Tag: windows
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
-
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/eset-china-aligned-apt-group-policy/
-
Recent Windows updates break RemoteApp connections
Microsoft has confirmed that recent Windows updates trigger RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices in Azure Virtual Desktop environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-recent-updates-break-azure-virtual-desktop-remoteapp-sessions/
-
Critical Node.js Library Flaw Lets Hackers Execute Remote Commands on Windows
A severe command injection vulnerability has been discovered in systeminformation, a widely-used Node.js library for retrieving system information. The flaw, tracked as CVE-2025-68154, allows attackers to execute arbitrary commands on Windows systems when applications pass user input to the vulnerable function. The vulnerability exists in the fsSize() function, which retrieves disk space information but fails…
-
Microsoft warns MSMQ may fail after update, breaking apps
MSMQ becoming inactive;Internet Information Services (IIS) sites failing with “Insufficient resources to perform operation” errors;applications unable to write to queues;errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files;misleading log entries such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available.Affected are servers running…
-
When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk
A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.…
-
Microsoft Desktop Window Manager Flaw Allows Privilege Escalation
A critical vulnerability has been discovered in the Windows Desktop Window Manager (DWM) that could allow attackers to escalate privileges to system level. The flaw, tracked as CVE-2025-55681, resides in the dwmcore.dll component and was disclosed during the TyphoonPWN Windows security competition, where it earned second place recognition. The Vulnerability The vulnerability exists within the CBrushRenderingGraphBuilder::AddEffectBrush function in the DWM…
-
Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks
A new Moonwalk++ proof-of-concept (PoC) shows how malware can spoof Windows call stacks while staying encrypted in memory, bypassing modern EDR detection. The research highlights blind spots in stack-based telemetry increasingly relied on by enterprise defenders. “Public detection tools fail entirely to recognize the call stack tampering,” said the researcher. Moonwalk++ Shows the Limits of…
-
Microsoft asks admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
Santastealer: Weihnachtliche Windows-Malware meidet russische Systeme
Ein Malware-Entwickler eröffnet die Weihnachtssaison für Cyberkriminelle. Doch sein Santastealer ist längst nicht so gut, wie er verspricht. First seen on golem.de Jump to article: www.golem.de/news/amateurhafte-malware-santastealer-sammelt-weihnachtsgeschenke-fuer-cyberkriminelle-2512-203346.html
-
New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware
Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-fake-browser-install-darkgate-malware/
-
Microsoft asks IT admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
Microsoft asks IT admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
JumpCloud agent turns uninstall into a system shortcut
Full privilege escalation and denial of service: The vulnerability opens two primary exploitation vectors with significant operational impact: full privilege escalation to system level, and denial of service (DoS).By manipulating filesystem paths and leveraging race conditions, an attacker can redirect the uninstaller’s operations to delete or overwrite protected installer configuration targets, ultimately triggering techniques that…
-
Microsoft Will Finally Kill an Encryption Cipher That Enabled a Decade of Windows Hacks
The weak RC4 for administrative authentication has been a hacker holy grail for decades. First seen on wired.com Jump to article: www.wired.com/story/microsoft-will-finally-kill-an-encryption-cipher-that-enabled-a-decade-of-windows-hacks/
-
Windows 11 25H2: Administrator Protection-Schwachstelle CVE-2025-60718 ungefixt?
Die neu in Windows 11 ab 25H2 eingeführte Funktion “Administrator Protection” hatte eine Elevation of Privilege-Schwachstelle CVE-2025-60718, die angeblich zum 11. November 2025 geschlossen wurde. Nun gibt es den Hinweis, dass dieser Patch unvollständig ist und die EoP-Schwachstelle weiterhin ausgenutzt … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/17/windows-11-24h2-25h2-administrator-protection-schwachstelle-cve-2025-60718-ungefixt/
-
Windows 11 25H2: Administrator Protection-Schwachstelle CVE-2025-60718 ungefixt?
Die neu in Windows 11 ab 25H2 eingeführte Funktion “Administrator Protection” hatte eine Elevation of Privilege-Schwachstelle CVE-2025-60718, die angeblich zum 11. November 2025 geschlossen wurde. Nun gibt es den Hinweis, dass dieser Patch unvollständig ist und die EoP-Schwachstelle weiterhin ausgenutzt … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/17/windows-11-24h2-25h2-administrator-protection-schwachstelle-cve-2025-60718-ungefixt/
-
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT
Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windowsIntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
-
New Moonwalk++ PoC Demonstrates How Malware Can Forge Windows Call Stacks to Evade Detection
Security researchers have unveiled a dangerous new technique that allows malware to completely hide its tracks by faking Windows call stacks a method designed to bypass modern endpoint detection systems. The technique, called Moonwalk++, extends previous research on Stack Moonwalking and demonstrates a critical vulnerability in how security tools validate whether malware is calling sensitive…
-
New Moonwalk++ PoC Demonstrates How Malware Can Forge Windows Call Stacks to Evade Detection
Security researchers have unveiled a dangerous new technique that allows malware to completely hide its tracks by faking Windows call stacks a method designed to bypass modern endpoint detection systems. The technique, called Moonwalk++, extends previous research on Stack Moonwalking and demonstrates a critical vulnerability in how security tools validate whether malware is calling sensitive…
-
Chrome Security Update Fixes Remote Code Execution Flaws
Tags: browser, chrome, cyber, flaw, google, linux, remote-code-execution, update, vulnerability, windowsGoogle has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks. The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.”‹ Critical Vulnerabilities Patched The update fixes two significant security flaws reported by external security researchers. The first…
-
New Moonwalk++ PoC Demonstrates How Malware Can Forge Windows Call Stacks to Evade Detection
Security researchers have unveiled a dangerous new technique that allows malware to completely hide its tracks by faking Windows call stacks a method designed to bypass modern endpoint detection systems. The technique, called Moonwalk++, extends previous research on Stack Moonwalking and demonstrates a critical vulnerability in how security tools validate whether malware is calling sensitive…
-
Code Execution in Jupyter Notebook Exports
After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and networks. Executive Summary We identified a new way external Jupyter notebooks could……
-
Code Execution in Jupyter Notebook Exports
After our research on Cursor, in the context of developer-ecosystem security, we turn our attention to the Jupyter ecosystem. We expose security risks we identified in the notebook’s export functionality, in the default Windows environment, to help organizations better protect their assets and networks. Executive Summary We identified a new way external Jupyter notebooks could……
-
Microsoft to Kill RC4 in Kerberos by 2026
Kerberos Overhaul Will Disable RC4 by Default in Windows. Microsoft will disable RC4 by default in Windows Kerberos, pushing organizations to uncover and eliminate longstanding cryptographic weaknesses hidden in legacy authentication systems – particularly within large domains where fallback to RC4 has quietly persisted for decades. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/microsoft-to-kill-rc4-in-kerberos-by-2026-a-30304
-
JumpCloud Windows Agent Flaw Enables Local Privilege Escalation
A flaw in JumpCloud Remote Assist for Windows has exposed managed endpoints to local privilege escalation and denial-of-service attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/jumpcloud-windows-agent-flaw/
-
Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware
A fake Leonardo DiCaprio movie torrent is spreading Agent Tesla malware through trusted Windows tools The post Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-leonardo-dicaprio-torrent-malware/