From the BlueHammer author: New Windows zero-day grants admin rights

The exploit uses an insecure behavior of Windows Defender and a file API to secure system rights. It is still unpatched.
Security Boulevard

Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit

What Are Shadow Admins in AD? A common problem we encounter within many customer AD environments are accounts that, at first ...
Bleeping Computer

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) ...