Chaotic Eclipse's MiniPlasma takes SYSTEM on fully patched Windows 11 May 2026 by re-triggering CVE-2020-17103 in cldflt.sys, the same bug James Forshaw reported in 2020 and Microsoft supposedly fixed that December. Will Dormann confirmed the PoC works; the latest Insider Canary blocks it. No new CVE assigned yet, and the regression sits next to the actively exploited CVE-2025-62221 in the same driver.
Chaotic Eclipse released YellowKey and GreenPlasma PoCs one day after May 2026 Patch Tuesday. A USB-borne FsTx folder plus a Ctrl-key reboot drops cmd.exe inside WinRE on a BitLocker-protected machine. Covers WinRE-only behavior, the CTFMON SYSTEM elevation path, the RedSun silent-patch dispute, and what defenders can actually do while unpatched.
137 CVEs, no zero-days. Netlogon and DNS Client RCEs (both CVSS 9.8) lead — compared against ZeroLogon/SIGRed, with patch priority tiers and detection notes for SOC teams.
CreateFileW dwShareMode=0 locks 500K SMB files in 8 min with no encryption. Detection key: NAS session exclusive handle counts, not write-based indicators.
Design notes for centrally managing 3 play PCs at an exhibition booth. Mix the management UI into HDMI multiview to fit everything on one monitor, with a Stream Deck physical console so a relief operator can take over without breaking anything.
Tested WAI-Anima v1 on Windows + RTX 4060 Laptop GPU (8GB VRAM). Headless execution via ComfyUI API hit a tqdm OSError on startup, but launching ComfyUI normally generates a single image in 55 seconds. Includes the workaround and timing notes.
Microsoft's second-largest Patch Tuesday ever. SharePoint Server XSS zero-day (CVSS 6.5) confirmed in active exploitation and added to CISA KEV. Windows Defender BlueHammer LPE (CVSS 7.8) has a full public PoC. Also includes a wormable IKE RCE at CVSS 9.8.
Adobe CC's WAM component silently adds a detect-ccd.creativecloud.adobe.com entry to the Windows hosts file and uses it to detect installations from the browser. A breakdown of the mechanism and the broader pattern of major software taking control away from the OS and the user.
Two approaches to achieve local isolated execution of AI coding agents. On macOS, Agent Safehouse uses OS-native sandbox-exec for kernel-level restrictions, and on Windows, Codex uses the VM-based Windows sandbox.
WAN 2.2 image-to-video on Windows + RTX 4060 8GB VRAM in ComfyUI. The 5B fp8 model produced rough output across three failed attempts; the 14B Rapid distilled model with --lowvram offloading hit 111 seconds per 2-second clip. Working setup and what to avoid.
Russian APT28 started exploiting URL validation flaw in ieframe.dll (CVE-2026-21513, CVSS 8.8) in January 2026. We have laid out the technical mechanics of an attack chain that bypasses Mark-of-the-Web via LNK files and executes code outside the browser sandbox.
Testing the new LSP feature in Claude Code v2.0.74 with a PHP setup. phpactor fails on Windows, intelephense installs but isn't recognized — turns out it's already filed as Issue #14803.
