A new Windows Defender zero-day exploit called RedSun has been released by a security researcher, while other major cybersecurity incidents impact Bitwarden, Anthropic, and various educational institutions.

Key Points

• The RedSun exploit targets a logic and timing error in Windows Defender, allowing attackers to bypass quarantine and install malicious files.
• A group known as "Hazy Hawk" hijacked dangling DNS CNAME records at over 30 educational and government institutions to facilitate ad click spam.
• A trojanized version of the Bitwarden command-line interface was discovered stealing SSH keys, authentication tokens, and modifying GitHub Actions.
• Anthropic confirmed unauthorized access to its Mythos AI model following a social engineering attack against a third-party contractor.
• Nextcloud has terminated its bug bounty program, citing an overwhelming volume of low-quality, AI-generated vulnerability reports.
• Apple released iOS 26.4.2 to address a notification database flaw that allowed investigators to recover deleted Signal message content.

Why it Matters

These incidents highlight a growing trend of supply chain vulnerabilities and the exploitation of legacy infrastructure, such as abandoned DNS records. As AI tools increase the volume of both automated attacks and low-quality security reports, organizations face mounting pressure to secure their development pipelines and administrative configurations.