Zero-Day Exploit for Windows RDS Sold for $220,000 on Dark Web

Zero-Day Exploit for Windows RDS Sold for $220,000 on Dark Web

First seen 8 Mar 2026, 15:08 UTC CybersecuritynewsNeowinWindowsreportTechwormTechspot 82% similarity 71.5

Article Content

Browse articles
ThreatCluster

A zero-day vulnerability in Windows Remote Desktop Services, tracked as CVE-2026-21533, is being sold for $220,000 on a dark web forum. This exploit allows attackers to gain local administrative control through improper privilege management. The vulnerability was published on February 10, 2026, and has been actively exploited since then.

ThreatCluster AI

Timeline

2026-02-10
CVE-2026-21533 published
2026-02-10
Added to CISA KEV (active exploitation)
2026-02-11
First public PoC released
2026-03-08
Exploit listed for sale on dark web for $220,000

Community

Browse all →