.png)
Microsoft Fixes Two Actively Exploited Defender Zero-Days
Microsoft has patched two actively exploited zero-day vulnerabilities in Microsoft Defender, according to SecurityWeek. The first flaw, CVE-2026-41091, allows local privilege escalation due to improper link resolution before file access. The second, CVE-2026-45498, can be exploited to cause a denial-of-service condition.
Although neither vulnerability is rated critical, active exploitation significantly raises the risk. Organizations should prioritize patching immediately. The Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to remediate both flaws by June 3.
New Phishing Kit Bypasses Credentials
to Target Microsoft 365 Accounts
The FBI has issued an alert on Kali365, a phishing-as-a-service platform that emerged last month and is designed to compromise Microsoft 365 accounts. Rather than stealing passwords or MFA codes, Kali365 captures OAuth tokens, enabling attackers to access accounts without traditional credential theft.
According to the FBI, Kali365 lowers the barrier to entry for cybercriminals by providing AI-generated phishing lures, automated campaign templates, real-time victim tracking dashboards, and OAuth token capture capabilities.
Anthropic's AI Security Model Uncovers
23,000+ Open-Source Vulnerabilities
Anthropic has shared new results from Project Glasswing, an initiative that provided approximately 50 organizations with early access to its cybersecurity-focused AI model, Claude Mythos.
The company reports that Mythos has identified more than 23,000 potential vulnerabilities in open-source software, including over 1,500 high- and critical-severity flaws. Anthropic has disclosed 530 vulnerabilities to software maintainers and is working through the remainder. To date, 75 of the reported issues have been patched.
Anthropic notes that patch numbers remain relatively low because many disclosures are still within the standard 90-day remediation window, some fixes are released without public advisories, and maintainers are already struggling to keep pace with existing vulnerability workloads.
FBI Warns of Social Engineering Campaign Targeting Law Firms
The FBI has released a FLASH alert warning organizations about the Silent Ransom Group (SRG)—also known as Luna Moth, Chatty Spider, and UNC3753—which continues to target law firms through sophisticated social engineering attacks.
SRG operators impersonate IT support personnel via phone calls and phishing emails to gain access to victim systems. In some cases, they use legitimate remote access tools or even send individuals to a company’s physical location to obtain direct access to computers and steal data.
While the group has targeted organizations across multiple sectors, including insurance, finance, and healthcare, U.S.-based law firms have remained a consistent focus since Spring 2023. The FBI alert includes indicators of compromise, MITRE ATT&CK mappings, and recommended defensive measures.
CrowdStrike, Google, and Shadowserver Disrupt Glassworm Botnet
CrowdStrike, in collaboration with Google and the Shadowserver Foundation, has dismantled the Glassworm botnet, a threat that has targeted software developers since early 2025. The operation severed all four command-and-control channels, cutting operators off from infected systems.
According to CrowdStrike, Glassworm specifically targeted developers because of their access to source code repositories, cloud environments, CI/CD pipelines, and software package registries. A single compromised developer workstation can create a supply-chain risk that impacts thousands of downstream organizations and users, making developers especially attractive targets for threat actors.