Microsoft’s new MDASH AI system found 16 Windows vulnerabilities fixed in this month’s Patch Tuesday, including 2 RCE flaws in IKEv2 and TCP/IP.
Get the latest international news and world events from around the world.
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code.
Identified as CVE-2026–45185, the security issue impacts some Exim versions before 4.99.3 that use the default GNU Transport Layer Security (GnuTLS) library for secure communication. It is a user-after-free (UAF) flaw triggered during the TLS shutdown while handling BDAT chunked SMTP traffic.
Exim frees a TLS transfer buffer but later continues using stale callback references that can write data into the freed memory region, which can lead to unauthenticated remote code execution (RCE).
Windows BitLocker zero-day gives access to protected drives, PoC released
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw.
Known as Chaotic Eclipse or Nightmare Eclipse, the researcher describes the BitLocker bypass issue as functioning like a backdoor because the vulnerable component is present only in the Windows Recovery Environment (WinRE), which is used to repair boot-related issues in Windows.
The latest exploits follow the researcher’s previous disclosure of the BlueHammer (CVE-2026–33825) and RedSun (no identifier) local privilege escalation (LPE) as zero-day flaws, both of which began to be exploited in the wild shortly after being publicly disclosed.
AI Can Now Make Copies of Itself—And Scientists Are in Panic Mode!
To learn more, please visit the YouTube Help Center: https://www.youtube.com/help
Enhancing Non-small Cell Lung Cancer Susceptibility to Anti-PD-1/PD-L1 Therapy through PD-L1 Ligand–Ir(III) Complex Conjugates
Immunotherapy targeting programmed cell death protein 1 (PD-1) and programmed death ligand 1 (PD-L1) has transformed the management of several types of cancers, including non-oncogene-addicted non-small cell lung cancer (NSCLC) [1], although its efficacy remains limited by resistance mechanisms and constraints inherent to monoclonal antibodies [1]. To overcome these drawbacks, small-molecule PD-L1 inhibitors have been developed, and we previously contributed by identifying the nanomolar triazine-based ligand Tr-10 [2]. In parallel, combinatorial strategies aimed at improving the efficacy of anti-PD-1/PD-L1 immunotherapy have gained increasing attention. Notably, platinum-based chemotherapy combined with immune checkpoint inhibitors is recommended as a first-line treatment for advanced NSCLC with PD-L1 expression <50% [3]. Here, we investigated a novel combination involving our anti-PD-L1, Tr-10 [2], and a bis(phenyl-pyridine)iridium(III) complex, Ir-2 (Fig. 1A) [4]. Iridium (Ir) complexes, unlike platinum drugs, are chemically inert and induce endoplasmic reticulum (ER) stress and overproduction of reactive oxygen species (ROS) [5,6], both culminating in damage-associated molecular pattern (DAMP) release and immunogenic cell death (ICD). Moreover, their photophysical properties enable PD-L1-targeted bioimaging when coupled with PD-L1 ligands (Fig. S1) [7].