A curated weekly brief covering the security stories, exploited vulnerabilities, platform risks, and AI developments that matter most to security leaders, practitioners, and decision-makers.

Each update below is drawn from trusted public sources and rewritten to highlight what deserves attention now, what may affect enterprise environments, and where defenders should focus next.

Threat actors are now exploiting three recently disclosed Windows security issues to obtain SYSTEM or elevated administrator access. BleepingComputer reported that proof-of-concept code was published earlier this month, and Huntress observed all three techniques being used in the wild, with BlueHammer exploitation dating back to April 10.

This is a strong reminder that the time between disclosure and exploitation continues to shrink. Even where full fixes are not available, security teams should increase monitoring for privilege escalation behavior, validate endpoint controls, and apply temporary mitigations wherever possible.

Source: Recently leaked Windows zero-days now exploited in attacks

Microsoft has warned that certain non-Global Catalog domain controllers may experience LSASS crashes and repeated reboot loops after the April 2026 security updates, particularly in environments using Privileged Access Management. The issue can also appear during startup if a server begins processing authentication requests too early in the boot sequence.

That makes this more than a patching story. It is also an operational resilience story, especially for organizations where identity infrastructure supports critical business services. Careful testing, phased deployment, and rollback readiness are essential before broad rollout on domain controllers.

Source: Microsoft: Some Windows servers enter reboot loops after April patches

The UK National Cyber Security Centre says frontier AI is no longer a distant issue for cybersecurity teams. In its latest guidance, NCSC explains that advanced AI systems are already showing value in tasks such as identifying zero-days, understanding system architecture, writing exploit code, and accelerating multi-step attack workflows.

For defenders, this raises the bar on baseline security. As AI lowers the skill and time needed to uncover exploitable weaknesses, organizations with weak patching, poor hardening, or fragmented visibility will feel the pressure first. At the same time, the same capabilities can strengthen defense when used for security testing, hardening, and faster investigation.

Source: Why cyber defenders need to be ready for frontier AI | National Cyber Security Centre

This week’s Microsoft-related developments point to a familiar but increasingly serious pattern: high vulnerability volume, active zero-day exploitation, and more pressure on defenders to move quickly without breaking business-critical systems. April’s updates make clear that patching speed still matters, but prioritization and validation now matter just as much.

Source: Recently leaked Windows zero-days now exploited in attacks

Once exploit code is published, organizations lose much of the luxury of waiting for a perfect maintenance window. The recent Windows activity reported this week shows how quickly attackers can move from disclosure to operational use, especially when privilege escalation paths are involved.

Source: Recently leaked Windows zero-days now exploited in attacks

The reboot-loop issue affecting some domain controllers is a reminder that identity systems deserve special handling during patch cycles. Even when the security urgency is real, Active Directory-related changes should be treated as high-risk operational events with testing, backup, and recovery plans already in place.

Source: Microsoft: Some Windows servers enter reboot loops after April patches

NCSC’s latest position is notable because it moves the conversation away from abstract AI hype and into practical cyber reality. Advanced models are increasingly capable of accelerating vulnerability discovery and attack workflows, which means defenders should assume that some threat actors are already benefiting from those capabilities.

Source: Why cyber defenders need to be ready for frontier AI | National Cyber Security Centre

NCSC also points out that frontier AI can favor defenders when used well, especially for system hardening, attack path analysis, alert triage, and contextual investigation. That advantage depends on having strong baseline security and good data, because weak environments give attackers more room to benefit first.

Source: Why cyber defenders need to be ready for frontier AI | National Cyber Security Centre

This week’s signal is clear: defenders are being squeezed from both sides. Exploitation windows are getting shorter, while patching and infrastructure changes are becoming more operationally fragile. For security leaders, the immediate task is not only to move faster, but to make better decisions about what needs attention first and what could break if it is handled badly.

This edition of Cyber Pulse was curated from trusted public reporting and official guidance, including BleepingComputer, Krebs on Security, The Hacker News, Dark reading, CISA, Crowdstrikeand, ISC2 , NIST, CIS / MS-ISAC, SANS and the UK National Cyber Security Centre etc.