Cyber Security News

Hacking Editorial Brief — June 22, 2026

Dual Zero-Day Exploits Published for Microsoft Defender and BitLocker

Security researchers released proof-of-concept exploits for two distinct Windows zero-day vulnerabilities on June 22, both targeting Microsoft security components. The first, dubbed RoguePlanet, exploits a race condition in Microsoft Defender to achieve local privilege escalation and is reportedly under active exploitation. The second exploit, GreatXML, published by researcher Nightmare Eclipse, bypasses BitLocker encryption by targeting a zero-day in Microsoft Defender's offline scan functionality. The public disclosure of working exploit code significantly lowers the barrier for threat actors to weaponize both vulnerabilities. Microsoft has not issued patches for either flaw as of this report, leaving Windows environments exposed until security updates become available.

Madison Square Garden Facial Recognition Database Compromised

Threat actors leaked facial recognition records tied to millions of Madison Square Garden visitors in a breach disclosed June 22. The compromised data represents a significant expansion of biometric information now available to cybercriminals, who increasingly target identity verification systems and high-value authentication databases. Separately, researchers disclosed FROST (Fingerprinting Remotely using OPFS-based SSD Timing), a novel browser-based attack technique that exploits the File System Access API to extract browsing history information through SSD timing analysis. The technique demonstrates continuing evolution in side-channel attacks that bypass traditional browser security controls.

Sources: SecurityWeek · SecurityWeek · Digital Trends · BGR