Tag: windows
-
Sweet Security Brings Runtime-CNAPP Power to Windows
Tags: windowsTel Aviv, Israel, 29th October 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/sweet-security-brings-runtime-cnapp-power-to-windows/
-
Microsoft fixes 0x800F081F errors causing Windows update failures
Microsoft has resolved a known issue that caused Windows updates to fail, leading to 0x800F081F errors on Windows 11 24H2 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-0x800f081f-errors-causing-windows-update-failures/
-
Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics
Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
-
Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics
Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
-
New ‘Gentlemen’ RaaS Appears on Hacking Forums, Targeting Windows, Linux and ESXi
Threat intelligence researchers have identified a new ransomware-as-a-service (RaaS) operation called The Gentlemen’s RaaS, being actively recruited on underground hacking forums by an operator using the handle zeta88. The cross-platform threat represents a significant evolution in ransomware capabilities, offering attackers specialized encryption lockers for Windows, Linux, and ESXi systems coded in both Go and C…
-
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
-
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
-
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) and Manufacturing Execution System (MES) platform.…
-
Gunra Ransomware Targets Windows and Linux with Dual Encryption
The cybersecurity landscape continues to face persistent threats from emerging ransomware groups, with Gunra representing a significant concern since its emergence in April 2025. This threat actor has launched systematic attacks across multiple industries and geographic regions, including documented incidents in Korea. What makes Gunra particularly noteworthy is its dual-platform capability”, the group distributes separate…
-
CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker’s chief executive blamed a government customer for getting caught. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/
-
Windows 11 KB5067036 update rolls out Administrator Protection feature
Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5067036-update-rolls-out-administrator-protection-feature/
-
Warnings Mount Over Windows Server Update Services Hacks
Thousands of Windows Server Update Services Observed Online. Warnings over hackers exploiting a Windows Server Update have compounded since Microsoft rushed out a patch Friday against a flaw allowing unauthenticated attackers to execute arbitrary code. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/warnings-mount-over-windows-server-update-services-hacks-a-29869
-
Qilin ransomware abuses WSL to run Linux encryptors in Windows
The Qilin ransomware operation was spotted executing Linux encryptors in Windows using Windows Subsystem for Linux (WSL) to evade detection by traditional security tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/qilin-ransomware-abuses-wsl-to-run-linux-encryptors-in-windows/
-
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/google-threat-researchers-probe-exploitation-critical-cve-wsus/803985/
-
Docker mit Sicherheitslücke CVE-2025-9164: Warum eine manuelle Installation empfehlenswert ist
Docker mit Sicherheitslücke. Docker Desktop ist unter Windows bis Version 4.48.0 von einer DLL-Hijacking-Sicherheitslücke betroffen. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/cyberangriffe/docker-mit-sicherheitsluecke-cve-2025-9164-warum-eine-manuelle-installation-empfehlenswert-ist-322257.html
-
Anivia Stealer Peddled on Dark Web with UAC Bypass
A newly advertised information-stealing malware called Anivia Stealer has surfaced on the dark web, with threat actor ZeroTrace aggressively promoting the C++17-based infostealer as a commercial malware-as-a-service offering. The malware implements sophisticated privilege escalation capabilities, including automatic User Account Control (UAC) bypass functionality, making it a significant threat to Windows-based systems across multiple operating system…
-
Anivia Stealer Peddled on Dark Web with UAC Bypass
A newly advertised information-stealing malware called Anivia Stealer has surfaced on the dark web, with threat actor ZeroTrace aggressively promoting the C++17-based infostealer as a commercial malware-as-a-service offering. The malware implements sophisticated privilege escalation capabilities, including automatic User Account Control (UAC) bypass functionality, making it a significant threat to Windows-based systems across multiple operating system…
-
Attackers bypass patch in deprecated Windows Server update tool
Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-windows-server-update-services-vulnerability-exploited-attacks/
-
Windows will soon prompt for memory scans after BSOD crashes
Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-will-soon-prompt-for-memory-scans-after-bsod-crashes/
-
Windows Server Update Service (WSUS) remote code execution vulnerability (CVE-2025-59287)
Technical details CVE-2025-59287 is an unsafe deserialization vulnerability in the WSUS reporting component. In short, WSUS accepts serialized data from a network request and deserializes it without performing sufficient validation. A specially crafted serialized payload can cause unexpected object instantiation during deserialization, which in turn can be abused to execute code inside the WSUS process.”¦…
-
QNAP warns of critical ASP.NET flaw in its Windows backup software
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/qnap-warns-its-windows-backup-software-is-also-affected-by-critical-aspnet-flaw/
-
Qilin Targets Windows Hosts With Linux-Based Ransomware
The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/qilin-targets-windows-hosts-linux-based-ransomware
-
CISA orders feds to patch Windows Server WSUS flaw used in attacks
Tags: attack, cisa, cybersecurity, exploit, flaw, government, infrastructure, service, update, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/
-
CISA orders feds to patch Windows Server WSUS flaw used in attacks
Tags: attack, cisa, cybersecurity, exploit, flaw, government, infrastructure, service, update, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) ordered U.S. government agencies to patch a critical-severity Windows Server Update Services (WSUS) vulnerability after adding it to its catalog of security flaws exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-windows-server-wsus-flaw-exploited-in-attacks/
-
CISA releases warning about Windows Server Update Service bug, orders agencies to patch
A “prior update did not fully mitigate” a flaw in Windows Server Update Service, CISA said in an alert to federal agencies and businesses First seen on therecord.media Jump to article: therecord.media/wsus-vulnerability-cisa-late-friday-warning
-
New EDR-Redir Tool Bypasses EDRs by Exploiting Bind Filter and Cloud Filter Driver
Cybersecurity researchers have developed a sophisticated new tool called EDR-Redir that can bypass Endpoint Detection and Response (EDR) systems by exploiting Windows’ Bind Filter and Cloud Filter drivers. This technique represents a significant advancement in evasion methods that operate entirely in user mode without requiring kernel privileges. The Windows Bind Link feature, introduced in Windows…
-
Cross-platform ransomware: Qilin weaponizes Linux binaries against Windows hosts
Tags: access, backup, cio, ciso, control, credentials, defense, detection, exploit, healthcare, identity, infrastructure, linux, monitoring, network, ransomware, threat, tool, windowsFixing the gaps : Threat actors are now exploiting legitimate IT tools and hybrid infrastructures to quietly sidestep conventional defenses, calling for CISOs to rethink security strategies.Mehta added that when Linux binaries execute on Windows through a remote tool, your Windows-only detections won’t save.He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver…
-
Cross-platform ransomware: Qilin weaponizes Linux binaries against Windows hosts
Tags: access, backup, cio, ciso, control, credentials, defense, detection, exploit, healthcare, identity, infrastructure, linux, monitoring, network, ransomware, threat, tool, windowsFixing the gaps : Threat actors are now exploiting legitimate IT tools and hybrid infrastructures to quietly sidestep conventional defenses, calling for CISOs to rethink security strategies.Mehta added that when Linux binaries execute on Windows through a remote tool, your Windows-only detections won’t save.He added, Agenda Ransomware exploits Windows-centric assumptions, under-protected RMM tools, and neglected driver…
-
Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD
Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research found that the Qilin ransomware group (aka Agenda) used a Linux ransomware binary on Windows systems via legitimate remote tools, bypassing Windows defenses and EDRs. The cross-platform method enables stealthy attacks, stealing backup credentials…