Tag: windows
-
LNK Malware Leverages Legit Windows Files to Slip Past Defenses
In a recently observed campaign emerging from Israel, threat actors have revived the use of Windows shortcut (.LNK) files to deliver a potent Remote Access Trojan (RAT). These seemingly innocuous shortcut files exploit Living-off-the-Land Binaries (LOLBins) such as odbcconf.exe to silently register and execute malicious DLLs, evading security tools and complicating detection efforts. The attack…
-
Salesforce CLI Installer Flaw Lets Attackers Run Code and Gain SYSTEM-Level Access
A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges on Windows machines. Users who installed Salesforce CLI from untrusted sources may be at risk. The vulnerability stems from improper handling of file paths during installation, which can be abused…
-
Salesforce CLI Installer Flaw Lets Attackers Run Code and Gain SYSTEM-Level Access
A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges on Windows machines. Users who installed Salesforce CLI from untrusted sources may be at risk. The vulnerability stems from improper handling of file paths during installation, which can be abused…
-
Chrome High-severity Flaws Expose Sensitive Data, Trigger System Crashes
Google has released an urgent security update for its Chrome browser, addressing three high-severity vulnerabilities that could allow attackers to leak sensitive information and cause system instability. The latest Chrome version 140.0.7339.207/.208 for Windows and Mac, and 140.0.7339.207 for Linux, patches critical flaws in the V8 JavaScript engine that powers the browser’s web content processing.…
-
Microsoft Activation Script (MAS) versorgt Windows 10 weiterhin mit kostenlosen Updates
Das kostenlose Microsoft Activation Script (MAS) versorgt Windows 10 nach Supportende mit Updates. Das ist aber alles andere als legal. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/reverse-engineering/microsoft-activation-script-mas-versorgt-windows-10-weiterhin-mit-kostenlosen-updates-321041.html
-
Microsoft Activation Script (MAS) versorgt Windows 10 weiterhin mit kostenlosen Updates
Das kostenlose Microsoft Activation Script (MAS) versorgt Windows 10 nach Supportende mit Updates. Das ist aber alles andere als legal. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/reverse-engineering/microsoft-activation-script-mas-versorgt-windows-10-weiterhin-mit-kostenlosen-updates-321041.html
-
Microsoft Publishes Guide for Certificate-Based Authentication in Windows Admin Center
Microsoft has released comprehensive guidance for implementing certificate-based authentication in Windows Admin Center (WAC), providing administrators with enhanced security through smart card integration and Active Directory Certificate Services. This authentication method significantly strengthens access controls by requiring administrators to present valid certificates before accessing the management gateway, effectively adding a strong second authentication factor beyond…
-
Passwordless Authentication Options Available
Explore the landscape of passwordless authentication options, including Windows Hello, Microsoft Authenticator, FIDO2, and certificate-based methods. Enhance security and user experience. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/passwordless-authentication-options-available/
-
Windows 11 24H2 KB5064081 Update Causes Video Playback Issues
Microsoft’s latest Windows 11 update is causing significant problems for users trying to play protected video content. The KB5064081 update, released on August 29, 2025, has disrupted video playback functionality across multiple applications, leaving users frustrated with black screens and frozen content. Windows 11 24H2 update in progress showing copy dialog and progress bar at…
-
APT37 nutzt Rust-basierte Hintertür – Neue Backdoor in Windows-Systemen Angriffe laufen
First seen on security-insider.de Jump to article: www.security-insider.de/apt37-angriff-windows-systeme-rust-backdoor-rustonotto-a-99c3ae320d6ec45af493195af352652c/
-
Technical Analysis of Zloader Updates
Tags: access, attack, banking, cloud, communications, control, corporate, data, data-breach, detection, dns, encryption, malware, network, ransomware, strategy, threat, update, windowsIntroductionZloader (a.k.a. Terdot, DELoader, or Silent Night) is a Zeus-based modular trojan that emerged in 2015. Zloader was originally designed to facilitate banking, but has since been repurposed for initial access, providing an entry point into corporate environments for the deployment of ransomware. Following an almost two-year hiatus, Zloader reemerged in September 2023 with significant enhancements…
-
New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft’s Windows Error Reporting (WER) system. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-edr-freeze-tool-uses-windows-wer-to-suspend-security-software/
-
Microsoft lifts Windows 11 update block after face detection fix
Microsoft has removed a compatibility hold that prevented devices with integrated cameras from installing Windows 11 24H2 due to a face detection bug causing app freezes. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-11-safeguard-hold-after-fixing-face-detection-bug/
-
Neuer RemoteTrojaner ‘ZynorRAT” steuert Opfer per Telegram
Das Threat-Research-Team (TRT) von Sysdig hat mit eine neue Malware-Familie identifiziert. Der Remote-Access-Trojaner wurde in Go entwickelt, läuft auf Linux und Windows und wird über einen Telegram-Bot ferngesteuert. Erstmals tauchte am 8. Juli 2025 auf Virus-Total auf. Seither deuten Funde und Telemetriedaten auf Ursprünge in der Türkei hin. ist ein Fernzugriffswerkzeug (RAT), […] First seen…
-
BlackLock Ransomware Targets Windows, Linux, and VMware ESXi Systems
BlackLock, a rebranded ransomware group formerly known as El Dorado, has emerged as a formidable threat to organizations worldwide. First identified in June 2024 when its Dedicated Leak Site (DLS) began exposing victim data, the gang is believed to have been active since March 2024. The latest analysis by AhnLab Security Intelligence Center (ASEC) sheds…
-
Attackers Bypass Windows >>Mark of the Web<< Protections Using LNK-Stomping
A sophisticated attack technique calledLNK Stompingis enabling cybercriminals to bypass Windows security protections designed to block malicious files downloaded from the internet. The technique exploits a vulnerability in Windows shortcuts that was patched in September 2024 as CVE-2024-38217. Windows shortcuts, known as LNK files, have become increasingly popular attack vectors since Microsoft strengthened macro blocking…
-
Hackers Deploy New EDR-Freeze Tool to Disable Security Software
A security researcher has released a new tool that can temporarily disable endpoint detection and response (EDR) systems and antivirus software without requiring vulnerable drivers, marking a significant evolution in attack techniques targeting security solutions. Advanced Evasion Through Windows Components The tool, dubbed EDR-Freeze and developed by researcher TwoSevenOneT, exploits Windows Error Reporting functionality to suspend security…
-
Microsoft starts rolling out Gaming Copilot on Windows 11 PCs
Microsoft has begun rolling out the beta version of its AI-powered Gaming Copilot to Windows 11 systems for users aged 18 or older, excluding those in mainland China. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-starts-rolling-out-gaming-copilot-on-windows-11-pcs/
-
Microsoft thinks cloud PCs might be overkill, starts streaming just apps under Windows 365
As old-school virtual desktop player Omnissa distances itself further from VMware First seen on theregister.com Jump to article: www.theregister.com/2025/09/18/microsoft_cloud_apps_omnissa_update/
-
Steam will stop running on Windows 32-bit in January 2026
Valve has announced that its Steam digital distribution service will drop support for 32-bit versions of Windows starting January 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/steam-will-stop-running-on-windows-32-bit-in-january-2026/
-
HybridPetya ransomware bypasses Windows Secure Boot
First seen on csoonline.com Jump to article: https://www.csoonline.com/article/4059815/hybridpetya-ransomware-knackt-windows-secure-boot-2.html
-
Windows 11 Notepad to Receive AI Upgrade for Free Text Writing and Summarizing
Microsoft has announced a significant upgrade to Windows 11 Notepad, introducing powerful artificial intelligence features that will revolutionize how users create and edit text. The update brings AI-powered writing assistance directly to the classic text editor, offering capabilities previously available only in premium applications. Windows 11 Notepad now features AI-powered options like write, rewrite, and summarize accessible…
-
Windows 11 Notepad to Receive AI Upgrade for Free Text Writing and Summarizing
Microsoft has announced a significant upgrade to Windows 11 Notepad, introducing powerful artificial intelligence features that will revolutionize how users create and edit text. The update brings AI-powered writing assistance directly to the classic text editor, offering capabilities previously available only in premium applications. Windows 11 Notepad now features AI-powered options like write, rewrite, and summarize accessible…
-
Windows 10 und Office 2016/2019 ab Oktober 2025 sicher betreiben Teil 2
In Teil 1 hatte ich erwählt, dass Windows 10 22H2 und Microsoft Office 2016 sowie Microsoft Office 2019 zum 14. Oktober 2025 aus dem Support fallen. In Teil 2 möchte ich auf die Implikationen eingehen und auch aufzeigen, welche Optionen … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/19/windows-10-und-office-2016-2019-ab-oktober-2025-sicher-betreiben-teil-2/
-
Supportende für Windows 10 und Office 2016/2019 im Oktober 2025 Teil 1
Kurzer Hinweis für Benutzer von Windows 10 22H2 und Microsoft Office 2016 sowie Microsoft Office 2019. Microsoft hat kürzlich daran erinnert, dass der Support dieser Produkte zum 14. Oktober 2025 endet. An diesem Datum wird es letztmalig Sicherheitsupdates für Windows … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/18/supportende-fuer-windows-10-und-office-2016-2019-im-oktober-2025/
-
Notepad gets free AI features on Copilot+ PCs with Windows 11
Microsoft is adding free AI-powered text writing capabilities to Notepad for customers with Copilot+ PCs running Windows 11. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/notepad-gets-free-ai-features-on-copilot-plus-pcs-with-windows-11/
-
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems.”SilentSync is capable of remote command execution, file exfiltration, and screen capturing,” Zscaler ThreatLabz’s Manisha Ramcharan Prajapati and Satyam Singh said. “SilentSync also extracts First seen on…
-
Stealth in Plain Sight: Cryptojackers Hijack PowerShell and Windows Processes to Evade Detection
Darktrace researchers uncovered a sophisticated cryptojacking attempt using PowerShell scripts to inject NBMiner into Windows processes. Experts warn that modern cryptomining malware is more than a nuisance”, posing risks to productivity, data security, and energy costs while exploiting “living off the land” tactics to evade detection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/stealth-in-plain-sight-cryptojackers-hijack-powershell-and-windows-processes-to-evade-detection/
-
Windows Greenshot Vulnerability Lets Attackers Execute Malicious Code PoC Published
A critical security vulnerability in the popular Greenshot screenshot utility has been discovered that allows local attackers to execute arbitrary malicious code within the trusted application process. The vulnerability, tracked asCVE-2025-59050, affects Greenshot versions up to 1.3.300 and has been patched in version 1.3.301 released on September 16, 2025. Greenshot image editor interface showing capture…
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…