Tag: windows
-
WatchGuard VPN Client Flaw on Windows Enables SYSTEM”‘Level Command Execution
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands with the highest available privileges on a compromised machine. The vulnerability is tracked as NCPVE-2025-0626 (WatchGuard Advisory…
-
Microsoft to Integrate Sysmon Threat Detection Natively into Windows 11
Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (Dev Channel) on February 3, 2026, this update embeds the popular Sysinternals tool directly into the operating system’s optional features.…
-
Attackers Use Windows Screensavers to Drop Malware, RMM Tools
By tapping the unusual .scr file type, attackers leverage executables that don’t always receive executable-level controls, one researcher noted. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/attackers-use-screensavers-drop-malware-rmm-tools
-
Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms
Microsoft confirms a Windows bug preventing some PCs from shutting down or hibernating after January 2026 updates. A fix is still pending. The post Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-shutdown-bug-secure-launch-vsm/
-
Microsoft rolls out native Sysmon monitoring in Windows 11
Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-native-windows-11-sysmon-security-monitoring/
-
Russian hackers exploited a critical Office bug within days of disclosure
One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
-
Zero trust in practice: A deep technical dive into going fully passwordless in hybrid enterprise environments
Tags: access, attack, authentication, backup, breach, business, cloud, compliance, credentials, cybersecurity, data, endpoint, group, Hardware, identity, infrastructure, lessons-learned, network, password, phishing, phone, risk, service, technology, update, windows, zero-trustArchitecture decisions: Hybrid authentication flows and Windows Hello for Business: Once your prerequisites are in place, you face critical architectural decisions that will shape your deployment for years to come. The primary decision point is whether to use Windows Hello for Business, FIDO2 security keys or phone sign-in as your primary authentication mechanism.In my experience,…
-
Chrome Flaws Enable Arbitrary Code Execution and System Crashes
Google has released a new Stable Channel update for Chrome (version 144.0.7559.132/.133) on February 3, 2026, addressing two high”‘severity vulnerabilities that could allow attackers to execute arbitrary code or cause system crashes. The update is rolling out gradually for Windows, macOS, and Linux users. According to Google’s security advisory, both vulnerabilities were discovered recently and could be exploited…
-
Microsoft Takes Major Security Step by Disabling NTLM Authentication by Default
Microsoft is making a significant move to strengthen Windows security by phasing out NTLM (New Technology LAN Manager). This legacy authentication protocol has been part of Windows for over 30 years. The company plans to disable NTLM by default in upcoming Windows releases, replacing it with more secure Kerberos-based alternatives. NTLM is an old authentication…
-
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tags: advisory, attack, backdoor, china, credentials, cve, cyber, cybercrime, defense, espionage, government, group, Hardware, infrastructure, malware, ransomware, security-incident, service, software, supply-chain, threat, update, vulnerability, windowsThreat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes. Key takeaways: Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates. The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security…
-
Compromise of Notepad++ Equals Software Supply Chain Fallout
Tags: attack, backdoor, china, exploit, group, infrastructure, open-source, software, supply-chain, vulnerability, windowsHacked Infrastructure Delivered Chinese Nation-State Group’s Backdoor, Experts Warn. The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors. First seen on…
-
New Microsoft Update Improves Windows Sign-In Experience
Windows 11’s optional KB5074105 update fixes the missing password icon bug linked to August 29, 2025’s KB5064081 and delivers 32 improvements. The post New Microsoft Update Improves Windows Sign-In Experience appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-stability-patch/
-
Cyberrisiko Ruhestand
Wenn OT-Fachkräfte in den Ruhestand gehen, droht ein massiver Wissensverlust. Das kann erhebliche Folgen für die Cybersicherheit haben.Zwar stellen Cyberkriminelle und staatlich unterstützte Angreifer gerade für den Industriesektor eine enorme und steigende Gefahr dar. Dennoch besteht die größte Bedrohung derzeit im mangelnden Wissenstransfer, was OT-Sicherheit und -Organisation (Operational Technology) angeht. Das Hauptproblem sind vertrauenswürdige Mitarbeiter,…
-
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-react-native-metro-bug-to-breach-dev-systems/
-
Open-Source-Alternative zu WSUS für Windows, Linux und macOS – Nach dem WSUS-Ende wird OPSI zur kostenlosen Alternative
First seen on security-insider.de Jump to article: www.security-insider.de/opsi-wsus-alternative-open-source-a-d6d2a3f7544135385bfbec3a62fe7bae/
-
Nach Monaten gefixt: Verschwundener Passwortin unter Windows 11
Schon seit August 2025 behindert ein nerviger Bug unter Windows 11 die Anmeldung mit einem Passwort. Einen Fix liefert Microsoft erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/nach-monaten-gefixt-windows-11-und-der-verschwundene-passwort-log-in-2602-204922.html
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Zero-Trust Policy Enforcement via Kyber-Encapsulated Context Windows
Learn how to secure Model Context Protocol (MCP) deployments using Kyber-encapsulated context windows and zero-trust policy enforcement for post-quantum security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/zero-trust-policy-enforcement-via-kyber-encapsulated-context-windows/
-
Pulsar RAT Targets Windows Systems via Per-User Run Key, Exfiltrates Sensitive Data
A sophisticated multi-stage malware campaign leveraging living-off-the-land techniques and in-memory payload delivery has been discovered targeting Windows systems. The attack employs Pulsar RAT, a full-featured remote access trojan combined with advanced stealer capabilities, using evasion techniques designed to bypass traditional security controls and maintain persistent access. The infection chain begins with a hidden batch file…
-
January update shutdown bug affects more Windows PCs
Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-january-update-shutdown-bug-affects-more-windows-pcs/
-
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options.The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks…
-
This stealthy Windows RAT holds live conversations with its operators
Tags: access, data, detection, injection, malware, mitigation, monitoring, powershell, rat, reverse-engineering, theft, windowsRAT capabilities and stealer functionality: The .NET payload implements a remote access trojan that allows operators to interact directly with compromised systems. Unlike many commodity RATs that rely on periodic check-ins, this malware supports live command handling, enabling attackers to issue instructions and receive responses in near real-time.This interactive design allows operators to perform reconnaissance,…
-
Microsoft sets a path to switch off NTLM across Windows
Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/microsoft-windows-ntlm-disabling/
-
Microsoft fixes bug causing password sign-in option to disappear
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-password-sign-in-option-to-disappear/
-
Update-Panne bei Microsoft: Auch Windows-10-Systeme lassen sich nicht runterfahren
Einige Windows-11-Systeme haben seit dem Januar-Patchday Probleme mit dem Shutdown. Jetzt gesteht Microsoft: Auch Windows 10 ist betroffen. First seen on golem.de Jump to article: www.golem.de/news/update-panne-bei-microsoft-auch-windows-10-systeme-lassen-sich-nicht-runterfahren-2602-204870.html
-
Optionales Januar Windows 11 erhält kleinere Neuerungen und Fehlerbehebungen
Das optionale Januar-Update für Windows 11 25H2 und 24H2 beinhaltet kleinere Neuerungen und behebt einige Fehler. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/optionales-januar-update-windows-11-erhaelt-kleinere-neuerungen-und-fehlerbehebungen.95989