Collecting Cyber-News from over 60 sources

Tag: windows

Windows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility Issues

Mar 17, 2026 2:10 PM

Tags: cyber, microsoft, update, windows

Microsoft has rolled out an unexpected out-of-band hotpatch, KB5084897, targeting Windows 11 versions 25H2 and 24H2. Released on March 16, 2026, this specific update resolves a highly disruptive visual bug affecting Bluetooth connectivity management. The patch elevates supported systems to OS builds 26200.7984 and 26100.7984, delivering immediate administrative relief for users struggling to monitor or…
New Windows 11 hotpatch fixes Bluetooth device visibility issue

Mar 17, 2026 1:09 PM

Tags: microsoft, update, windows

Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-11-hotpatch-fixes-bluetooth-device-visibility-issue/
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

Mar 17, 2026 11:10 AM

Tags: attack, chatgpt, macOS, malicious, social-engineering, sophos, tactics, windows

ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
Microsoft points at Samsung after Galaxy app bug locks users out of C:

Mar 17, 2026 10:09 AM

Tags: access, microsoft, windows

‘Access denied’ errors hit certain Windows 11 machines running vendor utility First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/samsung_c_drive_windows/
Payload ransomware hits Windows and ESXi with Babuk-style encryption

Mar 17, 2026 9:10 AM

Tags: cryptography, cyber, encryption, extortion, group, healthcare, ransomware, threat, vmware, windows

A new ransomware operation called Payload is rapidly emerging as a serious threat to both Windows and VMware ESXi environments, combining Babuk-style cryptography with aggressive anti-forensics and a working double-extortion model. The group claims to have been active since at least February 17, 2026. It is already hitting mid-to-large organizations across multiple sectors and countries. The hospital…
Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack

Mar 17, 2026 8:10 AM

Tags: access, attack, cyber, linux, macOS, malicious, rat, software, supply-chain, windows

Malicious npm packages are delivering the North Koreanlinked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/math-service 1.0.11.0.2), followed by react-refresh-update 1.0.11.0.4 published on March 1, 2026. Earlier 1.0.0 versions in both families were benign, a…
Microsoft points at Samsung after Galaxy app bug locks users out of C:/

Mar 17, 2026 5:10 AM

Tags: access, microsoft, windows

‘Access denied’ errors hit certain Windows 11 machines running vendor utility First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/samsung_c_drive_windows/
Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities

Mar 17, 2026 12:09 AM

Tags: malicious, microsoft, remote-code-execution, update, vulnerability, windows

Microsoft releases an out-of-band hotpatch for critical Windows 11 RRAS vulnerabilities that could allow remote code execution through malicious remote servers. The post Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-rras-vulnerabilities-hotpatch/
Hacked sites deliver Vidar infostealer to Windows users

Mar 16, 2026 8:09 PM

Tags: windows, wordpress

We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/hacked-sites-deliver-vidar-infostealer-to-windows-users/
Microsoft Issues Hotpatch for Windows 11 RRAS RCE Bugs

Mar 16, 2026 8:09 PM

Tags: microsoft, rce, remote-code-execution, windows

Microsoft released an emergency hotpatch for Windows 11 to fix critical RRAS remote code execution flaws. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-issues-hotpatch-for-windows-11-rras-rce-bugs/
Microsoft pulls Samsung app blocking Windows C: drive from Store

Mar 16, 2026 3:10 PM

Tags: microsoft, windows

Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-pulls-samsung-app-blocking-windows-c-drive-from-store/
New XWorm 7.1 and Remcos RAT Attacks Abuse Windows Tools to Evade Detection

Mar 16, 2026 1:10 PM

Tags: attack, detection, exploit, flaw, rat, spy, tool, windows

New XWorm 7.1 and Remcos RAT campaigns abuse trusted Windows tools to evade detection. The attacks exploit a WinRAR flaw and use process hollowing to spy on victims. First seen on hackread.com Jump to article: hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
Microsoft warnt: Samsung-App macht Windows-PCs unbrauchbar

Mar 16, 2026 10:10 AM

Tags: microsoft, windows

Einige Windows-Nutzer mit Samsung-PCs können nicht mehr auf ihr Systemlaufwerk zugreifen – mit entsprechend weitreichenden Folgen. First seen on golem.de Jump to article: www.golem.de/news/microsoft-warnt-samsung-app-macht-windows-pcs-unbrauchbar-2603-206519.html
ClickFix techniques evolve in new infostealer campaigns

Mar 16, 2026 8:09 AM

Tags: api, attack, communications, control, credentials, data, data-breach, detection, encryption, framework, github, group, intelligence, iran, korea, lazarus, login, microsoft, north-korea, russia, social-engineering, threat, windows, wordpress

New payloads: The DoubleDonut Loader was observed delivering a new variant of Vidar Stealer, a well-known infostealer, that uses a dead drop resolver technique to retrieve its command-and-control configuration and dynamic API resolution.In addition to Vidar, two previously undocumented infostealers have been observed, one written in .NET and one in C++. Rapid7 has named these…
Microsoft Issues OutBand Patch for Critical Windows 11 RRAS RCE Flaws

Mar 16, 2026 7:09 AM

Tags: access, cyber, flaw, microsoft, rce, remote-code-execution, risk, service, update, vulnerability, windows

Microsoft released an urgent out-of-band security update on March 13, 2026, to address a series of critical vulnerabilities in Windows 11. The update, identified as hotpatch KB5084597, specifically resolves Remote Code Execution (RCE) flaws within the Windows Routing and Remote Access Service (RRAS) management tool. Because these security gaps pose an immediate risk of remote…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 88

Mar 15, 2026 4:10 PM

Tags: exploit, github, international, malware, reverse-engineering, windows

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader New A0Backdoor Linked to…
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw

Mar 15, 2026 12:10 AM

Tags: flaw, microsoft, rce, remote-code-execution, update, vulnerability, windows

Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-11-oob-hotpatch-to-fix-rras-rce-flaw/
Windows 11 users can’t access C: drive on some Samsung PCs

Mar 14, 2026 12:10 AM

Tags: access, microsoft, update, windows

Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-users-cant-access-c-drive-on-some-samsung-pcs/
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
PsExec and Renamed Backup Tools Enabled Data Theft Before INC Ransomware Attack

Mar 13, 2026 9:10 AM

Tags: attack, backup, cyber, data, detection, ransomware, theft, threat, tool, windows

A ransomware intrusion in which attackers used legitimate Windows tools and a renamed backup utility to quietly stage and exfiltrate sensitive data before deploying INC ransomware. The incident highlights how threat actors increasingly rely on “living off the land” techniques to evade detection and operate within compromised environments. Investigators later determined that the threat actor…
Fileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past Detection

Mar 13, 2026 7:09 AM

Tags: attack, cyber, defense, detection, malware, powershell, rat, windows

A recent Remcos RAT campaign showcases how commodity malware has fully embraced fileless, multi”‘stage execution to bypass traditional defenses and remain stealthy on compromised Windows systems. Instead of dropping a static executable to disk, the operators rely on JavaScript, PowerShell, and a managed .NET injector to execute Remcos entirely in memory, dramatically reducing forensic artifacts…
China-nexus Threat Actor Targets Persian Gulf Region With PlugX

Mar 13, 2026 1:10 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, dns, dos, group, Hardware, injection, iran, malicious, malware, microsoft, middle-east, reverse-engineering, service, social-engineering, software, startup, threat, tool, update, windows

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
The who, what, and why of the attack that has shut down Stryker’s Windows network

Mar 13, 2026 12:10 AM

Tags: attack, microsoft, network, windows

Company says it doesn’t know how long it will take to restore its Microsoft environment. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/03/whats-known-about-wiper-attack-on-stryker-a-major-supplier-of-lifesaving-devices/
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Mar 12, 2026 8:10 PM

Tags: banking, credentials, cybercrime, cybersecurity, finance, malware, rust, windows

Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that’s written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem.The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian First…
83% of Cloud Breaches Start with Identity, AI Agents Are About to Make it Worse

Mar 12, 2026 3:10 PM

Tags: ai, breach, cloud, exploit, google, identity, threat, windows

Summary of Google’s H1 2026 Cloud Threat Horizons findings arguing identity failures, weaponized local AI tooling, and collapsing exploitation windows require AI-native security architectures and automated identity governance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/83-of-cloud-breaches-start-with-identity-ai-agents-are-about-to-make-it-worse/
83% of Cloud Breaches Start with Identity. AI Agents are About to Make it Worse.

Mar 12, 2026 2:10 PM

Tags: ai, breach, cloud, exploit, google, identity, threat, windows

Summary of Google’s H1 2026 Cloud Threat Horizons findings arguing identity failures, weaponized local AI tooling, and collapsing exploitation windows require AI-native security architectures and automated identity governance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/83-of-cloud-breaches-start-with-identity-ai-agents-are-about-to-make-it-worse/
83% of Cloud Breaches Start with Identity. AI Agents are About to Make it Worse.

Mar 12, 2026 2:10 PM

Tags: ai, breach, cloud, exploit, google, identity, threat, windows

Summary of Google’s H1 2026 Cloud Threat Horizons findings arguing identity failures, weaponized local AI tooling, and collapsing exploitation windows require AI-native security architectures and automated identity governance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/83-of-cloud-breaches-start-with-identity-ai-agents-are-about-to-make-it-worse/