Two New Zero Day Flaws Bypass BitLocker and Elevate Privileges on Windows

Chaotic Eclipse reveals two zero day flaws, one bypassing BitLocker encryption via the Windows Recovery Environment and another elevating privileges through the CTFMON framework.

The Latest

Breaking News and Alerts

Apache HTTP Server HTTP/2 Bug Opens Door to Service Disruption and Code Execution

A double free error in Apache's HTTP/2 stream handling allows attackers to crash servers with a single connection, with potential for remote code execution on some Linux systems.

Spotlight

Cybersecurity Profiles and Stories

Fortinet Fixes Critical Authentication Gap in Sandbox Platform

Fortinet released patches for five vulnerabilities including a critical unauthenticated authorization bypass in FortiSandbox that could expose sensitive analysis data to remote attackers.

Exim Mail Server Hit by Critical Remote Code Execution Flaw

The Dead.Letter vulnerability lets unauthenticated attackers achieve full server compromise through a single byte heap corruption in the Exim mail server.

Dell SupportAssist Bug Triggers Widespread Windows System Crashes

A faulty Dell SupportAssist Remediation update is causing BSOD loops every 30 minutes on Dell and Alienware laptops, with a manual uninstall serving as the temporary fix.

Mythos AI Reveals macOS Kernel Bugs That Break Apple’s Memory Defenses

Security researchers used techniques from Anthropic's Mythos AI to find two macOS privilege escalation bugs that defeat Apple's kernel memory protections.

Features

Research and Thought Leadership