Collecting Cyber-News from over 60 sources

Tag: windows

BYOVD Turns Trusted Drivers Against Windows Security

Mar 2, 2026 4:49 PM

Tags: access, exploit, vulnerability, windows

BYOVD lets attackers exploit signed but vulnerable Windows drivers to gain kernel-level access and disable security tools. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/byovd-turns-trusted-drivers-against-windows-security/
MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update

Mar 2, 2026 3:47 PM

Tags: cve, cyber, exploit, flaw, group, malware, microsoft, threat, update, vulnerability, windows, zero-day

Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security features and execute arbitrary code. APT28 is a well-documented advanced persistent threat group known for sophisticated malware campaigns. Security researchers from Akamai discovered that…
ProofConcept Released for Windows ALPC Privilege Escalation via Error Reporting

Mar 2, 2026 2:47 PM

Tags: cve, cvss, cyber, flaw, service, vulnerability, windows

A critical local privilege escalation (LPE) vulnerability, identified as CVE-2026-20817, has been publicly documented following the release of a proof-of-concept (PoC) exploit. Discovered in the Windows Error Reporting (WER) service, the flaw allows an authenticated, low-privileged user to execute arbitrary code with SYSTEM-level access. Vulnerability Overview Feature Details CVE ID CVE-2026-20817″‹ Severity Score CVSS 7.8…
Fake Zoom and Google Meet Phishing Campaigns Deploy Teramind Surveillance Software

Feb 28, 2026 5:37 PM

Tags: attack, cyber, endpoint, google, infection, monitoring, phishing, scam, software, threat, unauthorized, windows

Threat actors are executing sophisticated phishing campaigns that impersonate Zoom and Google Meet to silently deploy Teramind onto Windows devices. While Teramind is a legitimate enterprise endpoint monitoring product, scammers are abusing its stealth features to conduct unauthorized surveillance. The Infection Chain and Delivery Mechanism The attack relies on fabricated landing pages that mimic official…
Hackers Exploit Windows File Explorer and WebDAV to Distribute Malware

Feb 28, 2026 10:37 AM

Tags: access, control, cyber, cybersecurity, detection, endpoint, exploit, hacker, intelligence, malware, threat, windows

Cybersecurity researchers at Cofense Intelligence have uncovered an ongoing campaign where threat actors abuse Windows File Explorer to distribute malware. By exploiting the legacy WebDAV protocol, attackers are tricking victims into downloading Remote Access Trojans (RATs) while bypassing traditional web browser security controls and some Endpoint Detection and Response (EDR) systems.”‹ WebDAV Exploit WebDAV (Web-based…
Microsoft testing Windows 11 batch file security improvements

Feb 27, 2026 9:37 PM

Tags: microsoft, windows

Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-testing-windows-11-batch-file-security-improvements/
Microsoft taps ASUS and Dell for the Windows 365 Cloud PC strategy

Feb 27, 2026 1:37 PM

Tags: cloud, Hardware, microsoft, strategy, windows

Microsoft is adding two new Windows 365 Cloud PC devices, the ASUS NUC 16 for Windows 365 and the Dell Pro Desktop for Windows 365, expanding hardware options for its … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/windows-365-cloud-pc-devices-asus-and-dell/
Microsoft taps ASUS and Dell into the Windows 365 Cloud PC strategy

Feb 27, 2026 12:37 PM

Tags: cloud, Hardware, microsoft, strategy, windows

Microsoft is adding two new Windows 365 Cloud PC devices, the ASUS NUC 16 for Windows 365 and the Dell Pro Desktop for Windows 365, expanding hardware options for its … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/27/windows-365-cloud-pc-devices-asus-and-dell/
Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution

Feb 27, 2026 11:37 AM

Tags: cyber, endpoint, flaw, malicious, update, vulnerability, windows

Trend Micro has disclosed eight security vulnerabilities in its Apex One endpoint protection platform, including two critical-severity flaws that allow unauthenticated remote attackers to upload malicious code and execute commands on affected systems. The company released a Critical Patch on February 24, 2026, under Solution ID KA-0022458, covering Apex One 2019 (on-premises) on Windows and…
Critical Trend Micro Apex One Vulnerabilities Allow Remote Malicious Code Execution

Feb 27, 2026 11:37 AM

Tags: cyber, endpoint, flaw, malicious, update, vulnerability, windows

Trend Micro has disclosed eight security vulnerabilities in its Apex One endpoint protection platform, including two critical-severity flaws that allow unauthenticated remote attackers to upload malicious code and execute commands on affected systems. The company released a Critical Patch on February 24, 2026, under Solution ID KA-0022458, covering Apex One 2019 (on-premises) on Windows and…
Trend Micro fixes two critical flaws in Apex One

Feb 27, 2026 12:37 AM

Tags: flaw, remote-code-execution, update, vulnerability, windows

Trend Micro fixed two critical Apex One flaws enabling remote code execution on vulnerable Windows systems and urged immediate updates. Trend Micro has addressed two critical vulnerabilities in Apex One that could allow attackers to achieve remote code execution on affected Windows systems. The company released security updates and strongly urged customers to apply the…
Emulating the Systematic LokiLocker Ransomware

Feb 26, 2026 9:36 PM

Tags: attack, defense, detection, firewall, malware, ransomware, windows

AttackIQ has released a new attack graph that emulates the behaviors of LokiLocker ransomware, a .NET based strain active since at least mid-August 2021. The malware combines defense evasion and impact techniques, including disabling Task Manager and Windows Firewall, as well as deleting Volume Shadow Copies to hinder detection and prevent restoration. First seen on…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
APT37 Adds New Capabilities for Air-Gapped Networks

Feb 26, 2026 5:37 PM

Tags: access, android, api, attack, authentication, backdoor, cloud, communications, computer, credentials, data, detection, endpoint, google, government, group, Hardware, infection, infrastructure, injection, Internet, malicious, malware, microsoft, monitoring, network, north-korea, powershell, service, social-engineering, threat, tool, update, windows

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign, tracked as Ruby Jumper by ThreatLabz, APT37 uses Windows shortcut (LNK) files to initiate an attack that utilizes a set of newly discovered tools. These tools, RESTLEAF, SNAKEDROPPER, THUMBSBD, and VIRUSTASK,…
Microsoft expands Windows restore to more enterprise devices

Feb 26, 2026 2:40 PM

Tags: microsoft, windows

Microsoft now allows more enterprise users to restore their personal settings and Microsoft Store apps from a previous Windows 11 device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-expands-windows-restore-to-more-enterprise-devices/
Zoom Update Scam Infects 1,437 Users in 12 Days to Deploy Surveillance Tools

Feb 26, 2026 2:40 PM

Tags: cyber, exploit, malicious, scam, tool, update, windows

A dangerous new scam is targeting Zoom users by exploiting their trust in video meeting invites. Over just twelve days, 1,437 Windows users unknowingly installed a malicious version of the Teramind monitoring agent after visiting a fake Zoom meeting page designed to trigger silent downloads. The operation starts at uswebzoomus[.]com/zoom/ a domain mimicking Zoom’s legitimate interface. When opened, it displays…
Optionales Februar-Update für Windows 11 Update – – Speed-Test in der Taskleiste ist eine Browser-Weiterleitung

Feb 26, 2026 1:44 PM

Tags: data, microsoft, update, windows

Microsoft verteilt das optionale Februar-Update für Windows 11. Zu den Neuerungen zählt eine Speed-Test-Weiterleitung. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/optionales-februar-update-fuer-windows-11-speed-test-in-der-taskleiste-ist-eine-browser-weiterleitung.96299
New PoC for Windows Exploit Lets Low-Privileged Users Crash Systems with BSOD

Feb 26, 2026 10:37 AM

Tags: cve, cyber, exploit, flaw, vulnerability, windows

Security researchers have released a new Proof of Concept (PoC) for a vulnerability in the Windows Common Log File System (CLFS) driver. The flaw, identified as CVE-2026-2636, allows low-privileged users to force a system into a Blue Screen of Death (BSoD), effectively causing a Denial of Service. Vulnerability Mechanism The discovery occurred while a researcher…
Steaelite RAT combines data theft and ransomware management capability in one tool

Feb 26, 2026 5:37 AM

Tags: access, android, attack, authentication, awareness, business, corporate, credentials, crypto, cybercrime, data, ddos, defense, encryption, endpoint, extortion, infection, infosec, malware, mobile, monitoring, password, phishing, ransomware, rat, remote-code-execution, theft, threat, tool, training, windows

CSO that this isn’t the most sophisticated RAT he’s seen. “The novel aspect here,” he said, “is the convergence. Steaelite bundles remote access, credential harvesting, data exfiltration, and ransomware (currently in development) in a single package.” Traditionally, he explained, these capabilities have occupied different parts of the cybercrime toolchain, but Steaelite unifies the functions, giving…
Microsoft gives Windows laggards the ‘gift of time’ wrapped in licensing fees

Feb 25, 2026 7:37 PM

Tags: microsoft, windows

With Server 2016 and other OSes for the chop, security fixes can continue to flow for a price First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/microsoft_windows_support/
Fake Zoom meeting leads to silent install of surveillance software

Feb 25, 2026 6:36 PM

Tags: computer, software, windows

Malwarebytes researchers have uncovered a fake (but convincing) Zoom meeting page that downloads surveillance software on Windows computers and tricks users into running it. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/fake-zoom-meeting-teramind-surveillance-software/
Optionales Februar-Update für Windows 11 – Speed-Test in der Taskleiste ist eine Browser-Weiterleitung

Feb 25, 2026 11:37 AM

Tags: microsoft, update, windows

Microsoft verteilt das optionale Februar-Update für Windows 11. Zu den Neuerungen zählt eine Speed-Test-Weiterleitung. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/optionales-februar-update-fuer-windows-11-speed-test-in-der-taskleiste-ist-eine-browser-weiterleitung.96299
Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool

Feb 25, 2026 9:37 AM

Tags: microsoft, network, tool, update, windows

Microsoft has released the KB5077241 optional cumulative update for Windows 11, which comes with 29 changes, including improvements to BitLocker, a new network speed test tool, and native System Monitor (Sysmon) functionality. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077241-update-improves-bitlocker-adds-sysmon-tool/
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware

Feb 25, 2026 8:37 AM

Tags: access, apache, attack, cve, cyber, exploit, lockbit, malicious, ransomware, threat, update, vulnerability, windows

Threat actors recently abused a critical Apache ActiveMQ vulnerability to gain deep access to a Windows environment, eventually deploying LockBit ransomware over RDP. The attack shows how failing to patch CVE-2023-46604 can give adversaries repeat access and time to turn an initial foothold into full-domain impact. The exploit loaded a malicious Java Spring bean configuration XML file,…
Cybercriminals Exploit Windows Management Instrumentation WMI to Maintain Stealthy Access and Silent Control

Feb 24, 2026 2:02 PM

Tags: access, control, cyber, cybercrime, exploit, infrastructure, malware, startup, strategy, windows

Windows Management Instrumentation (WMI) is a critical utility built into the Windows operating system designed to help administrators monitor status and automate routine tasks. However, cybercriminals have increasingly weaponized this legitimate infrastructure to maintain persistent access to compromised networks. Unlike traditional malware strategies that rely on visible startup folders or registry run keys, WMI abuse…
How to Setup Credentials for Windows to Use DigiCert KeyLocker SMCTL?

Feb 24, 2026 1:02 PM

Tags: credentials, software, tool, windows

Before you can securely sign software or automate code signing in your Windows environment, you will need to configure your credentials for DigiCert® KeyLocker and the Signing Manager Command-Line Tool (SMCTL). Your credentials create a trusted connection between your local signing tools and DigiCert ONE to ensure that only authorized users are able to access”¦…
Windows 365 for Agents brings managed cloud PCs to autonomous workflows

Feb 24, 2026 1:02 PM

Tags: access, ai, cloud, microsoft, windows

Microsoft’s Windows 365 for Agents is a cloud platform that gives AI agents secure access to cloud PCs. It lets builders run copilots, agents, and automated workflows in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/microsoft-windows-365-for-agents/
Microsoft extends security patching for three Windows products at a price

Feb 24, 2026 11:02 AM

Tags: iot, microsoft, update, windows

Support is ending for three Windows products released in 2016, with deadlines beginning in October 2026. Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/windows-extended-security-updates-program-deadlines/
Hackers Use Steganographic Images to Bypass Anti-Malware and Deploy Malware

Feb 24, 2026 10:01 AM

Tags: access, attack, cyber, hacker, malicious, malware, tool, windows

Hackers are abusing steganography in PNG images to smuggle a Pulsar Remote Access Trojan (RAT) into Windows systems through a malicious NPM package named buildrunner”‘dev. The attack starts with a typosquatted NPM package, buildrunner”‘dev, which impersonates the abandoned “buildrunner”/”build-runner” tools to catch developers who mistype or assume it is a maintained fork. Its package.json looks harmless but defines a postinstall hook…
The rise of the evasive adversary

Feb 24, 2026 8:01 AM

Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-day

Big game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…