Windows zero-day grants admin access on patched systems
Researcher releases LegacyHive exploit enabling privilege escalation on current Windows versions, no patch available.
A security researcher operating under the handle Nightmare Eclipse has publicly released exploit code for a previously unknown Windows vulnerability. The zero-day, designated LegacyHive, permits attackers to escalate privileges to administrator level on fully updated Windows systems.
The exploit targets a weakness in how Windows handles legacy registry hives. Once an attacker gains initial access to a target machine—through phishing, malware, or other means—LegacyHive can elevate their permissions to SYSTEM-level administrative control. Microsoft has not issued a patch, and no timeline for remediation has been announced.
Public disclosure of working exploit code significantly compresses the window before widespread abuse. Threat actors typically integrate such tools into attack frameworks within days of release. The researcher's decision to publish without coordinating with Microsoft follows a pattern seen in recent high-profile disclosures, though motivations remain unclear.
- 01Enterprise Windows deployments vulnerable to privilege escalation until patch release.
- 02Threat actors likely integrating exploit into toolkits within days of publication.
- 03Security teams must intensify monitoring for abnormal administrative activity.
- 04Incident response plans should account for compromised admin credentials.
Ransomware attack halts Coca-Cola's Fairlife dairy production nationwide
Coca-Cola disclosed that a cyberattack on its Fairlife subsidiary has suspended all US production of the premium dairy brand.
Security firm automates zero-day discovery using AI code analysis
Intruder's vulnerability vending machine combines code slicing with large language models to find exploitable flaws without human analysts.
SonicWall warns of active exploits against two SMA 1000 zero-days
One vulnerability carries a maximum severity score and could allow unauthenticated attackers to execute arbitrary commands on enterprise VPN appliances.