepingComputer 1d ago

INFO

Attackers Weaponize RubyGems for Data Dead Drops

rss:darkreading breachesmalwarethreat-actors +2 23d ago

INFO

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

The Hacker News 24d ago

INFO

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

The Hacker News 24d ago

INFO

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

The Hacker News supply-chainbreachesmalware +19 7h ago

INFO

VoidStealer Malware Darts Past Google Chrome's Encryption

rss:darkreading 30d ago

INFO

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

The Hacker News 24d ago

INFO

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

rss:googleprojectzero 24d ago

INFO

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

SecurityWeek 16d ago

INFO

Google accidentally exposed details of unfixed Chromium flaw

BleepingComputer 15d ago

INFO

Google API Keys Remain Active After Deletion

rss:darkreading 15d ago

INFO

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

The Hacker News 10d ago

INFO

Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks

SecurityWeek 9d ago

INFO

US charges Google security engineer with Polymarket insider trading

BleepingComputer 8d ago

INFO

Google Chrome adds session cookie theft protection for all users

BleepingComputer 8d ago

INFO

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

The Hacker News 5d ago

INFO

Google fixes one actively exploited Android zero-day, 124 flaws

BleepingComputer 4d ago

INFO

Google adds Android protection against AI deepfake scam calls

BleepingComputer 3d ago

INFO

Malicious Notifications Could Trick Google Gemini Users

rss:darkreading 3d ago

INFO

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

The Hacker News 2d ago

INFO

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

The Hacker News 2d ago

INFO

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

The Hacker News 2d ago

INFO

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

The Hacker News 2d ago

INFO

Gemini Voice Assistant Hijacked via Messaging Notifications

SecurityWeek 2d ago

INFO

Patch Tuesday, May 2026 Edition

Krebs breachesthreat-actors 24d ago

INFO

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

The Hacker News supply-chainbreachesmalware 24d ago

INFO

Hugging Face Packages Weaponized With a Single File Tweak

rss:darkreading breachesmalwarethreat-actors 25d ago

INFO

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

The Hacker News supply-chainbreachesmalware 25d ago

INFO

20 Leaders Who Built the CISO Era: 2 Decades of Change

rss:darkreading breachesmalwarethreat-actors 25d ago

INFO

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

The Hacker News supply-chainbreachesmalware 25d ago

HIGH

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

The Hacker News supply-chainbreachesmalware +3 25d ago

INFO

After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets

rss:darkreading 29d ago

INFO

GitHub Confirms Hack Impacting 3,800 Internal Repositories

SecurityWeek 17d ago

INFO

The Hackers Behind Shai-Hulud: Lucky or Skilled?

rss:darkreading 10d ago

HIGH

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

The Hacker News supply-chainbreachesmalware +16 17d ago

INFO

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)

rss:unit42 35d ago

INFO

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

rss:darkreading 25d ago

HIGH

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

The Hacker News 22d ago

HIGH

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

The Hacker News 19d ago

HIGH

Developer Workstations Are Now Part of the Software Supply Chain

The Hacker News 19d ago

HIGH

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

The Hacker News 19d ago

HIGH

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

The Hacker News 18d ago

INFO

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

SecurityWeek 17d ago

INFO

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

The Hacker News 12d ago

INFO

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

The Hacker News 8d ago

INFO

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

The Hacker News 4d ago

INFO

Red Hat npm packages compromised to steal developer credentials

BleepingComputer 4d ago

INFO

Supply Chain Attack Hits 32 Red Hat NPM Packages

SecurityWeek 4d ago

INFO

New IronWorm malware hits 36 packages in npm supply-chain attack

BleepingComputer 1d ago

INFO

Rust-Written IronWorm Hits NPM Supply Chain

rss:darkreading 1d ago

INFO

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

The Hacker News 20h ago

INFO

Why Agentic AI Is Security's Next Blind Spot

The Hacker News supply-chainbreachesmalware 25d ago

INFO

Hackers Leak DentaQuest Information Impacting 2.6 Million

SecurityWeek breachesransomwaresupply-chain +11 1d ago

INFO

Instructure Breach Exposes Schools' Vendor Dependence

rss:darkreading 30d ago

INFO

ShinyHunters Claims Second Attack Against Instructure

rss:darkreading 28d ago

INFO

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

The Hacker News 25d ago

INFO

Congress Puts Heat on Instructure After Canvas Outage

rss:darkreading 21d ago

INFO

7-Eleven confirms breach after ShinyHunters claims

The Record 16d ago

INFO

7-Eleven data breach exposes personal information of 185,000 people

BleepingComputer 11d ago

INFO

185,000 Likely Impacted by 7-Eleven Data Breach

SecurityWeek 11d ago

INFO

Charter confirms data breach after ShinyHunters extortion threat

BleepingComputer 10d ago

INFO

Carnival Cruise confirms data breach affecting nearly 6 million people

BleepingComputer 9d ago

INFO

Charter Communications data breach affects 4.9 million accounts

BleepingComputer 8d ago

INFO

Charter Communications Data Breach Could Impact Nearly 5 Million

SecurityWeek 7d ago

INFO

FCC Softens Ban on Foreign-Made Routers

rss:darkreading breachesmalwarethreat-actors 25d ago

INFO

Tech Can't Stop These Threats — Your People Can

rss:darkreading breachesmalwarethreat-actors 25d ago

INFO

Hackers Use AI for Exploit Development, Attack Automation

rss:darkreading breachesmalwarethreat-actors 26d ago

INFO

Cyber Espionage Group Targets Aviation Firms to Steal Map Data

rss:darkreading breachesmalwarethreat-actors 26d ago

INFO

Canvas Breach Disrupts Schools & Colleges Nationwide

Krebs breachesthreat-actors 29d ago

INFO

Has CISA Finally Found Its New Leader in Tom Parker?

rss:darkreading breachesmalwarethreat-actors 29d ago

INFO

'TrustFall' Convention Exposes Claude Code Execution Risk

rss:darkreading breachesmalwarethreat-actors 30d ago

INFO

AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems

rss:darkreading breachesmalwarethreat-actors 30d ago

INFO

From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber

rss:darkreading breachesmalwarethreat-actors 31d ago

INFO

Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA

rss:darkreading breachesmalwarethreat-actors 31d ago

INFO

China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

The Hacker News supply-chainbreachesmalware +10 2d ago

INFO

Middle East Cyber Battle Field Broadens — Especially in UAE

rss:darkreading 31d ago

INFO

Cyber Resilience is the New Business Continuity Plan

SecurityWeek 18d ago

INFO

Windows Zero-Day Barrage Continues After Patch Tuesday

rss:darkreading 17d ago

INFO

Identity Alone Isn't Enough: Why Device Security Has to Share the Load

BleepingComputer 17d ago

INFO

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects

SecurityWeek 12d ago

INFO

Iranian APT Targets Aviation, Software Companies With Updated Tools

SecurityWeek 11d ago

INFO

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

The Hacker News 10d ago

INFO

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

The Hacker News 8d ago

INFO

Global Stock Exchange Hit by Monthslong Email Campaign

rss:darkreading 3d ago

INFO

What 345 Days of Untested Exposure Looks Like at a Bank

BleepingComputer 3d ago

INFO

Trellix Source Code Breach Highlights Growing Supply Chain Threats

rss:darkreading breachesmalwarethreat-actors 31d ago

INFO

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

Krebs breachesthreat-actors 37d ago

INFO

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

Krebs breachesthreat-actors 45d ago

HIGH

Patch Tuesday, April 2026 Edition

Krebs breachesthreat-actorszero-day 52d ago

INFO

Russia Hacked Routers to Steal Microsoft Office Tokens

Krebs breachesthreat-actorsnation-state 59d ago

HIGH

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

Krebs breachesthreat-actorsransomware 61d ago

INFO

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

Krebs breachesthreat-actors 74d ago

INFO

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

Krebs breachesthreat-actors 78d ago

Prev Page 12 / 12

HIGH The Hacker News Mon, 18 May 2026 08:57:34 UTC

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html

TL;DR AI

Here is a 3-sentence summary for a technical security audience: Chaotic Eclipse has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day vulnerability, MiniPlasma, which grants attackers SYSTEM privileges on fully patched Windows systems, including Windows 11. The vulnerability, codenamed "cldflt.sys," impacts the Windows Cloud Files Mini Filter Driver and is still present despite Microsoft's initial patch in December 2020. The vulnerability was discovered by Chaotic Eclipse researcher James Forshaw, who found it in Google Project Zero's September 2020 report, and was initially thought to be fixed, but further investigation has confirmed that it remains unpatched.

supply-chainbreachesmalwarezero-day

Read full story ↗