WinBuzzer

Microsoft January 2026 Patch Tuesday Fixes Actively Exploited DWM Zero-day Alongside 111 ...

Microsoft has patched 112 vulnerabilities in January 2026, including CVE-2026-20805, a Desktop Window Manager zero-day that attackers are actively exploiting.
腾讯网

新型Kerberos中继攻击利用DNS CNAME记录绕过防护措施 - PoC已发布

当受害者尝试访问合法域资产时,恶意DNS服务器会返回一个指向攻击者控制主机名的CNAME记录,以及一个解析为攻击者IP地址的A记录。这导致受害者使用为攻击者目标服务准备的票据向攻击者基础设施进行认证。 测试证实,该漏洞在Windows ...