PhantomRPC is an architectural weakness in the Windows Remote Procedure Call (RPC) runtime that allows low-privileged processes to escalate to SYSTEM or Administrator by impersonating privileged clients. Disclosed by Kaspersky’s Haidar Kabibo at Black Hat Asia 2026, the flaw stems from how rpcrt4.dll handles connections to unavailable RPC servers: when a privileged process attempts an RPC call to a server
Latest Articles
Microsoft
Accenture’s Big Bet: Rolling Copilot Out to 743,000 Employees and What It Means for Enterprise AI
Accenture is expanding its use of Microsoft’s Copilot 365 AI assistant across its entire global workforce—about 743,000 people—a move that marks one of the largest enterprise deployments of the tool to date. The companies did not disclose financial terms, but the scale of the rollout sends a clear signal: major consultancies are moving from pilot projects to firmwide adoption, betting that AI can reshape day-to-day work and client services. Why this deal matters This deployment is significant for both Accenture…
Continue readingPastebin-Hosted PowerShell Script Hijacks Telegram Sessions: What Happened and How to Respond
Security researchers recently uncovered a PowerShell script posted on Pastebin that was purpose-built to steal Telegram session data from both desktop and web clients. Masquerading as a benign “Windows Telemetry Update,” the script quietly collects host metadata, locates Telegram session stores, compresses them into an archive, and exfiltrates the file to an attacker-controlled Telegram bot. The discovery is notable less
DeepSeek V4: a cheaper, larger LLM that narrows the gap with frontier models
Chinese lab DeepSeek has released preview details for DeepSeek V4, a major update the company says brings its models much closer to so-called frontier systems. The announcement introduces two variants — V4 Flash and V4 Pro — and highlights big increases in scale, a 1 million-token context window, and aggressive pricing that positions the models as lower-cost alternatives to high-end
CISA: Zimbra XSS (CVE-2025-48700) Now Exploited — 10,500+ Servers Vulnerable
Over 10,000 instances of the Zimbra Collaboration Suite are exposed online and remain vulnerable to an actively exploited cross-site scripting flaw, raising fresh alarms about email server security for governments and businesses alike. The vulnerability, tracked as CVE-2025-48700, is serious because it can be triggered without user interaction and has been confirmed as abused in the wild, prompting action from
Hackers Leverage Microsoft Teams to Breach Organizations: Inside UNC6692’s SNOW Campaign
In late 2025 and into early 2026, a sophisticated intrusion campaign used the everyday familiarity of Microsoft Teams to turn routine collaboration into a direct route for enterprise compromise. By posing as IT helpdesk staff and exploiting users’ trust in external Teams invitations, the threat group tracked as UNC6692 moved from a simple chat message to full domain-level access—without exploiting
Bitwarden CLI Compromised in Supply Chain Attack via GitHub Actions
Socket and other researchers have confirmed that the Bitwarden CLI package published to npm — @bitwarden/cli version 2026.4.0 — was compromised in a supply chain attack that abused a GitHub Action in Bitwarden’s CI/CD pipeline. The malicious release injected a file named bw1.js into the package, exposing tokens, cloud credentials, SSH keys and other sensitive artifacts. While Bitwarden’s Chrome extension,