Drayko Escobar

🚨 Microsoft’s June 2026 Patch Tuesday fixes 200 flaws, including 3 publicly disclosed zero-days affecting Windows privilege escalation, HTTP.sys, and BitLocker. ⚫️33 flaws are rated Critical, including 28 RCE bugs. ⚫️Microsoft patched the new “HTTP/2 Bomb” DoS attack targeting HTTP.sys. ⚫️The BitLocker bypass dubbed YellowKey that allowed access to encrypted drives was also patched. Read our full report: https://t.co/Vo4ygyOIt8

A researcher found critical Windows zero-days. Reported them to Microsoft. Microsoft denied the bug bounty. Deleted their account. Banned them from GitHub. Then threatened criminal charges. The researcher dropped six zero-days in six weeks. Three got used in real attacks within days. Other researchers are now handing them free vulnerabilities as a gift. Microsoft’s Digital Crimes Unit is considering legal action. Against the person whose bugs they refused to pay for. This is Microsoft’s bug bounty program.

Parte del contenido del nuevo decreto es lo mismo que el suscrito en 2018 por Evo Morales, sólo que con un Portal de Trámites en lugar de un Catálogo y "Bolivia, a tu servicio" en vez de "Tranca cero". Precisamente mi principal observación es que nada de lo propuesto tiene plazo final de implementación ni sanción a quienes no lo hagan en un término razonable.

The wait is over. Before anything else - this is not a sale, not a discount, and not a promotion. For years, the Red Team community has helped shape how we think about labs, certifications, and real-world attack paths. Today, we’re giving something back. We’re opening access to 10 new enterprise-grade Red Team labs on our Red Labs & Challenges platform (BETA) as a community release. These labs are built around real Azure security and red team scenarios, with: ⦁Dedicated enterprise-style environments ⦁Clear objectives with flags ⦁Full solutions and walkthroughs ⦁No gamification. No shortcuts. This new lab category focuses on attacking Azure one RESTful API at a time, using BARK (BloodHound Attack Research Kit) - along with native REST API Calls - to help practitioners deeply understand offensive Azure tradecraft. They’re built using the same standards and philosophy we apply to CARTP and CARTE: realistic systems, real attack paths, and lessons that translate directly to enterprise environments. Red Labs is where we experiment, learn, and raise the bar - long before anything becomes a certification. Opening this set is our way of supporting practitioners who want hands-on exposure to real enterprise environments, without noise or hype. This one is for the community that keeps pushing red teaming forward. Full details here: https://t.co/7XEELQeZqZ