""There is user interaction here, as the client needs to click a link or a shortcut file," Childs wrote in a blog post. "Still, a one-click bug to gain code execution is a rarity.""
"A Google spokesperson confirmed that the Windows shell bug was under "widespread, active exploitation," and said successful hacks allowed the silent execution of malware with high privileges, "posing a"
Microsoft released fixes for multiple Windows and Office zero-day vulnerabilities that are being actively abused to break into computers. The exploits enable one-click attacks that can plant malware or grant access with minimal user interaction; at least two flaws are exploitable by tricking users into clicking malicious links, and another can be triggered by opening a malicious Office file. Details of exploit techniques have been published. Microsoft credited security researchers in Google's Threat Intelligence Group for help finding the vulnerabilities. One bug, CVE-2026-21510, affects the Windows shell across all supported versions and can bypass SmartScreen, enabling remote malware installation and high-privilege silent execution.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]