Tag: windows

Judicial Targets Hit by COVERT RAT via Court Docs and GitHub Payloads

Mar 18, 2026 7:10 AM

Tags: access, cyber, github, powershell, rat, windows

Attackers are abusing fake court documents and GitHub”‘hosted payloads in a focused spear”‘phishing campaign that deploys a stealthy Rust”‘based COVERT RAT against Argentina’s judicial sector. This operation chains Windows LNK shortcuts, BAT loaders, and PowerShell to quietly fetch and execute a masqueraded payload, msedge_proxy.exe, from GitHub infrastructure. The operation, tracked as “Operation Covert Access,” uses…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Less Lucrative Ransomware Market Makes Attackers Alter Methods

Mar 18, 2026 12:11 AM

Tags: data, ransomware, theft, tool, windows

Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/less-lucrative-ransomware-market-makes-attackers-alter-methods
Microsoft Confirms Windows 11 Bug Crippling PCs, Blocking Access to Core Drive

Mar 17, 2026 5:10 PM

Tags: access, microsoft, windows

Microsoft says a Windows 11 issue tied to Samsung Galaxy Connect can block access to the C: drive and prevent key apps from opening. The post Microsoft Confirms Windows 11 Bug Crippling PCs, Blocking Access to Core Drive appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-bug-c-drive-access-denied-samsung-fix/
Microsoft stops force-installing the Microsoft 365 Copilot app

Mar 17, 2026 4:10 PM

Tags: microsoft, windows

Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA) that have the Microsoft 365 desktop client apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-stops-force-installing-the-microsoft-365-copilot-app/
Microsoft shares fix for Windows C: drive access issues on Samsung PCs

Mar 17, 2026 2:10 PM

Tags: access, microsoft, windows

Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-fix-for-windows-c-drive-access-issues-on-samsung-pcs/
Windows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility Issues

Mar 17, 2026 2:10 PM

Tags: cyber, microsoft, update, windows

Microsoft has rolled out an unexpected out-of-band hotpatch, KB5084897, targeting Windows 11 versions 25H2 and 24H2. Released on March 16, 2026, this specific update resolves a highly disruptive visual bug affecting Bluetooth connectivity management. The patch elevates supported systems to OS builds 26200.7984 and 26100.7984, delivering immediate administrative relief for users struggling to monitor or…
New Windows 11 hotpatch fixes Bluetooth device visibility issue

Mar 17, 2026 1:09 PM

Tags: microsoft, update, windows

Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-11-hotpatch-fixes-bluetooth-device-visibility-issue/
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

Mar 17, 2026 11:10 AM

Tags: attack, chatgpt, macOS, malicious, social-engineering, sophos, tactics, windows

ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
Microsoft points at Samsung after Galaxy app bug locks users out of C:

Mar 17, 2026 10:09 AM

Tags: access, microsoft, windows

‘Access denied’ errors hit certain Windows 11 machines running vendor utility First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/samsung_c_drive_windows/
Payload ransomware hits Windows and ESXi with Babuk-style encryption

Mar 17, 2026 9:10 AM

Tags: cryptography, cyber, encryption, extortion, group, healthcare, ransomware, threat, vmware, windows

A new ransomware operation called Payload is rapidly emerging as a serious threat to both Windows and VMware ESXi environments, combining Babuk-style cryptography with aggressive anti-forensics and a working double-extortion model. The group claims to have been active since at least February 17, 2026. It is already hitting mid-to-large organizations across multiple sectors and countries. The hospital…
Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack

Mar 17, 2026 8:10 AM

Tags: access, attack, cyber, linux, macOS, malicious, rat, software, supply-chain, windows

Malicious npm packages are delivering the North Koreanlinked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/math-service 1.0.11.0.2), followed by react-refresh-update 1.0.11.0.4 published on March 1, 2026. Earlier 1.0.0 versions in both families were benign, a…
Microsoft points at Samsung after Galaxy app bug locks users out of C:/

Mar 17, 2026 5:10 AM

Tags: access, microsoft, windows

‘Access denied’ errors hit certain Windows 11 machines running vendor utility First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/samsung_c_drive_windows/
Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities

Mar 17, 2026 12:09 AM

Tags: malicious, microsoft, remote-code-execution, update, vulnerability, windows

Microsoft releases an out-of-band hotpatch for critical Windows 11 RRAS vulnerabilities that could allow remote code execution through malicious remote servers. The post Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-rras-vulnerabilities-hotpatch/
Hacked sites deliver Vidar infostealer to Windows users

Mar 16, 2026 8:09 PM

Tags: windows, wordpress

We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/hacked-sites-deliver-vidar-infostealer-to-windows-users/
Microsoft Issues Hotpatch for Windows 11 RRAS RCE Bugs

Mar 16, 2026 8:09 PM

Tags: microsoft, rce, remote-code-execution, windows

Microsoft released an emergency hotpatch for Windows 11 to fix critical RRAS remote code execution flaws. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-issues-hotpatch-for-windows-11-rras-rce-bugs/
Microsoft pulls Samsung app blocking Windows C: drive from Store

Mar 16, 2026 3:10 PM

Tags: microsoft, windows

Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-pulls-samsung-app-blocking-windows-c-drive-from-store/
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection

Mar 16, 2026 1:10 PM

Tags: attack, detection, exploit, flaw, rat, spy, tool, windows

New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims. First seen on hackread.com Jump to article: hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
Microsoft warnt: Samsung-App macht Windows-PCs unbrauchbar

Mar 16, 2026 10:10 AM

Tags: microsoft, windows

Einige Windows-Nutzer mit Samsung-PCs können nicht mehr auf ihr Systemlaufwerk zugreifen – mit entsprechend weitreichenden Folgen. First seen on golem.de Jump to article: www.golem.de/news/microsoft-warnt-samsung-app-macht-windows-pcs-unbrauchbar-2603-206519.html
ClickFix techniques evolve in new infostealer campaigns

Mar 16, 2026 8:09 AM

Tags: api, attack, communications, control, credentials, data, data-breach, detection, encryption, framework, github, group, intelligence, iran, korea, lazarus, login, microsoft, north-korea, russia, social-engineering, threat, windows, wordpress

New payloads: The DoubleDonut Loader was observed delivering a new variant of Vidar Stealer, a well-known infostealer, that uses a dead drop resolver technique to retrieve its command-and-control configuration and dynamic API resolution.In addition to Vidar, two previously undocumented infostealers have been observed, one written in .NET and one in C++. Rapid7 has named these…
Microsoft Issues OutBand Patch for Critical Windows 11 RRAS RCE Flaws

Mar 16, 2026 7:09 AM

Tags: access, cyber, flaw, microsoft, rce, remote-code-execution, risk, service, update, vulnerability, windows

Microsoft released an urgent out-of-band security update on March 13, 2026, to address a series of critical vulnerabilities in Windows 11. The update, identified as hotpatch KB5084597, specifically resolves Remote Code Execution (RCE) flaws within the Windows Routing and Remote Access Service (RRAS) management tool. Because these security gaps pose an immediate risk of remote…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 88

Mar 15, 2026 4:10 PM

Tags: exploit, github, international, malware, reverse-engineering, windows

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader New A0Backdoor Linked to…
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw

Mar 15, 2026 12:10 AM

Tags: flaw, microsoft, rce, remote-code-execution, update, vulnerability, windows

Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-11-oob-hotpatch-to-fix-rras-rce-flaw/
Windows 11 users can’t access C: drive on some Samsung PCs

Mar 14, 2026 12:10 AM

Tags: access, microsoft, update, windows

Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-users-cant-access-c-drive-on-some-samsung-pcs/
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…