MUST READ

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

 | 

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

 | 

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

 | 

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

 | 

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

 | 

OpenAI hit by supply chain attack linked to malicious TanStack packages

 | 

Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

 | 

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

 | 

Ghostwriter group resumes attacks on Ukrainian Government targets

 | 

Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

 | 

Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall

 | 

U.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalog

 | 

Linux Kernel bug Fragnesia allows local root access attacks

 | 

Broadcom releases VMware Fusion security update for root access bug

 | 

NGINX Rift: an 18-year-old flaw in the world's most deployed web server just came to light

 | 

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

 | 

Nitrogen Ransomware claims massive data theft from Foxconn

 | 

Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming

 | 

MiniPlasma

Pierluigi Paganini May 18, 2026
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

Hacking / May 18, 2026

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

Uncategorized / May 18, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

Security / May 17, 2026

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

Security / May 17, 2026

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Cyber Crime / May 17, 2026