CISA Advisories

Loading...

19M French IDs Leaked 🇫🇷 + Windows Defender Weaponized 🪟

Two stories from today's security headlines deserve your attention — one affects millions of citizens' personal identities, and the other turns the antivirus you trust into the attacker itself. Here's what happened and why it matters.

France's ID Portal Bleeds 19 Million Records

France's Interior Ministry has confirmed a security incident at ants.gouv.fr, the government portal that handles passports, national ID cards, and driver's licenses. A criminal known as "breach3d/ExtaseHunters" claims to be sitting on 18–19 million records lifted from the agency's internal systems and is already shopping the data on criminal forums.

Officials say the leaked information includes user IDs, contact details, and dates of birth — not scans of actual documents — but that's still more than enough fuel for identity theft, phishing, and account takeover attacks at national scale. If you interact with French government services or have French customers or employees, expect a wave of targeted scams in the coming weeks. The government hasn't disclosed how attackers got in, which means the door may still be open.

Read more »

Your Windows Defender Just Became an Attacker's Best Friend

Security researcher Nightmare-Eclipse released three proof-of-concept exploits that flip Microsoft's built-in antivirus into an attacker's tool. The most alarming one — RedSun — is still unpatched and works on fully updated Windows 10, 11, and Server 2019+. It abuses Defender's own cleanup process to plant attacker code that runs as SYSTEM, the highest privilege level on the machine. A companion tool called UnDefend then blinds Defender and fakes a healthy status, so your security dashboard looks green while an attacker owns the box.

Real-world intrusions using these techniques have already been spotted by Huntress — and in every case the initial break-in was through a VPN account without multi-factor authentication. The practical takeaway: apply the April 2026 Windows updates immediately, turn on MFA for every remote login, and don't rely on Defender's own dashboard to tell you whether Defender is healthy. If you're a business owner, this is the week to call your IT provider and confirm both.

Read more »

Stay ahead of threats with GOCO Security at gocosecurity.com.

Comments

Post a Comment