Tag: windows

Microsoft Teams Rolls Out New Feature For Faster Startup and Better Performance

Nov 26, 2025 12:49 PM

Tags: cyber, microsoft, startup, update, windows

Microsoft Teams is set to launch a key update for its Windows desktop client, introducing a new child process, ms-teams_modulehost.exe, to boost the performance of calling features and reduce startup times. This change separates the calling stack from the primary ms-teams.exe process, allowing better resource management and smoother meetings without altering user interfaces or workflows.…
Gamayun APT Exploits New MSC EvilTwin Vulnerability to Deliver Malicious Payloads

Nov 26, 2025 7:49 AM

Tags: apt, cyber, exploit, group, infrastructure, malicious, microsoft, powershell, social-engineering, threat, vulnerability, windows

Water Gamayun, a Russia”‘aligned advanced persistent threat (APT) group, has launched a new multi”‘stage intrusion campaign that weaponizes the recently disclosed MSC EvilTwin vulnerability in Windows Microsoft Management Console (MMC). Leveraging a blend of compromised infrastructure, social engineering, and heavily obfuscated PowerShell, the attackers exploited CVE”‘2025″‘26633 to inject malicious code into mmc.exe, ultimately delivering hidden…
New ClickFix attacks use fake Windows Update screens to fool employees

Nov 26, 2025 5:49 AM

Tags: access, attack, awareness, captcha, computer, control, data, defense, detection, edr, email, endpoint, exploit, group, infection, intelligence, malicious, malware, monitoring, network, okta, phishing, powershell, russia, tactics, threat, tool, training, update, windows

Run dialog box, Windows Terminal, or Windows PowerShell. This leads to the downloading of scripts that launch malware.Two new tactics are used in the latest ClickFix campaign, says Huntress:the use since early October of a fake blue Windows Update splash page in full-screen, displaying realistic “Working on updates” animations that eventually conclude by prompting the user to…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Microsoft is speeding up the Teams desktop client for Windows

Nov 25, 2025 3:49 PM

Tags: microsoft, windows

Microsoft says it will add a new Teams call handler beginning in January 2026 to reduce launch times and boost call performance for the Windows desktop client. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-boost-teams-performance-with-new-call-handler/
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

Nov 25, 2025 3:49 PM

Tags: cybersecurity, malicious, malware, phishing, update, windows

Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a “critical” Windows security update.”Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising,” Acronis said in a…
How to Sign Windows Binaries using AWS KMS?

Nov 25, 2025 3:49 PM

Tags: cloud, control, encryption, service, windows

What is AWS KMS? AWS Key Management Service (KMS) is a cloud service that allows organizations to generate, control, and maintain keys that secure their data. AWS KMS allows organizations to have a common way of dealing with keys by making encryption easier for many AWS services, programs, and operations. AWS KMS allows users to”¦…
Microsoft Warns of Security Risks in New Agentic AI Feature

Nov 25, 2025 1:51 PM

Tags: ai, cyber, microsoft, risk, windows

Microsoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features like Copilot Actions. The company is rolling out a new agent workspace feature in private preview that establishes isolated environments for AI agents to operate, but the tech giant is being transparent about the novel…
Microsoft Warns of Security Risks in New Agentic AI Feature

Nov 25, 2025 1:51 PM

Tags: ai, cyber, microsoft, risk, windows

Microsoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features like Copilot Actions. The company is rolling out a new agent workspace feature in private preview that establishes isolated environments for AI agents to operate, but the tech giant is being transparent about the novel…
Microsoft Warns of Security Risks in New Agentic AI Feature

Nov 25, 2025 1:51 PM

Tags: ai, cyber, microsoft, risk, windows

Microsoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features like Copilot Actions. The company is rolling out a new agent workspace feature in private preview that establishes isolated environments for AI agents to operate, but the tech giant is being transparent about the novel…
ClickFix Attack Uses Steganography to Hide Malware in Fake Windows Security Update

Nov 25, 2025 1:51 PM

Tags: attack, cyber, cybersecurity, malicious, malware, social-engineering, update, windows

Cybersecurity researchers at Huntress have uncovered a sophisticated ClickFix campaign that leverages steganography to conceal malicious code within PNG images disguised as Windows Update screens. The attack chain delivers multiple variants of information-stealing malware, including LummaC2 and Rhadamanthys, through a deceptive social engineering technique that tricks users into executing commands via the Windows Run prompt.…
Attackers are Using Fake Windows Updates in ClickFix Scams

Nov 25, 2025 5:49 AM

Tags: malicious, malware, scam, threat, update, windows

Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
Attackers are Using Fake Windows Updates in ClickFix Scams

Nov 25, 2025 5:49 AM

Tags: malicious, malware, scam, threat, update, windows

Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/attackers-are-using-fake-windows-updates-in-clickfix-scams/
Fresh ClickFix attacks use Windows Update trick-pics to steal credentials

Nov 25, 2025 12:49 AM

Tags: attack, credentials, malicious, update, windows

Poisoned PNGs contain malicious code First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/clickfix_attack_infostealers_images/
ClickFix attack uses fake Windows Update screen to push malware

Nov 24, 2025 10:49 PM

Tags: attack, malicious, malware, threat, update, windows

New ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clickfix-attack-uses-fake-windows-update-screen-to-push-malware/
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer

Nov 24, 2025 3:49 PM

Tags: credentials, cybersecurity, malicious, malware, marketplace, microsoft, tool, windows

Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious ‘prettier-vscode-plus’ extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data. First seen on hackread.com Jump to article: hackread.com/prettier-extension-vscode-marketplace-anivia-stealer/
Microsoft tests File Explorer preloading for faster performance

Nov 24, 2025 3:49 PM

Tags: microsoft, windows

Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-preloading-for-faster-launches/
Microsoft tests File Explorer preloading for faster performance

Nov 24, 2025 3:49 PM

Tags: microsoft, windows

Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-preloading-for-faster-launches/
Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer

Nov 24, 2025 2:49 PM

Tags: credentials, cybersecurity, malicious, malware, marketplace, microsoft, tool, windows

Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious ‘prettier-vscode-plus’ extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data. First seen on hackread.com Jump to article: hackread.com/prettier-extension-vscode-marketplace-anivia-stealer/
Microsoft tests File Explorer preloading for faster performance

Nov 24, 2025 2:49 PM

Tags: microsoft, windows

Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-preloading-for-faster-launches/
Microsoft tests File Explorer preloading for faster performance

Nov 24, 2025 2:49 PM

Tags: microsoft, windows

Microsoft is testing a new optional feature that preloads File Explorer in the background to improve launch times on Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-preloading-for-faster-launches/
Malware im Anmarsch: Kritische Windows-Lücke ermöglicht Angriffe über JPEG-Daten

Nov 24, 2025 1:49 PM

Tags: bug, cyberattack, exploit, malware, windows

Forscher warnen vor einer kritischen Sicherheitslücke in einer Windows-Bibliothek. Angreifer können über JPEG-Bilddaten Schadcode einschleusen. First seen on golem.de Jump to article: www.golem.de/news/malware-im-anmarsch-kritische-windows-luecke-ermoeglicht-angriffe-ueber-jpeg-daten-2511-202528.html
Microsoft to remove WINS support after Windows Server 2025

Nov 24, 2025 1:49 PM

Tags: Internet, microsoft, service, windows

Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-wins-support-after-windows-server-2025/
Microsoft to remove WINS support after Windows Server 2025

Nov 24, 2025 1:49 PM

Tags: Internet, microsoft, service, windows

Microsoft has warned IT administrators to prepare for the removal of Windows Internet Name Service (WINS) from Windows Server releases starting in November 2034. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-wins-support-after-windows-server-2025/
Windows 11 24H2 bug crashes Explorer and Start Menu

Nov 24, 2025 12:49 PM

Tags: microsoft, update, windows

Microsoft has confirmed a critical Windows 11 24H2 bug that causes the File Explorer, the Start Menu, and other key system components to crash after installing cumulative updates released since July 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-24h2-bug-crashes-key-system-components/
Python-Based Malware Enables Stealthy Process Injection into Legitimate Windows Binaries

Nov 24, 2025 12:49 PM

Tags: cyber, injection, malicious, malware, windows

K7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk consisting of filler content, and only a small, valid, marshalled .pyc segment at the end containing the actual malicious code. This…
Python-Based Malware Enables Stealthy Process Injection into Legitimate Windows Binaries

Nov 24, 2025 12:49 PM

Tags: cyber, injection, malicious, malware, windows

K7 Labs researchers have identified a sophisticated Python-based malware sample employing multi-stage obfuscation and process injection techniques to achieve stealthy persistence on Windows systems. The malware reconstructs a 65 MB blob, with the bulk consisting of filler content, and only a small, valid, marshalled .pyc segment at the end containing the actual malicious code. This…
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

Nov 24, 2025 9:49 AM

Tags: access, cve, exploit, flaw, intelligence, malware, microsoft, open-source, service, threat, update, vulnerability, windows

A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.”The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source First…
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

Nov 24, 2025 9:49 AM

Tags: access, cve, exploit, flaw, intelligence, malware, microsoft, open-source, service, threat, update, vulnerability, windows

A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.”The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source First…