Find notable cyber news and cases, enriched with sources, timelines, and signals.

Windows Shell security feature bypass (CVE-2026-21510)

Vulnerability
First reported
Last updated
Happening score
H score 1
2 unique sources, 2 articles

Summary

Hide ▲

Microsoft patched CVE-2026-21510, an actively exploited Windows Shell security feature bypass that could let attackers evade SmartScreen and Shell warnings. The flaw can be triggered by opening a specially crafted link or shortcut file, turning a simple click into a prompt-bypass path on affected Windows systems. Microsoft shipped the fix in February 2026 Patch Tuesday, making it a priority update for Windows users and administrators.

Related Happenings

Microsoft Office launch disruption after June 2026 Windows updates

Service Disruption
H score0 First: 17.06.2026 14:54 Last: 17.06.2026 14:54 Sources 1

About this happening: Microsoft is investigating a **Windows update-related disruption** that can stop **third-party applications** from launching **Word, Excel, PowerPoint, Access** or opening documen...

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
H score39 First: 10.06.2026 02:11 Last: 10.06.2026 02:11 Sources 1

About this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...

Latest development: 10.06.2026 08:22

The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.

Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)

Advisory/Mitigation
H score32 First: 20.05.2026 10:31 Last: 20.05.2026 10:31 Sources 1

About this happening: **Windows BitLocker** **YellowKey** (**CVE-2026-45585**) moved from interim mitigation to patch status after **Microsoft** fixed it in **June 2026 Patch Tuesday**. The **Windows R...

Latest development: 10.06.2026 12:57

On Tuesday, Microsoft fixed YellowKey (CVE-2026-45585) as part of its June 2026 Patch Tuesday updates and shared mitigation measures for the Windows Recovery Environment backdoor. The flaw affects unpatched Windows 11 and Windows Server 2022/2025 systems and can let attackers with physical access bypass BitLocker protection on targeted devices.

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
H score10 First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
H score7 First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that affects the **Windows Recovery Environment (WinRE)** path and can expose **BitL...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Timeline

  1. 10.02.2026 20:51 3 articles · 4mo ago

    Microsoft patches CVE-2026-21510 in Windows Shell

    Mitigation Patch Update

    Microsoft's February 2026 Patch Tuesday on 2026-02-10 fixed CVE-2026-21510, an actively exploited Windows Shell security feature bypass that can be triggered by opening a specially crafted link or shortcut file. Microsoft said improper handling in Windows Shell components can allow attacker-controlled content to execute without user warning or consent, and attributed discovery to MSTIC, MSRC, the Office Product Group Security Team, Google Threat Intelligence Group, and an anonymous researcher.

    Show sources