Tag: windows
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Tags: authentication, breach, cve, cyber, data, exploit, flaw, network, remote-code-execution, service, sophos, threat, update, vulnerability, windowsSophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements.…
-
China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025.The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said…
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Chinese-Linked Hackers Exploit Windows Flaw to Spy on Belgian and Hungarian Diplomats
A new UNC6384 campaign highlights the threat actor’s growing sophistication and geographic expansion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-windows-flaw-spy/
-
Chinese-Linked Hackers Exploit Windows Flaw to Spy on Belgian and Hungarian Diplomats
A new UNC6384 campaign highlights the threat actor’s growing sophistication and geographic expansion First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-windows-flaw-spy/
-
Windows zero-day actively exploited to spy on European diplomats
A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-exploit-windows-zero-day-to-spy-on-european-diplomats/
-
Windows zero-day actively exploited to spy on European diplomats
A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-exploit-windows-zero-day-to-spy-on-european-diplomats/
-
QNAP-Warnung von ASP.NET-Schwachstelle in Backup-Software
QNAP warnt Kunden vor einer kritischen ASP.NET-Schwachstelle die auch seinen NetBak PC Agent-Software für Windows betrifft. Das ist ein Windows-Dienstprogramm zum Sichern von Daten auf einem QNAP-Netzwerkspeichergerät (NAS). Es handelt sich um die Schwachstelle CVE-2025-55315 im Core von ASP.NET, die mit … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/31/qnap-warnung-von-asp-net-schwachstelle-in-backup-software/
-
NHS left with sick PCs as suppliers resist Windows 11 treatment
Hospitals told to upgrade, but some medical device makers haven’t prescribed compatibility yet First seen on theregister.com Jump to article: www.theregister.com/2025/10/31/nhs_windows_11_issues/
-
Warnungen für Explorer, Windows & Teams – Vier aktiv ausgenutzte Microsoft-Schwachstellen und Angriffe mit Teams
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-warnt-gefaelschte-teams-installation-ransomware-angriffe-a-31caea165dfee037a31c30cedd325e06/
-
Wie die Schwachstelle in Microsoft WSUS ausgenutzt wird
Forscher der Sophos Counter Threat Unit (CTU) haben eine Angriffswelle entdeckt, bei der Cyberkriminelle gezielt die Sicherheitslücke in Microsofts Windows Server Update Services (WSUS) ausnutzen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/kritische-schwachstelle-microsoft-wsus
-
Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats
Expired security cert, real Brussels agenda, plus PlugX malware finish the job First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/suspected_chinese_snoops_abuse_unpatched/
-
Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats
Expired security cert, real Brussels agenda, plus PlugX malware finish the job First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/suspected_chinese_snoops_abuse_unpatched/
-
LotL Attack Hides Malware in Windows Native AI Stack
Security programs trust AI data files, but they shouldn’t: they can conceal malware more stealthily than most file types. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/lotl-attack-malware-windows-native-ai-stack
-
Trick, treat, repeat
Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/trick-treat-repeat/
-
Docker Compose vulnerability opens door to host-level writes patch pronto
Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/docker_compose_desktop_flaws/
-
Docker Compose vulnerability opens door to host-level writes patch pronto
Windows Desktop installer also fixed after DLL hijack flaw rated 8.8 severity First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/docker_compose_desktop_flaws/
-
Airstalk Malware: Multi-Threaded C2 Steals Windows Logins
Tags: attack, communications, control, cyber, cybersecurity, infrastructure, login, malware, mobile, powershell, supply-chain, threat, windowsCybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser credentials. The malware, available in both PowerShell and .NET variants, has been linked with medium confidence to a nation-state threat actor operating through a likely supply chain attack…
-
New Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB Privileges
Microsoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs) combined with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines, even when previous Kerberos mitigations are in place. Attribute Details CVE ID CVE-2025-58726 Vulnerability Type SMB Server Elevation of Privilege CVSS 3.1 Score…
-
New Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB Privileges
Microsoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs) combined with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines, even when previous Kerberos mitigations are in place. Attribute Details CVE ID CVE-2025-58726 Vulnerability Type SMB Server Elevation of Privilege CVSS 3.1 Score…
-
Privilege Escalation Exploit Targets Windows Cloud Files Minifilter
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern for systems utilising OneDrive and similar cloud synchronisation services. Attribute Details CVE Identifier CVE-2025-55680 Vulnerability Type Race Condition (TOCTOU) Affected Component cldflt.sys…
-
Chromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silence
Beyond desktop crashes: enterprise automation at risk: While crashed browsers disrupt individual users, the vulnerability poses greater risks to enterprise automation. Organizations running headless Chromium browsers for AI agents, trading systems, or operational monitoring face potential workflow paralysis, the document stated.Pino’s documentation outlined several enterprise attack scenarios. AI agents querying compromised websites could crash mid-analysis,…
-
Privilege Escalation Exploit Targets Windows Cloud Files Minifilter
Microsoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern for systems utilising OneDrive and similar cloud synchronisation services. Attribute Details CVE Identifier CVE-2025-55680 Vulnerability Type Race Condition (TOCTOU) Affected Component cldflt.sys…