Tag: microsoft

TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
TigerJack’s malicious VSCode extensions mine, steal, and stay hidden

Oct 15, 2025 2:54 PM

Tags: backdoor, data-breach, detection, github, malicious, malware, marketplace, microsoft, social-engineering, software, strategy, supply-chain, threat, tool, vulnerability

Coordinated multi-account operation: Koi researchers found 11 extensions across multiple accounts, making it a coordinated operation.”This multi-account strategy provides redundancy when one account gets flagged, creates the illusion of independent developers, and demonstrates professional-level social engineering: GitHub repositories for credibility, consistent branding across extensions, detailed feature lists, professional marketplace presentations, and strategic naming that mimics…
Windows Agere Modem Driver 0-Day Exploited in Active Privilege Escalation Attacks

Oct 15, 2025 2:54 PM

Tags: attack, control, cve, cyber, exploit, flaw, microsoft, threat, update, vulnerability, windows, zero-day

A newly discovered zero-day vulnerability in the Windows Agere Modem driver has been actively exploited by threat actors to elevate privileges on affected systems. Tracked as CVE-2025-24052 and CVE-2025-24990, these flaws allow a low-privileged user to gain full system control without any user interaction. Microsoft has released an October cumulative update that removes the vulnerable…
Windows Agere Modem Driver 0-Day Exploited in Active Privilege Escalation Attacks

Oct 15, 2025 2:54 PM

Tags: attack, control, cve, cyber, exploit, flaw, microsoft, threat, update, vulnerability, windows, zero-day

A newly discovered zero-day vulnerability in the Windows Agere Modem driver has been actively exploited by threat actors to elevate privileges on affected systems. Tracked as CVE-2025-24052 and CVE-2025-24990, these flaws allow a low-privileged user to gain full system control without any user interaction. Microsoft has released an October cumulative update that removes the vulnerable…
Fake Google Job Offer Email Scam Targets Workspace and Microsoft 365 Users

Oct 15, 2025 1:54 PM

Tags: credentials, cybersecurity, email, google, jobs, login, microsoft, phishing, scam

Cybersecurity firm Sublime Security details a new credential phishing scam impersonating Google Careers to steal login details from Google Workspace and Microsoft 365 users. First seen on hackread.com Jump to article: hackread.com/fake-google-job-offer-email-scam-workspace-microsoft-365/
Microsoft patches three zero-days actively exploited by attackers

Oct 15, 2025 12:54 PM

Tags: attack, cve, exploit, microsoft, update, vulnerability, zero-day

On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/15/microsoft-patch-tuesday-zero-days-cve-2025-24990-cve-2025-59230-cve-2025-47827/
Microsoft IIS Exploit Allows Unauthenticated Attackers to Run Arbitrary Code

Oct 15, 2025 12:54 PM

Tags: cyber, exploit, flaw, Internet, microsoft, service, vulnerability

A serious security flaw has been discovered in Microsoft’s Internet Information Services (IIS) that lets attackers run arbitrary code without logging in. The vulnerability affects the IIS Inbox COM Objects and stems from improper handling of shared memory and objects that have been freed. Attackers who can reach the server and exploit this flaw could…
Two New Windows Zero-Days Exploited in the Wild, One Affects Every Version Ever Shipped

Oct 15, 2025 12:54 PM

Tags: exploit, flaw, microsoft, update, vulnerability, windows, zero-day

Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program.Of the 183 vulnerabilities, eight…
Last Windows 10 Patch Tuesday Features Six Zero Days

Oct 15, 2025 12:54 PM

Tags: cve, microsoft, update, vulnerability, windows, zero-day

Microsoft has fixed over 170 CVEs in October’s Patch Tuesday, including six zero-day vulnerabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/last-windows-10-patch-tuesday-six/
Microsoft signalisiert Windows 10 21H2 Enterprise LTSC als EOL

Oct 15, 2025 10:54 AM

Tags: iot, microsoft, windows

Es gibt Blog-Beiträge, die schreibe ich gerne, und es gibt Beiträge (wie diesen), die feiere ich gerade zu. Kurze Information an Besitzer bzw. Administratoren von Windows 10 21H2 Enterprise LTSC (und natürlich der IoT-Version). Administratoren dieser Maschinen erhalten (fälschlich) die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/15/mega-pleite-microsoft-signalisiert-windows-10-21h2-enterprise-ltsc-als-eol/
Rekord-Patchday: Microsoft schließt fast 200 Sicherheitslücken

Oct 15, 2025 9:54 AM

Tags: microsoft, windows

Im Vergleich zum Vormonat liefert Microsoft zum Oktober-Patchday mehr als doppelt so viele Patches aus. Attacken auf Windows-Nutzer laufen schon. First seen on golem.de Jump to article: www.golem.de/news/rekord-patchday-microsoft-schliesst-fast-200-sicherheitsluecken-2510-201173.html
End of Support for Windows 10 Sparks Security Fears Among Millions of Users

Oct 15, 2025 8:54 AM

Tags: cyber, microsoft, risk, update, vulnerability, windows

Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance, feature updates, and security patches for one of the most widely used operating systems in history. Growing Security Vulnerabilities Put Users at Risk Without ongoing security…
Microsoft Patchday Oktober 2025 – Support-Ende für Windows 10 und Updates für Windows 11 25H2

Oct 15, 2025 8:54 AM

Tags: microsoft, update, windows

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-oktober-2025-windows-10-updates-a-fcce146a7655e3c56968a6176f8fe25d/
Hackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing Attacks

Oct 15, 2025 7:54 AM

Tags: access, attack, control, cve, cyber, exploit, flaw, hacker, microsoft, vulnerability, windows, zero-day

Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited system access to escalate their privileges to the highest level, gaining complete control over compromised systems. Zero-Day Vulnerability Enables System-Level Access The vulnerability…
Hackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing Attacks

Oct 15, 2025 7:54 AM

Tags: access, attack, control, cve, cyber, exploit, flaw, hacker, microsoft, vulnerability, windows, zero-day

Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited system access to escalate their privileges to the highest level, gaining complete control over compromised systems. Zero-Day Vulnerability Enables System-Level Access The vulnerability…
Hackers Exploit Windows Remote Access Connection Manager 0-Day in Ongoing Attacks

Oct 15, 2025 7:54 AM

Tags: access, attack, control, cve, cyber, exploit, flaw, hacker, microsoft, vulnerability, windows, zero-day

Microsoft has confirmed active exploitation of a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager, designated as CVE-2025-59230. The security flaw, disclosed on October 14, 2025, allows attackers with limited system access to escalate their privileges to the highest level, gaining complete control over compromised systems. Zero-Day Vulnerability Enables System-Level Access The vulnerability…
Microsoft Patch Tuesday for October 2025, Snort rules and prominent vulnerabilities

Oct 14, 2025 11:33 PM

Tags: cve, microsoft, update, vulnerability

Microsoft has released its monthly security update for October 2025, addressing 175 Microsoft CVEs and 21 non-Microsoft CVEs. Among these, 17 vulnerabilities are considered critical and 11 are flagged as important and considered more likely to be exploited. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-for-october-2025-snort-rules-and-prominent-vulnerabilities/
Exchange Server Sicherheitsupdates Oktober 2025

Oct 14, 2025 11:33 PM

Tags: microsoft, update

Microsoft hat zum 14. Oktober 2025 das “Oktober 2025” Sicherheitsupdate für Exchange Server freigegeben. Das Sicherheitsupdate gilt Exchange Server 2016, Exchange Server 2019, und erstmals für Exchange Server Subscription Edition (SE). Exchange Online-Kunden sind bereits geschützt, die tangiert das Update … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/14/exchange-server-sicherheitsupdates-oktober-2025/
Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days

Oct 14, 2025 9:24 PM

Tags: exploit, microsoft, update, vulnerability, zero-day

The tech giant addressed a record-high number of defects for the year in its latest update. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-october-2025/
Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days

Oct 14, 2025 9:24 PM

Tags: exploit, microsoft, update, vulnerability, zero-day

The tech giant addressed a record-high number of defects for the year in its latest update. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-october-2025/
Final Windows 10 Patch Tuesday update rolls out as support ends

Oct 14, 2025 9:24 PM

Tags: microsoft, update, windows

In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final free update for the operating system as it reaches the end of its support lifecycle. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/final-windows-10-patch-tuesday-update-rolls-out-as-support-ends/
Exchange 2016 and 2019 have reached end of support

Oct 14, 2025 9:24 PM

Tags: microsoft

Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-have-reached-end-of-support/
Microsoft Patch Tuesday October 2025 172 Vulnerabilities Fixed Along with 4 Zero-days

Oct 14, 2025 9:24 PM

Tags: cloud, cyber, exploit, flaw, microsoft, office, update, vulnerability, windows, zero-day

In its October 2025 Patch Tuesday release, Microsoft addressed a staggering 172 security vulnerabilities across its vast ecosystem, with four zero-day flaws stealing the spotlight, two of which are already being exploited in the wild. This massive security update targets a wide range of products, from Windows operating systems and Microsoft Office to Azure cloud…
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

Oct 14, 2025 8:24 PM

Tags: flaw, microsoft, update, zero-day

Today is Microsoft’s October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching! First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/
Windows 11 KB5066835 and KB5066793 updates released

Oct 14, 2025 8:24 PM

Tags: microsoft, update, vulnerability, windows

Microsoft has released Windows 11 KB5066835 and KB5066793 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities and issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5066835-and-kb5066793-updates-released/
Microsoft warns that Windows 10 reaches end of support today

Oct 14, 2025 5:24 PM

Tags: microsoft, windows

Microsoft has reminded customers today that Windows 10 has reached the end of support and will no longer receive patches for newly discovered security vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-that-windows-10-reaches-end-of-support-today/
Microsoft Limits IE Mode in Edge After Chakra Zero-Day Activity Detected

Oct 14, 2025 4:23 PM

Tags: access, flaw, hacker, microsoft, zero-day

Microsoft restricted access to Edge’s IE Mode in August 2025 after hackers used a Chakra zero-day flaw to bypass security and take over user devices. Check out the new steps for enabling IE Mode. First seen on hackread.com Jump to article: hackread.com/microsoft-limits-ie-mode-edge-chakra-zero-day/
Windows 10 Hits End of Life: 200 Million PCs Face Mounting Security Risks

Oct 14, 2025 3:24 PM

Tags: microsoft, risk, update, windows

Microsoft has officially ended support for Windows 10, affecting hundreds of millions of users worldwide. This decision comes nearly a decade after the operating system’s initial release and signals the end of free security updates, bug fixes, and technical support for the platform. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/windows-10-support-ends/
Rethinking Microsoft Security: Why Identity is Your First Line of Defense

Oct 14, 2025 11:23 AM

Tags: identity, microsoft

Identity is the new security perimeter. Defend Microsoft Entra ID and Microsoft 365 from evolving identity-based cyberattacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/rethinking-microsoft-security-why-identity-is-your-first-line-of-defense/