Tag: windows

Ransomware IAB abuses EDR for stealthy malware execution

Dec 9, 2025 5:32 PM

Tags: access, edr, malware, microsoft, ransomware, windows

An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul

Dec 9, 2025 4:32 PM

Tags: microsoft, windows

At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul

Dec 9, 2025 4:32 PM

Tags: microsoft, windows

At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push

Dec 9, 2025 2:32 PM

Tags: microsoft, update, windows

The release targets the Windows Recovery Environment and plays a major role in how systems recover from boot failures. The post Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-update-dec-2025/
Ergänzung zur Sicherung, kein Ersatz für Backup – Windows Backup for Organizations beschleunigt die Wiederherstellung

Dec 9, 2025 11:32 AM

Tags: backup, windows

First seen on security-insider.de Jump to article: www.security-insider.de/windows-backup-for-organizations-wiederherstellung-a-dda9067a7615ef04e083611b803ec803/
ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings

Dec 8, 2025 10:33 PM

Tags: browser, chrome, windows

ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings. First seen on hackread.com Jump to article: hackread.com/chrimerawire-trojan-fakes-chrome-search-activity/
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites

Dec 8, 2025 7:33 PM

Tags: attack, control, hacker, rat, threat, windows

Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access. First seen on hackread.com Jump to article: hackread.com/jssmuggler-netsupport-rat-infected-sites/
New Splunk Windows Flaw Enables Privilege Escalation Attacks

Dec 8, 2025 5:32 PM

Tags: attack, flaw, windows

Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions. Learn how to fix it. The post New Splunk Windows Flaw Enables Privilege Escalation Attacks appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-splunk-windows-flaw-dec-2025/
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks

Dec 8, 2025 1:32 PM

Tags: attack, china, cyber, cyberespionage, group, linux, supply-chain, technology, threat, windows

The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks

Dec 8, 2025 1:32 PM

Tags: attack, china, cyber, cyberespionage, group, linux, supply-chain, technology, threat, windows

The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks

Dec 8, 2025 1:32 PM

Tags: attack, china, cyber, cyberespionage, group, linux, supply-chain, technology, threat, windows

The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2

Dec 8, 2025 10:32 AM

Tags: microsoft, windows

The timing of this upgrade push comes during a wave of reported Windows issues. The post Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows11-25h2/
Offensive security takes center stage in the AI era

Dec 8, 2025 8:32 AM

Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows

Red teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
Offensive security takes center stage in the AI era

Dec 8, 2025 8:32 AM

Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows

Red teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
New Splunk Windows Flaw Enables Privilege Escalation Attacks

Dec 5, 2025 11:32 PM

Tags: attack, flaw, windows

A Splunk Windows flaw lets local users overwrite protected files and escalate to SYSTEM. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/new-splunk-windows-flaw-enables-privilege-escalation-attacks/
Hardening browser security with zero-trust controls

Dec 5, 2025 6:32 PM

Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust

1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…
MuddyWater Hackers Use UDPGangster Backdoor to Bypass Network Defenses on Windows

Dec 5, 2025 4:32 PM

Tags: backdoor, cyber, defense, espionage, group, hacker, intelligence, network, social-engineering, tactics, threat, windows

The MuddyWater threat group has escalated its cyber espionage operations by deploying UDPGangster, a sophisticated UDP-based backdoor designed to infiltrate Windows systems while systematically evading traditional network defenses. Recent intelligence gathered by FortiGuard Labs reveals coordinated campaigns targeting high-value victims across Turkey, Israel, and Azerbaijan, employing social engineering tactics paired with advanced anti-analysis techniques that…
Google Rolls Out Chrome 143 Update for Billions Worldwide

Dec 5, 2025 4:32 PM

Tags: browser, chrome, flaw, google, linux, macOS, update, vulnerability, windows

Chrome 143 fixes 13 security vulnerabilities, including four high-severity flaws, in a December desktop update rolling out to Windows, macOS, and Linux users. The post Google Rolls Out Chrome 143 Update for Billions Worldwide appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-143-update-13-security-fixes/
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access

Dec 5, 2025 2:32 PM

Tags: access, attack, cyber, cybersecurity, hacker, malware, threat, tool, windows

The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access

Dec 5, 2025 2:32 PM

Tags: access, attack, cyber, cybersecurity, hacker, malware, threat, tool, windows

The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

Dec 5, 2025 10:32 AM

Tags: access, backdoor, china, cisa, cybersecurity, hacker, infrastructure, threat, vmware, windows

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People’s Republic of China (PRC) to maintain long-term persistence on compromised systems.”BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments,” the agency said. “…
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems

Dec 5, 2025 7:32 AM

Tags: advisory, china, cisa, cyber, cybersecurity, hacker, infrastructure, malware, tool, vmware, windows

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems

Dec 5, 2025 7:32 AM

Tags: advisory, china, cisa, cyber, cybersecurity, hacker, infrastructure, malware, tool, vmware, windows

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.
Windows 11: Microsoft schließt stillschweigend LNK-Schwachstelle CVE-2025-9491

Dec 5, 2025 1:32 AM

Tags: cve, microsoft, update, vulnerability, windows

Seit Ende August 2025 ist eine LNK-File-Schwachstelle (CVE-2025-9491) bekannt. Diese lässt sich unter Windows für eine Remote Code-Ausführung missbrauchen. Microsoft wollte erst keinen Patch bereitstellen, hat dann aber doch was per Update getan. 0patch hatte bereits seit Monaten einen Micropatch … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/03/microsoft-schliesst-stillschweigend-lnk-schwachstelle-cve-2025-9491/
Breach Roundup: React Flaw Incites Supply Chain Risk

Dec 4, 2025 11:32 PM

Tags: breach, defense, finance, flaw, group, microsoft, north-korea, risk, supply-chain, wifi, windows

Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for ‘Evil Twin’ Hack. This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth’s Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi evil twin crimes. The US FTC will send $15.3 million to Avast users. A London…
Windows shortcuts’ use as a vector for malware may be cut short

Dec 4, 2025 4:32 PM

Tags: cve, cvss, malicious, malware, microsoft, powershell, update, vulnerability, windows

Windows shortcut files (.lnk) have long been a convenient hiding place for attackers because Windows Explorer only displayed the first 260 characters of the command in a shortcut’s properties. Anything appended after a long string of spaces stayed invisible to the user.The issue is tracked as CVE-2025-9491, with security analysts assigning a high-severity CVSS rating…
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse

Dec 4, 2025 4:32 PM

Tags: espionage, flaw, malicious, microsoft, mitigation, update, windows

Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files First seen on theregister.com Jump to article: www.theregister.com/2025/12/04/microsoft_lnk_bug_fix/
Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections

Dec 4, 2025 1:32 PM

Tags: browser, chrome, credentials, crypto, cyber, malware, service, theft, vpn, windows

A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows, Sryxen targets browser secrets, Discord tokens, VPNs, social accounts, and crypto wallets, then exfiltrates everything to its…
Vim for Windows Flaw Lets Attackers Execute Arbitrary Code

Dec 4, 2025 1:32 PM

Tags: cve, cyber, flaw, malicious, vulnerability, windows

A high security vulnerability has been discovered in Vim for Windows that could allow attackers to run malicious code on affected systems. The flaw, tracked as CVE-2025-66476, affects Vim versions earlier than 9.1.1947 and received a high severity rating due to its serious implications for Windows users. Attribute Details CVE ID CVE-2025-66476 Product Vim for…
Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections

Dec 4, 2025 1:32 PM

Tags: browser, chrome, credentials, crypto, cyber, malware, service, theft, vpn, windows

A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows, Sryxen targets browser secrets, Discord tokens, VPNs, social accounts, and crypto wallets, then exfiltrates everything to its…