Microsoft began rolling out patches Wednesday for two zero-day vulnerabilities in Defender that attackers are actively exploiting to gain SYSTEM privileges or trigger denial-of-service conditions. CISA added the flaws, known as RedSun and UnDefend, to its Known Exploited Vulnerabilities catalog and gave federal agencies until June 3 to apply fixes.

The flaw stems from an improper link resolution before file access weakness, also known as link following, which allows attackers to gain SYSTEM privileges.
CISA warned that this type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Expert Take: Enterprise admins should manually confirm the Antimalware ClientVersion matches 1.1.26040.8 or 4.18.26040.7 even with automatic updates enabled, as high-security environments cannot assume defaults alone will meet CISA compliance deadlines.
Tap a lens to see what this story means for you.
Reader-supported · Daily Brief
Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.
See what’s happening right now
The Feed runs all day — short, verified briefs the moment they break.
Open the FeedFollow @thecircuitry_
Every story we publish, as it happens. No noise between.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.
Progress Software has begun contacting organizations that run Storage Zone Controllers for its ShareFile platform, directing them to turn off the associated Windows servers at once because of what the firm calls a "credible external security threat" aimed at the on-premises component. Cloud access has been blocked as a precaution while the company and outside experts investigate.
China enacted a temporary helium export ban on July 10, 2026 to safeguard domestic supplies amid ongoing Middle East supply risks. The step highlights concerns over prolonged global shortages of the irreplaceable gas used in chipmaking and medical imaging.
Attackers are exploiting CVE-2026-20896 in Gitea’s official Docker image to impersonate any user via a single trusted header. The critical flaw affects default configurations of instances up to version 1.26.2, prompting urgent upgrades to 1.26.4 and log reviews.