§ Category
Category

Cyber Tools

AT

ClickFix Detection: Watching the Run Dialog Instead of the Payload

ClickFix turns the user into the execution primitive, which means your payload-side detections fire late or not at all. Here’s where the real telemetry lives, what the first week of tuning has to fix, and which environment assumptions decide whether the detection works at all.

·
Cyber Tools

CVE-2026-48095: One Undefined Shift, 256 MB Into 1 Byte, and the Signature Fallback That Means ‘.rar’ Doesn’t Save You

CVE-2026-48095 is a heap buffer overflow in 7-Zip’s NTFS handler reachable from any file extension because of signature-based fallback parsing. The fix shipped in 26.01 three days after the private report; public disclosure came 25 days later. PoC is public, the trigger is a one-line undefined shift, and the exploitable vtable sits 304 bytes from the overflow site. The patch is uncomplicated. The deployment surface isn’t.

·
Cyber Tools

Defender’s Auto-Isolate Preview: What Changes When ‘Contain’ Becomes ‘Isolate’

Microsoft Defender’s new Preview adds automatic Isolate device to the attack disruption stack — distinct from the Device contain action that’s been auto-firing since 2023. The distinction matters operationally. So does Microsoft’s stated 99%+ confidence threshold, the 3-day offline retry window, the workstation-only scope, and the exclusion model defenders need to wire up before flipping this on.

·