Tag: windows
-
USB worm spreads crypto-stealing malware via Windows shortcut files
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/
-
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026.”The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command-and-control] server,” the Microsoft Defender Security Research Team said in an analysis published Tuesday. “It…
-
Windows Defender Vulnerability Exposed as RoguePlanet PoC Spreads Online
A newly disclosed Windows Defender vulnerability, tracked as CVE-2026-50656 and dubbed RoguePlanet, has raised concerns across the cybersecurity community after a working proof-of-concept (PoC) exploit was released before a security patch became available. The exploit was published on GitHub by security researcher Nightmare Eclipse on June 10, 2026, only hours after Microsoft issued its June Patch Tuesday updates. First seen…
-
Microsoft fixes Windows Server 2016 security update failures
Microsoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren’t up to date. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/
-
Windows 11 June Patch Triggers Microsoft Office Startup Issues
Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as users report that Microsoft Office applications fail to launch when opened via certain third-party applications. The update, released on June 9, 2026, targets Windows 11 version 26H1 and bundles critical security…
-
Gefährlicher Windows-Exploit: Microsoft verspricht ein High-Quality-Update
Microsoft will mit einem Update die Ausnutzung des Rogueplanet-Exploits auf Windows-Geräten unterbinden. Wann das passiert, bleibt aber ein Rätsel. First seen on golem.de Jump to article: www.golem.de/news/rogueplanet-exploit-microsoft-verspricht-ein-high-quality-sicherheitsupdate-2606-209904.html
-
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-office-apps-launch-issues-after-june-updates/
-
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-office-apps-launch-issues-after-june-updates/
-
Windows and Linux users: The deadline to update Secure Boot keys is near
What you need to know about the expiration of keys securing your machine’s boot sequence. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/windows-and-linux-users-the-deadline-to-update-secure-boot-keys-is-near/
-
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows builds internally labelled WIN_DRV and WIN_PLUS preserve the original SprySOCKS protocol and command set while adding Windows-native loading techniques and, in WIN_DRV’s case, a kernel-mode driver that substantially increases stealth and…
-
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows builds internally labelled WIN_DRV and WIN_PLUS preserve the original SprySOCKS protocol and command set while adding Windows-native loading techniques and, in WIN_DRV’s case, a kernel-mode driver that substantially increases stealth and…
-
China-Linked FishMonger Ports SprySOCKS to Windows With Kernel-Level Stealth and UEFI Bootkit Hints
China-linked FishMonger used two SprySOCKS Windows variants that leveraged kernel drivers and the Print Spooler to target governments in four countries. ESET researchers have found two previously undocumented Windows versions of SprySOCKS, a backdoor that the security community had until now treated as Linux-only. Trend Micro first documented the Linux variant in September 2023 and…
-
Critical Chrome Flaws Let Attackers Execute Arbitrary Code Update Immediately
Google has released an urgent Chrome security update addressing multiple critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 149.0.7827.155/.156 for Windows and macOS and 149.0.7827.155 for Linux. Security researchers and enterprise defenders are strongly advised to apply the…
-
Das FishMonger-Arsenal wurde erweitert: SprySOCKS für Windows
ESET Forscher haben ‘SprySOCKS for Windows” entdeckt. Die Backdoor von FishMonger nutzt einen Kernel-Treiber, um eine besonders hohe Tarnung zu erzielen. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/das-fishmonger-arsenal-wurde-erweitert-sprysocks-fur-windows/
-
SprySOCKS backdoor expands to Windows with new variants
First seen on scworld.com Jump to article: www.scworld.com/brief/sprysocks-backdoor-expands-to-windows-with-new-variants
-
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/sprysocks-windows-variant-kernel-drivers
-
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/
-
SprySOCKS Backdoor Expands From Linux to Windows
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sprysocks-backdoor-windows/
-
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.”The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, First…
-
Chinese Hacking Firm Upgrades With New Windows Backdoor
Researchers Identified Two Undocumented Variants Used Since 2023. Eset uncovered two previously undocumented Windows variants of the China-linked SprySocks backdoor tied to FishMonger and iSoon, revealing expanded espionage capabilities, rootkit-based stealth and continued targeting of government organizations across Asia and Central America. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hacking-firm-upgrades-new-windows-backdoor-a-31977
-
Windows version of SprySOCKS Linux malware used to attack govt orgs
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/
-
Windows 11 Update Causes System Freezes, Triggers BitLocker Recovery, and Breaks OneDrive
Windows 11 cumulative update KB5094126, released on June 9, 2026, for builds 26200.8655 and 26100.8655, is triggering a wave of user reports about system freezes, forced BitLocker recovery screens, and broken OneDrive integration in File Explorer on some devices. While Microsoft positions the patch as a critical security and reliability update, early feedback suggests serious…
-
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems
A newly enhanced version of the open-source DPAPISnoop tool is drawing attention in the security community after researchers demonstrated its ability to extract offline-crackable hashes from Windows DPAPI credential history (CREDHIST) files, potentially exposing historical password material and enabling deeper insight into user password patterns over time. New DPAPISnoop Tool Developed by Nettitude’s CyberLabs team,…
-
Streit mit Microsoft: Anonymer Sicherheitsforscher veröffentlicht nächsten Windows-Exploit
First seen on t3n.de Jump to article: t3n.de/news/streit-mit-microsoft-anonymer-sicherheitsforscher-veroeffentlicht-naechsten-windows-exploit-1747312/
-
New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight
A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact. The post New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-bitlocker-zero-day-june-2026/
-
Microsoft fixes Windows update failures linked to WUSA installer
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-update-failures-linked-to-wusa-installer/
-
Fake Windows and Office Activation Videos Spread Infostealers on TikTok and Instagram
Short-form video platforms such as TikTok and Instagram Reels have become an increasingly effective vector for distributing infostealers, as threat actors leverage polished tutorial-style clips to trick Windows users into running malicious code. Attackers create accounts with Windows-like naming and branding, then post short, high-production-value videos that mimic authentic support or how-to content. The posts…
-
Product showcase: Avast One turns scam screenshots into actionable security advice
Avast One Free combines privacy, security, identity monitoring, and performance tools in a single platform. The app is available for Windows, macOS, Android, and iOS. Checking … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/product-showcase-avast-one-platform/
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender.”This was an accidental discovery, it took a total of 4 hours to find this,” the researcher said in a post on Blogger. “If you ever attempted to use…
-
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions. First seen on hackread.com Jump to article: hackread.com/hackers-fake-claude-code-guide-ai-pdfs-asyncrat/