Tag: windows
-
UK agri dept spent hundreds of millions upgrading to Windows 10 just in time for end of support
Tags: windowsAfter a £312M upgrade to the retiring OS, Defra still has 24,000 devices to replace First seen on theregister.com Jump to article: www.theregister.com/2025/11/05/uk_defra_dept_spent_312m_window_10/
-
Louvre-Raubzug offenbart jahrzehntelanges Security-Versagen
Windows-Sicherheitsprobleme haben beim Louvre-Museum scheinbar Tradition.Shutterstock / Phil PasquiniDas Louvre-Museum in Paris wurde im Oktober 2025 bekanntlich von Einbrechern heimgesucht und auf ziemlich dreiste Art und Weise um Juwelen im Wert von circa 88 Millionen Euro erleichtert. Die Diebe nutzten für ihren Raubzug einen Möbelaufzug (made in Germany), um durch ein Fenster im zweiten Stock…
-
October Windows updates trigger BitLocker recovery
Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-october-windows-updates-trigger-bitlocker-recovery/
-
Louvre-Raubzug offenbart jahrzehntelanges Security-Versagen
Windows-Sicherheitsprobleme haben beim Louvre-Museum scheinbar Tradition.Shutterstock / Phil PasquiniDas Louvre-Museum in Paris wurde im Oktober 2025 bekanntlich von Einbrechern heimgesucht und auf ziemlich dreiste Art und Weise um Juwelen im Wert von circa 88 Millionen Euro erleichtert. Die Diebe nutzten für ihren Raubzug einen Möbelaufzug (made in Germany), um durch ein Fenster im zweiten Stock…
-
Curly COMrades Hacker Group Deploys New Tools for Stealthy Remote Access on Compromised Windows 10 Systems
A sophisticated threat actor known as Curly COMrades has demonstrated advanced evasion capabilities by leveraging legitimate Windows virtualization features to establish covert, long-term access to victim networks. Operating to support Russian geopolitical interests, the group has deployed innovative tools and techniques that successfully bypass traditional endpoint detection and response (EDR) solutions. This investigation, conducted in…
-
Curly COMrades Hacker Group Deploys New Tools for Stealthy Remote Access on Compromised Windows 10 Systems
A sophisticated threat actor known as Curly COMrades has demonstrated advanced evasion capabilities by leveraging legitimate Windows virtualization features to establish covert, long-term access to victim networks. Operating to support Russian geopolitical interests, the group has deployed innovative tools and techniques that successfully bypass traditional endpoint detection and response (EDR) solutions. This investigation, conducted in…
-
Sicherheitsupdates: Windows 10 verwirrt Nutzer mit Anzeigefehler zum Supportende
Einige Windows-10-Systeme zeigen trotz bestehendem Support oder ESU-Lizenz an, nicht mehr unterstützt zu werden. Laut Microsoft ist das ein Bug. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsupdates-windows-10-verwirrt-nutzer-mit-anzeigefehler-zum-supportende-2511-201844.html
-
FIN7 Hackers Leverage Windows SSH Backdoor for Stealthy Remote Access and Persistence
Tags: access, backdoor, cyber, cybercrime, group, hacker, infrastructure, intelligence, threat, windowsThe notorious FIN7 cybercriminal group, also known as Savage Ladybug, continues to rely on a sophisticated Windows SSH backdoor infrastructure with minimal modifications since 2022, according to threat intelligence analysis. The threat actor has maintained operational consistency while using an install.bat script paired with OpenSSH toolsets to establish reverse SSH and SFTP connections for maintaining…
-
Hackers Abuse OneDrive.exe via DLL Sideloading to Run Malicious Code
Security researchers have discovered a sophisticated attack technique that exploits Microsoft’s OneDrive application to execute malicious code without detection. The method, known as DLL sideloading, leverages the way Windows loads library files to trick legitimate applications into running attacker-controlled software. This technique represents a significant threat to enterprise environments where OneDrive is widely deployed across…
-
Hackers Abuse OneDrive.exe via DLL Sideloading to Run Malicious Code
Security researchers have discovered a sophisticated attack technique that exploits Microsoft’s OneDrive application to execute malicious code without detection. The method, known as DLL sideloading, leverages the way Windows loads library files to trick legitimate applications into running attacker-controlled software. This technique represents a significant threat to enterprise environments where OneDrive is widely deployed across…
-
Hackers Abuse OneDrive.exe via DLL Sideloading to Run Malicious Code
Security researchers have discovered a sophisticated attack technique that exploits Microsoft’s OneDrive application to execute malicious code without detection. The method, known as DLL sideloading, leverages the way Windows loads library files to trick legitimate applications into running attacker-controlled software. This technique represents a significant threat to enterprise environments where OneDrive is widely deployed across…
-
Pro-Russian Hackers Use Linux VMs to Hide in Windows
A threat actor known as Curly COMrades is using Linux VMs to remain undetected in Windows environments while conducting Russia-aligned activities. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows
-
Russian spies pack custom malware into hidden VMs on Windows machines
Curly COMrades strike again First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/russian_spies_pack_custom_malware/
-
Windows 10 – Nutzer erhalten fehlerhafte ‘End-of-Support”-Meldung
Nutzer von Windows 10 können aktuell einen ‘End-of-Support”-Hinweis erhalten, obwohl sie zum Beispiel über ESU noch Updates erhalten. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/windows-10-nutzer-erhalten-fehlerhafte-end-of-support-meldung.94911
-
Louvre delayed Windows security updates ahead of burglary
No updates for eight security applications: The newspaper also examined calls for tender and other public procurement documents issued by the musem in the years since the audits.Twenty years of technical debt weighed heavily on security at the Louvre, as it steadily accumulated systems for analogue video surveillance, digital video surveillance, intrusion detection, and access…
-
Russian hackers abuse Hyper-V to hide malware in Linux VMs
The Russian hacker group Curly COMrades has been abusing Microsoft’s Hyper-V virtualization technology in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
-
Windows 10 update bug triggers incorrect endsupport alerts
Microsoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-update-bug-triggers-incorrect-end-of-support-alerts/
-
Windows 10 update bug triggers incorrect endsupport alerts
Microsoft says the October 2025 updates trigger incorrect end-of-support warnings on Windows 10 systems with active security coverage or still under active support. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-update-bug-triggers-incorrect-end-of-support-alerts/
-
Check Point knackt XLoader-Malware mit Generativer KI
Bei der Untersuchung von XLoader stießen die Forscher unter anderem auf eine mehrschichtige RC4-Verschlüsselung, versteckte Windows-API-Aufrufe und neue Mechanismen zur Umgehung von Sandbox-Umgebungen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-knackt-xloader-malware-mit-generativer-ki/a42609/
-
Microsoft streicht Datum aus Updatenamen und nimmt es zurück
Das Datum im Namen eines Windows-Updates ist laut Microsoft ein unnötiges technisches Detail. Admins sehen das aber anders. First seen on golem.de Jump to article: www.golem.de/news/windows-microsoft-streicht-datum-aus-updatenamen-und-nimmt-es-zurueck-2511-201806.html
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
Ransomware-Bande missbraucht Microsoft-Zertifikate
Kontinuierlich offenstehende Hintertüren sind für Cyberkriminelle ein Freifahrtschein.Die Ransomware-Bande Rhysida ist speziell im Unternehmensumfeld berüchtigt. Nun scheint das kriminelle Hacker-Kollektiv neue Wege einschlagen zu wollen, wie ein Bericht des US-Sicherheitsanbieters Expel nahelegt. Demnach setzen die Cyberkriminellen in ihrer aktuellen Angriffskampagne initial auf Malvertising. Die maliziösen Anzeigen laufen über die Microsoft-Suchmaschine Bing und führen auf Fake-Download-Seiten…
-
‘SleepyDuck’ Malware in Open VSX Lets Attackers Remotely Control Windows PCs
Security researchers have identified a dangerous remote access trojan called SleepyDuck lurking in the Open VSX IDE extension marketplace, targeting developers who use code editors like Cursor and Windsurf. The malicious extension masqueraded as a legitimate Solidity programming language helper, squatting on the name of an established extension to evade detection. The compromised extension juan-bianco.solidity-vlang…
-
Microsoft’s WSUS Patch Causes Hotpatching Failures on Windows Server 2025
Microsoft has acknowledged a critical issue affecting Windows Server 2025 systems enrolled in the Hotpatch program. A recent Windows Server Update Services (WSUS) patch was inadvertently distributed to machines configured to receive Hotpatch updates, causing disruptions to the seamless patching process that allows security updates without requiring system restarts. Distribution Error Impacts Hotpatch-Enrolled Systems The…
-
Microsoft Fixes Long-Standing ‘Update and Shut Down’ Bug in Windows 11
Your Windows 11 PC will finally shut down! Learn about the KB5067036 update that fixes the decades-old restart glitch, plus new features like faster search and simpler update names. First seen on hackread.com Jump to article: hackread.com/microsoft-fixe-update-and-shut-down-bug-windows-11/
-
Sketchy Graphics: Windows GDI Flaws Open RCE and Data Loss
Check Point finds Windows GDI bugs enabling RCE and data leaks. Learn how Microsoft patched and how to protect your systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/windows-gdi-vulnerabilities/
-
New GDI Flaws Could Enable Remote Code Execution in Windows
Flaws in Windows Graphics Device Interface (GDI) have been identified that allow remote code execution and information disclosure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gdi-flaws-enable-rce-windows/
-
Patch for WSUS flaw disabled Windows Server hotpatching
An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-patch-for-wsus-flaw-disabled-windows-server-hotpatching/
-
Hackers Actively Scanning TCP Ports 8530/8531 for WSUS CVE-2025-59287
Security researchers at the SANS Internet Storm Center have detected a significant spike in suspicious network traffic targeting Windows Server Update Services (WSUS) infrastructure worldwide. The reconnaissance activity focuses specifically on TCP ports 8530 and 8531, which correspond to unencrypted and encrypted communication channels for WSUS servers vulnerable to the recently disclosed CVE-2025-59287. This coordinated…