Tag: windows

Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

Apr 23, 2026 5:39 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, detection, github, infection, intelligence, korea, login, malicious, malware, military, monitoring, network, open-source, service, tactics, threat, tool, windows

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core

Apr 22, 2026 9:39 PM

Tags: advisory, api, authentication, container, cve, cvss, data, docker, exploit, flaw, framework, github, login, microsoft, password, update, vulnerability, windows, zero-day

UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
Most Windows 11 Users Don’t Need Third-Party Antivirus

Apr 22, 2026 9:39 PM

Tags: antivirus, microsoft, windows

Microsoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection. The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-no-third-party-antivirus-needed/
Most Windows 11 Users Don’t Need Third-Party Antivirus

Apr 22, 2026 9:39 PM

Tags: antivirus, microsoft, windows

Microsoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection. The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-no-third-party-antivirus-needed/
Kyber ransomware gang toys with post-quantum encryption on Windows

Apr 22, 2026 9:39 PM

Tags: attack, encryption, endpoint, ransomware, vmware, windows

A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows/
Tencent’s QClaw AI agent app arrives on Windows and macOS

Apr 22, 2026 1:39 PM

Tags: ai, international, korea, macOS, windows

Tencent has opened an international beta of QClaw, an AI agent application aimed at consumers in Canada, Japan, Singapore, South Korea, and the United States. The first wave … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/tencent-qclaw-ai-agent-windows-macos/
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection

Apr 22, 2026 10:38 AM

Tags: backdoor, control, cyber, detection, exploit, malware, threat, windows

DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker”‘controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a flexible way to deploy fileless or low”‘footprint malware into enterprise environments. Instead of shipping a conventional compiled…
Zero-Day-Lücken: Angriffe auf Windows-Systeme beobachtet

Apr 22, 2026 9:39 AM

Tags: cyberattack, hacker, windows, zero-day

Hacker haben drei kürzlich bekanntgewordene Sicherheitslücken im Windows Defender ausgenutzt. Nur für eine davon gibt es bisher einen Patch. First seen on golem.de Jump to article: www.golem.de/news/zero-day-luecken-unter-beschuss-angriffe-auf-windows-systeme-beobachtet-2604-207763.html
Exploits Turn Windows Defender into Attacker Tool

Apr 21, 2026 10:40 PM

Tags: attack, exploit, microsoft, tool, windows

Three proof-of-concept exploits are being used in active attacks against Microsoft’s built-in security platform; two are unpatched. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker

Apr 21, 2026 9:39 AM

Tags: corporate, cyber, linux, network, threat, vmware, windows

Gentlemen is a fast”‘growing ransomware”‘as”‘a”‘service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi”‘platform design and strong defense”‘evasion features make it a high”‘impact threat to corporate networks worldwide. The Gentlemen RaaS emerged around mid”‘2025 and quickly built an affiliate ecosystem by…
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker

Apr 21, 2026 9:39 AM

Tags: corporate, cyber, linux, network, threat, vmware, windows

Gentlemen is a fast”‘growing ransomware”‘as”‘a”‘service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi”‘platform design and strong defense”‘evasion features make it a high”‘impact threat to corporate networks worldwide. The Gentlemen RaaS emerged around mid”‘2025 and quickly built an affiliate ecosystem by…
Remote Code Execution und Evelation of Privilege – CISA warnt vor Angriffen auf Microsoft Exchange und Windows CLFS

Apr 21, 2026 7:39 AM

Tags: cisa, microsoft, remote-code-execution, windows

First seen on security-insider.de Jump to article: www.security-insider.de/aktive-angriffe-exchange-windows-clfs-schwachstellen-patchen-a-18e96c176dc7a26db31fdca756f24673/
Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Apr 20, 2026 9:39 PM

Tags: exploit, flaw, microsoft, update, vulnerability, windows

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users. The post Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-defender-flaws-exploited-windows-10-11/
Microsoft releases Windows Server update fix to fix its April update fixes

Apr 20, 2026 3:39 PM

Tags: control, microsoft, update, windows

Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
Microsoft releases Windows Server update fix to fix its April update fixes

Apr 20, 2026 3:39 PM

Tags: control, microsoft, update, windows

Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
Microsoft releases Windows Server update fix to fix its April update fixes

Apr 20, 2026 3:39 PM

Tags: control, microsoft, update, windows

Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
Microsoft releases Windows Server update fix to fix its April update fixes

Apr 20, 2026 3:39 PM

Tags: control, microsoft, update, windows

Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
DFIR Report The Gentlemen SystemBC: A Sneak Peek Behind the Proxy

Apr 20, 2026 3:39 PM

Tags: group, linux, ransomware, service, windows

ey Points The Gentlemen RaaS The Gentlemen ransomware”‘as”‘a”‘service (RaaS) operation is a relatively new group that emerged around mid”‘2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi”‘OS lockers for Windows, Linux,…
Microsoft tests Windows Explorer speed, performance improvements

Apr 20, 2026 2:38 PM

Tags: microsoft, windows

Microsoft is rolling out multiple File Explorer changes to Windows 11 users in the Insider program, including improvements to launch speed and performance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-speed-performance-improvements/
North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings

Apr 20, 2026 2:38 PM

Tags: access, crypto, cyber, google, korea, linux, macOS, malware, microsoft, north-korea, social-engineering, theft, threat, windows

North Korea-linked threat actor UNC1069 is running a highly targeted campaign that abuses fake Zoom, Google Meet, and Microsoft Teams meetings to compromise cryptocurrency and Web3 professionals across Windows, macOS, and Linux systems. The goal is long-term access and large-scale theft of digital assets through stealthy social engineering and multi-stage malware deployment. Attackers often hijack…
Zero-Day-Lücken unter Beschuss: Angriffe auf Windows-Systeme beobachtet

Apr 20, 2026 1:39 PM

Tags: cyberattack, hacker, windows, zero-day

Hacker haben drei kürzlich bekanntgewordene Sicherheitslücken im Windows Defender ausgenutzt. Nur für eine davon gibt es bisher einen Patch. First seen on golem.de Jump to article: www.golem.de/news/zero-day-luecken-unter-beschuss-angriffe-auf-windows-systeme-beobachtet-2604-207763.html
Microsoft releases emergency updates to fix Windows Server issues

Apr 20, 2026 11:39 AM

Tags: microsoft, update, windows

Microsoft has released out-of-band (OOB) updates to fix issues affecting Windows Server systems after installing the April 2026 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-windows-server-issues/
Windows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage Security

Apr 20, 2026 11:39 AM

Tags: control, cyber, microsoft, update, windows

Microsoft has rolled out Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, bringing crucial updates for system security and storage management. Announced by the Windows Insider Program Team on April 10, 2026, this release delivers enhanced oversight for Secure Boot states. It streamlines User Account Control (UAC) prompts. The update provides users with…
Fake Helpdesk Attack Uses Teams and Quick Assist to Breach Targets

Apr 20, 2026 7:38 AM

Tags: attack, breach, cyber, data, microsoft, tool, windows

Attackers are increasingly abusing Microsoft Teams and Windows Quick Assist to run a helpdesk”‘themed social engineering attack chain that leads to full enterprise compromise and stealthy data theft. By impersonating IT support and relying on legitimate tools and protocols, adversaries can move laterally and exfiltrate data while blending into normal admin activity. Using names such as “Help…
Hackers are abusing unpatched Windows security flaws to hack into organizations

Apr 17, 2026 8:40 PM

Tags: attack, cybersecurity, exploit, flaw, hacker, vulnerability, windows

A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit them. Now, hackers are taking advantage of the vulnerabilities in real-life attacks, according to a cybersecurity firm. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/17/hackers-are-abusing-unpatched-windows-security-flaws-to-hack-into-organizations/
Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches

Apr 17, 2026 2:37 PM

Tags: cyber, microsoft, update, windows

Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers after deploying the April 2026 cumulative update KB5082063 (OS Build 26100.32690), released on April 14, 2026. Affected domain controllers are entering repeated restart loops, and a separate but related issue is triggering BitLocker recovery prompts on enterprise-managed systems post-update. Reboot Loop Issue…
Totalrecall Reloaded: Tool zeigt Schwachstelle in Windows Recall

Apr 17, 2026 1:38 PM

Tags: tool, vulnerability, windows

Eine neue Version des Tools Totalrecall zeigt, wie sich Daten aus Windows Recall immer noch vergleichsweise leicht abgreifen lassen. First seen on golem.de Jump to article: www.golem.de/news/totalrecall-reloaded-tool-zeigt-schwachstelle-in-windows-recall-2604-207704.html
Nach Microsoft-Patchday: Update-Fehler und ständige Reboots bei Windows Server

Apr 17, 2026 12:38 PM

Tags: microsoft, update, windows

IT-Admins haben mit den April-Updates für Windows Server allerhand zu tun. Die Updates können fehlschlagen oder wiederholte Reboots auslösen. First seen on golem.de Jump to article: www.golem.de/news/nach-microsoft-patchday-update-fehler-und-staendige-reboots-bei-windows-server-2604-207693.html
Some Windows servers enter reboot loops after April patches

Apr 17, 2026 10:38 AM

Tags: microsoft, windows

Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-reboot-loops-affecting-some-domain-controllers/
Recently leaked Windows zero-days now exploited in attacks

Apr 17, 2026 8:37 AM

Tags: attack, data-breach, exploit, threat, vulnerability, windows, zero-day

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/