Cve 2026 11655
The latest Cve 2026 11655 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft's Defender Hit by 'RoguePlanet' Zero-Day: Privilege Escalation Risk Before Patch
Microsoft published CVE-2026-50656, dubbed 'RoguePlanet,' an Important elevation-of-privilege vulnerability in the Microsoft Malware Protection Engine used by Defender. The zero-day allows local attackers to gain SYSTEM privileges, with no patch yet available. Organizations should enable cloud-delivered protection, enforce attack surface reduction rules, and monitor for anomalous engine behavior while awaiting Microsoft's fix.
Microsoft Unleashes Low Latency Mode on Windows 11 with June 2026 Patch Tuesday Update
Microsoft’s June 2026 cumulative update KB5094126 extends the Low Latency Profile power scheme to all Windows 11 editions, boosting build numbers to 26100.8655 (24H2) and 26200.8655 (25H2). The feature reduces input lag by keeping the CPU more alert, benefiting gamers, creators, and everyday users, though at the cost of higher power consumption.
Kali365 Phishing Kit Exploits OAuth Device Code Flow to Hijack Microsoft 365 Sessions, FBI Warns
The FBI warns that the Kali365 phishing kit bypasses passwords and MFA by tricking users into granting OAuth tokens to attackers via device code authentication. The kit, sold as a service, has already targeted Microsoft 365 users. Microsoft and security experts recommend disabling the device code flow where possible and enforcing strict Conditional Access policies.
CISA Flags High-Severity DoS Flaw in Rockwell CompactLogix 5370 PLCs Used Across Critical Manufacturing
CISA has republished a Rockwell Automation advisory warning of a denial-of-service vulnerability in CompactLogix 5370 L1, L2, and L3 controllers widely used in critical manufacturing. The flaw can trigger a major fault from specially crafted network traffic, halting operations. Users are urged to apply updated firmware and implement network segmentation to mitigate the risk.
Critical 9.4-Rated Bugs in Rockwell FLEX I/O Adapters Urge Immediate Patching
CISA has republished a Rockwell Automation advisory warning of two critical vulnerabilities (CVSS 9.4) in FLEX I/O EtherNet/IP adapters. These flaws could allow remote code execution or denial-of-service attacks, putting industrial control systems at risk. The advisory urges immediate firmware updates and network segmentation.
CISA Reissues Advisory as Authorization Bypass Vulnerability in Rockwell PavilionX Demands Immediate Patching
CISA has republished a Rockwell Automation advisory warning of a missing-authorization vulnerability in FactoryTalk Analytics PavilionX. The flaw, CVE-2025-14272, affects versions before 7.01 and could allow attackers to gain unauthorized administrative control, putting critical infrastructure at risk. Organizations are urged to patch immediately and implement compensatory controls.
FBI Flags Kali365 Phishing Kit That Mimics Microsoft’s Legitimate Device Login Screen
The FBI warns that Kali365, a phishing-as-a-service platform, abuses Microsoft’s legitimate device-code authentication to steal Microsoft 365 tokens without spoofing login pages. Organizations can block the attack using Entra ID Conditional Access policies and user education.
CISA Renews Alert for Rockwell RSLinx Classic DoS Vulnerability (CVE-2020-13573) With Exploitation Concerns
CISA has republished Rockwell Automation's advisory SD1774, highlighting that RSLinx Classic 4.50.00 and earlier remain vulnerable to CVE-2020-13573, a remotely exploitable denial-of-service condition. The reissued warning signals that unpatched industrial Windows systems are still accessible and at risk. Asset owners are urged to upgrade or apply mitigations to prevent production-disrupting attacks.
Critical DoS Flaw in Rockwell Logix Controllers Prompts CISA Patch Warning
CISA has republished Rockwell Automation’s advisory SD1772, warning that a crafted CIP message can remotely crash CompactLogix 5370 and ControlLogix 5570 controllers, leading to a complete denial of service. The unauthenticated attack requires only network access, posing a severe availability risk to industrial processes. Operators must apply firmware patches immediately and strengthen network segmentation to protect against CVE-2026-11317.
FBI Raises Alarm on Kali365 Phishing Kit Weaponizing Microsoft's OAuth Flow to Steal Corporate Data
The FBI warned Microsoft 365 users about Kali365, a phishing‑as‑a‑service kit that abuses the device‑code authentication flow to steal OAuth tokens and bypass multifactor authentication. Organizations are urged to block the device‑code flow unless necessary and implement Conditional Access policies to mitigate the risk.
Symantec Uncovers Backdoor.Turn: DragonForce Ransomware’s Trojan Horse in Teams
Symantec has revealed that the DragonForce ransomware group is using a custom Go backdoor, Backdoor.Turn, to hide command-and-control traffic inside Microsoft Teams relay infrastructure. This stealthy technique abuses trusted cloud services to evade detection, posing a significant challenge for enterprise defenders. The group’s continued innovation underscores the evolving threat landscape.
GPU-Z 2.70.0 Security Overhaul Prompts Urgent Update for Windows Users
TechPowerUp releases GPU-Z 2.70.0 with a re-engineered kernel driver to address security vulnerabilities, alongside expanded support for NVIDIA RTX 5000, Intel Arc Battlemage, and Qualcomm Adreno X1 GPUs. The update is crucial for Windows users to mitigate risks from kernel-level attacks and ensure accurate hardware diagnostics.
Windows 11 KB5094126 Update Sparks Boot Failures, BitLocker Recovery on Enterprise PCs
The June 9, 2026 cumulative update KB5094126 for Windows 11 24H2 and 25H2 is triggering boot failures and BitLocker recovery screens on enterprise devices. Reports indicate the issue may be linked to Secure Boot or TPM changes, forcing IT admins to enter recovery keys and roll back the update. Microsoft has yet to respond as companies scramble to mitigate the damage.