The Archive · 2026
Cybersecurity, AI, and IT news for businesses worldwide. What changed this week, and what to do about it.
CVSS 9.8 Windows Netlogon Flaw CVE-2026-41089 Is Under Active Attack: Patch Every Domain Controller Now
Belgium's CCB confirmed on June 1, 2026 that attackers are actively exploiting CVE-2026-41089, a critical unauthenticated RCE in Windows Netlogon. Every unpatched domain controller is a live target.
Attackers Are Actively Exploiting a CVSS 9.8 Windows Netlogon Flaw: Every Domain Controller Is at Risk
CVE-2026-41089 gives unauthenticated attackers SYSTEM-level control of Active Directory domain controllers. If your Windows Server environment is unpatched, you are a live target right now.
Attackers Are Actively Exploiting a Critical Windows Netlogon Flaw: Patch Your Domain Controllers Now
CVE-2026-41089 scores 9.8, needs zero credentials, and gives attackers full remote code execution on Windows domain controllers. Belgium's CCB confirmed active exploitation on June 1. The patch has been out since May 12.
Hackers Are Actively Exploiting a CVSS 9.8 Windows Netlogon Bug. If You Run Domain Controllers, Patch Right Now.
A flaw Microsoft rated "less likely to be exploited" is now being used in real attacks. Your domain controllers are the target, and the blast radius is your entire Active Directory forest.