New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
The Hacker News

Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Microsoft fixes CVE-2026-26119, an 8.8 CVSS privilege escalation bug in Windows Admin Center that could allow network-based user rights takeover.

Here is how Microsoft is improving PowerShell and Windows OpenSSH in 2026Here is how Microsoft is improving PowerShell and Windows OpenSSH in 2026Here is how Microsoft is ...

Microsoft is gearing up for big PowerShell and Windows OpenSSH changes in 2026, but security will come before flashy new features.

Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack

Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline.

CISA gives feds 3 days to patch actively exploited BeyondTrust flaw

CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
WinBuzzer

Edge 145 Rolls Out with Password Upgrades and Security Patches

Microsoft has released Edge 145 with password manager improvements, Read Aloud enhancements for PDFs, and patches for two important security vulnerabilities.