Tag: windows

Preparing for Cisco Vulnerability Management (formerly Kenna) EndLife: How Tenable Can Help

Dec 11, 2025 5:32 AM

Tags: application-security, attack, business, cisco, cve, cybersecurity, data, data-breach, flaw, identity, intelligence, Internet, risk, service, technology, threat, tool, update, vulnerability, vulnerability-management, windows

Cisco Vulnerability Management (formerly Kenna) has long been a valuable partner for security teams. With its end-of-life now underway, Tenable One offers a clear path forward, delivering end-to-end unified exposure management for the future of risk management. Key takeaways: Tenable’s strong partnership with Cisco helps customers with a natural path forward and easy transition to…
PowerShell 5.1 zeigt nach Dez. 2025 Update Sicherheitsabfrage bei Webseiten

Dec 11, 2025 12:32 AM

Tags: cve, powershell, update, vulnerability, windows

Es ist in den Support-Beiträgen zum Dezember 2025-Patchday mit angegeben. Nach Installation der Windows-Updates zeigt die PowerShell 5.1 eine Sicherheitsabfrage, wenn auf den Inhalt von Webseiten zugegriffen werden soll. Mit dieser Maßnahme soll die Sicherheitslücke CVE-2025-54100 abgeschwächt werden. PowerShell-Schwachstelle CVE-2025-54100 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/11/powershell-5-1-zeigt-nach-dez-2025-update-sicherheitsabfrage-bei-webseiten/
Storm-0249 Abuses EDR Processes in Stealthy Attacks

Dec 10, 2025 11:32 PM

Tags: access, attack, detection, edr, endpoint, windows

The initial access broker has been weaponizing endpoint detection and response (EDR) platforms and Windows utilities in recent high-precision attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/storm-0249-edr-processes-stealthy-attacks
Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla

Dec 10, 2025 10:32 PM

Tags: attack, windows

Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users. First seen on hackread.com Jump to article: hackread.com/dicaprio-one-battle-after-another-torrent-agent-tesla/
2025 Year of Browser Bugs Recap:

Dec 10, 2025 8:33 PM

Tags: access, ai, api, attack, authentication, awareness, browser, cctv, chrome, cloud, communications, computer, credentials, crypto, cyber, data, data-breach, detection, edr, email, endpoint, exploit, flaw, gartner, google, guide, identity, injection, leak, login, malicious, malware, network, openai, passkey, password, phishing, ransom, ransomware, risk, saas, service, threat, tool, update, vulnerability, windows, xss, zero-day

At the beginning of this year, we launched the Year of Browser Bugs (YOBB) project, a commitment to research and share critical architectural vulnerabilities in the browser. Inspired by the iconic Months of Bugs tradition in the 2000s, YOBB was started with a similar purpose”Š”, “Što drive awareness and discussion around key security gaps and…
FortiGuard Team Uncovers Stealth Forensic Data Within Windows Telemetry

Dec 10, 2025 2:32 PM

Tags: attack, cyber, data, incident response, malware, ransomware, service, threat, tool, windows

During a recent incident response engagement, FortiGuard IR services responded to a sophisticated ransomware attack in which threat actors deployed advanced anti-forensic techniques to eliminate their digital footprint. The attackers deleted malware, cleared logs, and obfuscated tools to prevent analysis. However, FortiGuard researchers made a critical discovery: historical evidence of the deleted malware and attacker…
Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data

Dec 10, 2025 2:32 PM

Tags: access, cve, cyber, data, firewall, flaw, microsoft, risk, service, threat, vulnerability, windows

Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems. The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025 security updates. This information disclosure vulnerability poses a risk to organizations that rely on standard…
FortiGuard Team Uncovers Stealth Forensic Data Within Windows Telemetry

Dec 10, 2025 2:32 PM

Tags: attack, cyber, data, incident response, malware, ransomware, service, threat, tool, windows

During a recent incident response engagement, FortiGuard IR services responded to a sophisticated ransomware attack in which threat actors deployed advanced anti-forensic techniques to eliminate their digital footprint. The attackers deleted malware, cleared logs, and obfuscated tools to prevent analysis. However, FortiGuard researchers made a critical discovery: historical evidence of the deleted malware and attacker…
Windows Defender Firewall Flaw Allows Attackers to Access Sensitive Data

Dec 10, 2025 2:32 PM

Tags: access, cve, cyber, data, firewall, flaw, microsoft, risk, service, threat, vulnerability, windows

Microsoft has officially addressed a new security vulnerability affecting the Windows Defender Firewall Service that could allow threat actors to access sensitive information on compromised systems. The flaw, identified as CVE-2025-62468, was disclosed as part of the company’s December 2025 security updates. This information disclosure vulnerability poses a risk to organizations that rely on standard…
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

Dec 10, 2025 1:32 PM

Tags: ai, attack, cloud, exploit, kubernetes, network, threat, tool, windows

Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world.Next week,…
Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

Dec 10, 2025 1:32 PM

Tags: ai, attack, cloud, exploit, kubernetes, network, threat, tool, windows

Cloud security is changing. Attackers are no longer just breaking down the door; they are finding unlocked windows in your configurations, your identities, and your code.Standard security tools often miss these threats because they look like normal activity. To stop them, you need to see exactly how these attacks happen in the real world.Next week,…
U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

Dec 10, 2025 11:32 AM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windows

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-6218 is a WinRAR directory traversal flaw (formerly…
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

Dec 10, 2025 11:32 AM

Tags: exploit, microsoft, office, powershell, update, vulnerability, windows, zero-day

Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. Three vulnerabilities are rated Critical, while the rest are…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Dec 10, 2025 11:32 AM

Tags: exploit, flaw, microsoft, vulnerability, windows, zero-day

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Dec 10, 2025 11:32 AM

Tags: exploit, flaw, microsoft, vulnerability, windows, zero-day

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the…
Jetzt patchen: Attacken auf Windows-Geräte beobachtet

Dec 10, 2025 9:33 AM

Tags: bug, windows

Angreifer bedienen sich einer Sicherheitslücke, um auf fremden Windows-Geräten Systemrechte zu erlangen. Nutzer sollten handeln. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-attacken-auf-windows-geraete-beobachtet-2512-203079.html
Jetzt patchen: Attacken auf Windows-Geräte beobachtet

Dec 10, 2025 9:33 AM

Tags: bug, windows

Angreifer bedienen sich einer Sicherheitslücke, um auf fremden Windows-Geräten Systemrechte zu erlangen. Nutzer sollten handeln. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-attacken-auf-windows-geraete-beobachtet-2512-203079.html
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
Patchday: Windows Server-Updates (9. Dezember 2025)

Dec 10, 2025 12:32 AM

Tags: update, windows

Zum 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-server-updates-9-dez/
Patchday: Windows 10/11 Updates (9. Dezember 2025)

Dec 10, 2025 12:32 AM

Tags: microsoft, update, vulnerability, windows

Am 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 (mit ESU-Lizenz) und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-10-11-updates-9-dezember-2025/
Microsoft Security Update Summary (9. Dezember 2025)

Dec 9, 2025 11:32 PM

Tags: microsoft, office, update, vulnerability, windows, zero-day

Microsoft hat am 9. Dezember 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 56 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert und wird ausgenutzt. Nachfolgend findet sich ein kompakter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/microsoft-security-update-summary-9-dezember-2025/
Windows PowerShell now warns when running Invoke-WebRequest scripts

Dec 9, 2025 10:33 PM

Tags: microsoft, powershell, windows

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/
Microsoft releases Windows 10 KB5071546 extended security update

Dec 9, 2025 9:33 PM

Tags: microsoft, update, vulnerability, windows, zero-day

Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/
Windows 11 KB5072033 & KB5071417 cumulative updates released

Dec 9, 2025 8:33 PM

Tags: microsoft, update, vulnerability, windows

Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/