Tag: windows
-
Microsoft fixes Linux boot issues on dual-boot Windows systems
by
in SecurityNewsMicrosoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-linux-boot-issues-on-dual-boot-windows-systems/
-
New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
by
in SecurityNewsAdobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug bounty program, involve memory corruption risks stemming from integer manipulation and uninitialized pointer access. While…
-
Severe Adobe Illustrator Flaw Allows Remote Code Execution
by
in SecurityNewsAdobe has issued an urgent security update for its widely used graphic design software, Adobe Illustrator, following the discovery of a critical heap-based buffer overflow vulnerability tracked as CVE-2025-30330. This flaw, which allows arbitrary code execution on affected systems, impacts both Windows and macOS versions of Illustrator 2024 and 2025. Rated with a CVSS score…
-
New HTTPBot Botnet Rapidly Expands to Target Windows Machines
by
in SecurityNewsThe HTTPBot Botnet, a novel Trojan developed in the Go programming language, has seen a sharp rise in activity since its first detection in August 2024. According to the latest findings from NSFOCUS Fuying Lab’s Global Threat Hunting system, HTTPBot has rapidly expanded its reach, particularly in April 2025, with over 200 attack instructions issued.…
-
Critical Vulnerability in Windows Remote Desktop Gateway Allows DenialService Attacks
by
in SecurityNewsMicrosoft has disclosed two critical vulnerabilities in its Remote Desktop Gateway (RDG) service, posing significant risks to organizational networks. CVE-2025-26677 and CVE-2025-29831, both rated Important by Microsoft, enable denial-of-service (DoS) attacks and remote code execution (RCE), respectively. These flaws, patched in Microsoft’s May 2025 security update, underscore persistent challenges in securing remote access infrastructure. Security…
-
Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days
Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including five zero-day flaws. Microsoft Patch Tuesday security updates addressed 75 security vulnerabilities in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Nuance PowerScribe, Remote Desktop Gateway Service, and Microsoft Defender. Of the flaws fixed by the…
-
Microsoft tackles 5 Windows zero-days on May Patch Tuesday
The company addresses 72 unique CVEs this month, but several AI features bundled in a larger-than-usual update could bog down some networks. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366623978/Microsoft-tackles-5-Windows-zero-days-on-May-Patch-Tuesday
-
Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
by
in SecurityNewsCybersecurity researchers have discovered a new phishing campaign that’s being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina.The campaign is “using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email First seen…
-
Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild
by
in SecurityNewsMicrosoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild. Released on May 13, 2025, the vulnerabilities-identified as CVE-2025-32706 and CVE-2025-32701-both allow local privilege escalation and have been classified as >>Important
-
Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access
by
in SecurityNewsMicrosoft has confirmed active exploitation of a critical privilege escalation vulnerability in the Windows Ancillary Function Driver for WinSock, tracked as CVE-2025-32709. This use-after-free flaw enables local attackers with basic user privileges to gain SYSTEM-level access, posing significant risks to unpatched systems. First publicly documented on 13 May 2025, the vulnerability carries a base score…
-
New Windows RDP Vulnerability Enables Network-Based Attacks
by
in SecurityNewsMicrosoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network. Designated CVE-2025-29966 and CVE-2025-29967, these heap-based buffer overflow flaws affect the Windows Remote Desktop Protocol (RDP) and Remote Desktop Gateway (RD Gateway) service, respectively. Both vulnerabilities carry a CVSS…
-
Jetzt patchen: Gefährliche Windows-Lücken werden aktiv ausgenutzt
by
in SecurityNewsMicrosoft warnt vor fünf Zero-Day-Lücken in Windows. Hinzu kommen weitere gefährliche Schwachstellen, die eine Schadcodeausführung ermöglichen. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-gefaehrliche-windows-luecken-werden-aktiv-ausgenutzt-2505-196178.html
-
Critical 0-Day in Windows DWM Enables Privilege Escalation
by
in SecurityNewsMicrosoft has disclosed a significant security vulnerability (CVE-2025-30400) affecting the Windows Desktop Window Manager (DWM) that is actively being exploited in the wild. The flaw, rated as >>Important
-
Patchday: Windows Server-Updates (13. Mai 2025)
by
in SecurityNewsAm 13. Mai 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/14/patchday-windows-server-updates-13-mai-2025/
-
Patchday: Windows 10/11 Updates (13. Mai 2025)
by
in SecurityNewsAm 13. Mai (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben sollen. Updates für … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/14/patchday-windows-10-11-updates-13-mai-2025/
-
Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
by
in SecurityNews5Critical 66Important 0Moderate 0Low Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild. Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as important. This month’s update includes patches for: .NET, Visual Studio, and Build Tools for Visual Studio Active…
-
Windows Zero-Day Bug Exploited for Browser-Led RCE
by
in SecurityNewsMicrosoft’s May 2025 Patch Tuesday update also contains four other actively exploited zero-day security vulnerabilities, two publicly known bugs, and 12 critical patches. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce
-
Microsoft Security Update Summary (13. Mai 2025)
by
in SecurityNewsMicrosoft hat am 13. Mai Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 71 Schwachstellen (CVEs), sieben davon wurden als 0-day klassifiziert. Fünf Schwachstellen wurde bereits angegriffen. Nachfolgend findet sich ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/13/microsoft-security-update-summary-13-mai-2025/
-
Additional patches for Microsoft 365 on Windows 10 promised
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/additional-patches-for-microsoft-365-on-windows-10-promised
-
New ClickFix attacks seek to compromise Windows, Linux systems
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-clickfix-attacks-seek-to-compromise-windows-linux-systems
-
Microsoft Patch Tuesday May 2025 Released With the Fixes for 72 Flaws With 5 Actively Exploited 0-Day
by
in SecurityNewsMicrosoft has released its May 2025 Patch Tuesday updates, addressing 72 security vulnerabilities across its software portfolio, including Windows, Microsoft Office, Azure, and Visual Studio. Microsoft patched a total of 72 vulnerabilities, including 29 related to Remote Code Execution, 18 to Elevation of Privilege, 14 to Information Disclosure, 7 to Denial of Service, and 2…
-
Windows 11 KB5058411 and KB5058405 cumulative updates released
by
in SecurityNewsMicrosoft has released Windows 11 KB5058411 and KB5058405 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5058411-and-kb5058405-cumulative-updates-released/
-
Windows 10 KB5058379 update fixes SgrmBroker errors in Event Viewer
by
in SecurityNewsMicrosoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-kb5058379-update-fixes-sgrmbroker-errors-in-event-viewer/
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
by
in SecurityNews
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
Microsoft will update Office apps on Windows 10 until 2028
by
in SecurityNewsMicrosoft has backtracked on its plan to end support for Office apps on Windows 10 later this year and announced that it will continue providing security updates for three more years, until 2028. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-will-update-office-apps-on-windows-10-until-2028/
-
PupkinStealer Targets Windows Users to Steal Browser Login Credentials
by
in SecurityNewsA newly identified information-stealing malware dubbed PupkinStealer has emerged as a significant threat to Windows users, with its first sightings reported in April 2025. Written in C# using the .NET framework, this malicious software is engineered to pilfer sensitive data, including browser credentials, messaging app sessions from platforms like Telegram and Discord, desktop documents, and…
-
Microsoft Defender for Business Server – Malwareschutz für Windows- und Linux-Server
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/microsoft-defender-business-server-malwareschutz-kmu-a-3580f6c82997dd284a31b4e1842dcc7e/
-
Nach Windows-10-Ende 365-Apps sollen bis 2028 Sicherheitsupdates erhalten
by
in SecurityNewsWenn der Support für Windows 10 endet, sollen die Microsoft-365-Apps weiterhin noch Sicherheitsupdates erhalten. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/nach-windows-10-ende-microsoft-365-apps-sollen-bis-2028-sicherheitsupdates-erhalten.92595