From the BlueHammer author: New Windows zero-day grants admin rights

The exploit uses an insecure behavior of Windows Defender and a file API to secure system rights. It is still unpatched.
Security Boulevard

Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit

What Are Shadow Admins in AD? A common problem we encounter within many customer AD environments are accounts that, at first ...
Bleeping Computer

Exploit released for Cisco SSM bug allowing admin password changes

Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) ...
Bleeping Computer

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) ...