:

MICROSOFT PATCHES DEFENDER ZERO-DAYS IN ACTIVE ATTACKS

SECURITY DESK1 MIN READ
THU, MAY 21, 2026

■ AI-SUMMARIZED FROM 4 SOURCES ▸ TIMELINE

Microsoft released security patches Wednesday for two Windows Defender vulnerabilities being actively exploited by attackers. The zero-day flaws pose immediate risk to unpatched systems.

Microsoft began deploying fixes for the two critical Defender vulnerabilities this week after confirming they were already under active exploitation. The timing suggests attackers discovered and weaponized the flaws before Microsoft's awareness, giving threat actors a window to target vulnerable systems. The company did not immediately disclose detailed technical specifications about the vulnerabilities or the scope of attacks. However, the decision to expedite patches indicates Microsoft assessed the threats as severe enough to warrant priority distribution. Zero-day exploits—attacks leveraging previously unknown security flaws—are particularly dangerous because defenders have no advance notice to develop protections. Windows Defender's central role in system security makes vulnerabilities in the software especially valuable to threat actors. Organizations running affected Defender versions should apply patches immediately through Windows Update or Microsoft's security portal. Users can check their system settings to verify automatic updates are enabled. This incident underscores ongoing pressure on Microsoft to maintain security across its sprawling software ecosystem. Defender vulnerabilities are particularly sensitive given their privileged system access and widespread deployment across consumer and enterprise environments. Microsoft has not attributed the attacks to specific threat groups or disclosed affected customer counts. The company typically provides more details in security advisories published on its website. Users who cannot immediately patch should consider implementing additional defensive measures, including disabling unnecessary features, restricting administrative access, and monitoring for suspicious system activity.

■ SOURCES

TechCrunchBleeping ComputerBleeping ComputerBleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.