Endpoint-Security

Vulnerabilities 2026-05-17
YellowKey and GreenPlasma: Same Researcher Drops Two More Windows Zero-Days, BitLocker Bypass via WinRE USB
The anonymous researcher behind BlueHammer is back with YellowKey, a BitLocker bypass that drops a CMD shell on protected drives via crafted FsTx files in WinRE, plus GreenPlasma, a CTFMON privilege escalation. No CVE, no patch.
windows bitlocker zero-day winre privilege-escalation ctfmon endpoint-security
vulnerability 2026-05-14
Every Windows Endpoint is a Target: CVE-2026-41096 Heap Overflow in DNS Client Enables Remote Code Execution
CVE-2026-41096 is a CVSS 9.8 heap overflow in the Windows DNS Client. A single malicious DNS response can yield code execution on any Windows host — no auth, no user click, no document opened. The blast radius is every Windows endpoint that resolves a name.
windows dns rce patch-tuesday heap-overflow mitm endpoint-security cvss-9.8
breach 2026-05-02
Trellix Confirms Source Code Repository Breach as XDR Vendor Becomes the Target
Trellix has confirmed unauthorized access to a portion of its internal source code repository, putting one of the industry's largest XDR vendors in the unenviable position of being the breached defender.
trellix source-code-leak xdr endpoint-security supply-chain breach

YellowKey and GreenPlasma: Same Researcher Drops Two More Windows Zero-Days, BitLocker Bypass via WinRE USB