Tag: windows
-
Patchday: Windows Server-Updates (9. Dezember 2025)
Zum 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-server-updates-9-dez/
-
Patchday: Windows 10/11 Updates (9. Dezember 2025)
Am 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 (mit ESU-Lizenz) und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-10-11-updates-9-dezember-2025/
-
Microsoft Security Update Summary (9. Dezember 2025)
Microsoft hat am 9. Dezember 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 56 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert und wird ausgenutzt. Nachfolgend findet sich ein kompakter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/microsoft-security-update-summary-9-dezember-2025/
-
Windows PowerShell now warns when running Invoke-WebRequest scripts
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/
-
Microsoft releases Windows 10 KB5071546 extended security update
Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/
-
Windows 11 KB5072033 & KB5071417 cumulative updates released
Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/
-
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/
-
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul
At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
-
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul
At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
-
Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push
The release targets the Windows Recovery Environment and plays a major role in how systems recover from boot failures. The post Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-update-dec-2025/
-
Ergänzung zur Sicherung, kein Ersatz für Backup – Windows Backup for Organizations beschleunigt die Wiederherstellung
First seen on security-insider.de Jump to article: www.security-insider.de/windows-backup-for-organizations-wiederherstellung-a-dda9067a7615ef04e083611b803ec803/
-
ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings
ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings. First seen on hackread.com Jump to article: hackread.com/chrimerawire-trojan-fakes-chrome-search-activity/
-
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access. First seen on hackread.com Jump to article: hackread.com/jssmuggler-netsupport-rat-infected-sites/
-
New Splunk Windows Flaw Enables Privilege Escalation Attacks
Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions. Learn how to fix it. The post New Splunk Windows Flaw Enables Privilege Escalation Attacks appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-splunk-windows-flaw-dec-2025/
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks
The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
-
Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2
The timing of this upgrade push comes during a wave of reported Windows issues. The post Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows11-25h2/
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
New Splunk Windows Flaw Enables Privilege Escalation Attacks
A Splunk Windows flaw lets local users overwrite protected files and escalate to SYSTEM. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/new-splunk-windows-flaw-enables-privilege-escalation-attacks/
-
Hardening browser security with zero-trust controls
Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…
-
Google Rolls Out Chrome 143 Update for Billions Worldwide
Chrome 143 fixes 13 security vulnerabilities, including four high-severity flaws, in a December desktop update rolling out to Windows, macOS, and Linux users. The post Google Rolls Out Chrome 143 Update for Billions Worldwide appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-143-update-13-security-fixes/
-
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
-
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
-
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems.”BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. “…
-
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.