Tag: windows
-
ClickFix Campaign Uses Fake CAPTCHA Pages to Deliver StealC Malware on Windows
A ClickFix campaign uses fake CAPTCHA pages to trick Windows users into launching StealC malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/clickfix-campaign-uses-fake-captcha-pages-to-deliver-stealc-malware-on-windows/
-
LockBit 5.0 ransomware expands its reach across Windows, Linux, and ESXi
The Acronis Threat Research Unit (TRU) has identified a new and significantly enhanced version of the LockBit ransomware, LockBit 5.0, currently being deployed in active … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/lockbit-5-0-ransomware-windows-linux-esxi/
-
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages…
-
Windows 11 KB5077181 Update Triggers Infinite Restart Loop on Some Devices
Microsoft’s February 10, 2026, Patch Tuesday cumulative updateKB5077181for Windows 11 is being linked to severe boot failures on some devices, with users reporting systems that restart repeatedly and never reach the desktop. The issue is primarily discussed across community threads, including a Reddit post describing more than 15 reboot cycles after installation, effectively locking users…
-
Windows-Sicherheit: Secure Boot: Zertifikate laufen ab Juni 2026 aus
Microsoft stellt klar: Windows-PCs booten auch nach Juni 2026 weiter. Dennoch droht das Aus für wichtige Sicherheits-Patches im Boot-Prozess. First seen on golem.de Jump to article: www.golem.de/news/windows-sicherheit-secure-boot-zertifikate-laufen-ab-juni-2026-aus-2602-205436.html
-
Windows-Sicherheit: Secure Boot: Zertifikate laufen ab Juni 2026 aus
Microsoft stellt klar: Windows-PCs booten auch nach Juni 2026 weiter. Dennoch droht das Aus für wichtige Sicherheits-Patches im Boot-Prozess. First seen on golem.de Jump to article: www.golem.de/news/windows-sicherheit-secure-boot-zertifikate-laufen-ab-juni-2026-aus-2602-205436.html
-
LockBit 5.0 Emerges: Cross-Platform Ransomware Now Targeting Windows, Linux, and ESXi Systems
LockBit’s new 5.0 version is actively attacking Windows, Linux, and ESXi systems, using a unified yet highly optimized ransomware framework that significantly increases the risk to enterprise environments. Analysis by the Acronis Threat Research Unit (TRU) shows that while all variants share the same core encryption and extortion logic, the Windows build carries the most…
-
Chrome 0-Day Enables Remote Code Execution in Ongoing Campaign
Google has released an urgent security update for the Chrome desktop web browser to address a severe high-severity vulnerability that is currently being exploited in the wild. The search giant rolled out the fix on Friday, updating the Stable channel to version 145.0.7632.75/.76 for Windows and macOS users, and version 144.0.7559.75 for Linux users. This…
-
Windows 11 KB5077181 fixes boot failures linked to failed updates
Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an “UNMOUNTABLE_BOOT_VOLUME” error after installing recent security updates, with the fix delivered in the February 2026 Patch Tuesday update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077181-fixes-boot-failures-linked-to-failed-updates/
-
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups
CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized “Ninja Browser.” The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ctm360-lumma-stealer-and-ninja-browser-malware-campaign-abusing-google-groups/
-
1,800+ Windows Servers Hit by BADIIS SEO Malware
Over 1,800 Windows IIS servers were compromised by BADIIS malware in a stealthy global SEO poisoning campaign. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/1800-windows-servers-hit-by-badiis-seo-malware/
-
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-under-pressure-defenses-byovd-attacks
-
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-under-pressure-defenses-byovd-attacks
-
Four new reasons why Windows LNK files cannot be trusted
Hidden command-line arguments: Beyond target spoofing, Beukema demonstrated a technique for hiding malicious command-line instructions behind legitimate executables. LNK files can launch trusted Windows binaries while passing attacker-controlled instructions through embedded arguments, enabling “living-off-the-land” (LOLBINs) execution without pointing directly to malware.According to the researcher, this can be done by manipulating the input passed into certain…
-
Windows ist offen für andere Passwortmanager – So funktionieren Passkeys unter Windows 11
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-sichere-anmeldung-externe-passwortmanager-a-de4da6e1ce78536bfad5a67c04b0d50b/
-
Microsoft fixes bug that blocked Google Chrome from launching
Microsoft has fixed a known issue causing its Family Safety parental control service to block Windows users from launching Google Chrome and other web browsers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-family-safety-bug-that-blocks-google-chrome-from-launching/
-
New XWorm RAT Campaign Leverages Phishing and CVE-2018-0802 Excel Exploit to Bypass Detection
Tags: attack, control, cve, cyber, cybercrime, data, ddos, detection, exploit, marketplace, phishing, ransomware, rat, theft, windowsXWorm, a multi-functional .NET”‘based RAT first observed in 2022, remains actively traded across cybercrime marketplaces and continues to attract both low-skilled and advanced operators thanks to its rich feature set and plugin-based architecture. Once deployed, it enables full remote control of compromised Windows systems, including data theft, remote desktop control, DDoS attacks, and ransomware execution.…
-
New ClickFix Attack Wave Targets Windows Systems to Deploy StealC Stealer
A new wave of ClickFix attacks is targeting Windows users with fake Cloudflare-style CAPTCHA verification pages that trick victims into executing malicious PowerShell commands. This campaign delivers a multi-stage, fileless infection chain that ends with StealC, a powerful information stealer capable of harvesting credentials, cryptocurrency wallets, gaming accounts, emails, and detailed system fingerprints. The operation…
-
BADIIS Malware Targets Over 1,800 Windows Servers in Massive SEO Poisoning Attack
Over 1,800 Windows IIS servers worldwide have been compromised in a large-scale search engine optimization (SEO) poisoning campaign driven by the BADIIS malware, a malicious IIS module used to hijack legitimate web traffic. The operation, tracked by Elastic Security Labs as REF4033, is attributed to a Chinese-speaking cybercrime group that monetizes these compromised servers by…
-
Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack
Microsoft patches 58 vulnerabilities, including six actively exploited zero-days across Windows, Office, and RDP, as CISA sets a March 3 deadline. The post Microsoft’s February Patch Tuesday Fixes 6 Zero-Days Under Attack appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-six-zero-days-february-2026/
-
New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/
-
NDSS 2025 Revisiting Concept Drift In Windows Malware Detection
Session 12B: Malware Authors, Creators & Presenters: Adrian Shuai Li (Purdue University), Arun Iyengar (Intelligent Data Management and Analytics, LLC), Ashish Kundu (Cisco Research), Elisa Bertino (Purdue University) PAPER Revisiting Concept Drift in Windows Malware Detection: Adaptation to Real Drifted Malware with Minimal Samples In applying deep learning for malware classification, it is crucial to…
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
How to Sign Authenticode Files with SignTool using KSP Library?
Signing code is a critical process for maintaining software integrity and developer trust. On a Windows-based system, Authenticode signing provides assurance after a program or driver has been posted that it has not been modified. Using Microsoft SignTool and a Key Storage Provider (KSP) service such as DigiCert® KeyLocker, executed software, DLLs, and installers can”¦…
-
How to Sign Authenticode Files with SignTool using KSP Library?
Signing code is a critical process for maintaining software integrity and developer trust. On a Windows-based system, Authenticode signing provides assurance after a program or driver has been posted that it has not been modified. Using Microsoft SignTool and a Key Storage Provider (KSP) service such as DigiCert® KeyLocker, executed software, DLLs, and installers can”¦…
-
Microsoft Store updated with a new CLI, analytics, and Web Installer improvements
Microsoft has introduced new developer tools, updates to developer analytics, and a Web Installer in the Microsoft Store on Windows to help developers build and scale apps on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/microsoft-store-cli-command-line-interface/