Tag: windows

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

Dec 10, 2025 11:32 AM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windows

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-6218 is a WinRAR directory traversal flaw (formerly…
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

Dec 10, 2025 11:32 AM

Tags: exploit, microsoft, office, powershell, update, vulnerability, windows, zero-day

Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Exchange Server, Azure, Copilot, PowerShell, and Windows Defender. Three vulnerabilities are rated Critical, while the rest are…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Dec 10, 2025 11:32 AM

Tags: exploit, flaw, microsoft, vulnerability, windows, zero-day

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the…
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Dec 10, 2025 11:32 AM

Tags: exploit, flaw, microsoft, vulnerability, windows, zero-day

Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild.Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two other defects are listed as publicly known at the time of the…
Jetzt patchen: Attacken auf Windows-Geräte beobachtet

Dec 10, 2025 9:33 AM

Tags: bug, windows

Angreifer bedienen sich einer Sicherheitslücke, um auf fremden Windows-Geräten Systemrechte zu erlangen. Nutzer sollten handeln. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-attacken-auf-windows-geraete-beobachtet-2512-203079.html
Jetzt patchen: Attacken auf Windows-Geräte beobachtet

Dec 10, 2025 9:33 AM

Tags: bug, windows

Angreifer bedienen sich einer Sicherheitslücke, um auf fremden Windows-Geräten Systemrechte zu erlangen. Nutzer sollten handeln. First seen on golem.de Jump to article: www.golem.de/news/jetzt-patchen-attacken-auf-windows-geraete-beobachtet-2512-203079.html
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Patchday: Windows 10/11 Updates (9. Dezember 2025)

Dec 10, 2025 12:32 AM

Tags: microsoft, update, vulnerability, windows

Am 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 (mit ESU-Lizenz) und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-10-11-updates-9-dezember-2025/
Patchday: Windows Server-Updates (9. Dezember 2025)

Dec 10, 2025 12:32 AM

Tags: update, windows

Zum 9. Dezember 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen (von Windows Server 2012 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/10/patchday-windows-server-updates-9-dez/
Microsoft Security Update Summary (9. Dezember 2025)

Dec 9, 2025 11:32 PM

Tags: microsoft, office, update, vulnerability, windows, zero-day

Microsoft hat am 9. Dezember 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 56 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert und wird ausgenutzt. Nachfolgend findet sich ein kompakter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/microsoft-security-update-summary-9-dezember-2025/
Windows PowerShell now warns when running Invoke-WebRequest scripts

Dec 9, 2025 10:33 PM

Tags: microsoft, powershell, windows

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/
Microsoft releases Windows 10 KB5071546 extended security update

Dec 9, 2025 9:33 PM

Tags: microsoft, update, vulnerability, windows, zero-day

Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/
Windows 11 KB5072033 & KB5071417 cumulative updates released

Dec 9, 2025 8:33 PM

Tags: microsoft, update, vulnerability, windows

Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/
Ransomware IAB abuses EDR for stealthy malware execution

Dec 9, 2025 5:32 PM

Tags: access, edr, malware, microsoft, ransomware, windows

An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul

Dec 9, 2025 4:32 PM

Tags: microsoft, windows

At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul

Dec 9, 2025 4:32 PM

Tags: microsoft, windows

At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push

Dec 9, 2025 2:32 PM

Tags: microsoft, update, windows

The release targets the Windows Recovery Environment and plays a major role in how systems recover from boot failures. The post Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-update-dec-2025/
Ergänzung zur Sicherung, kein Ersatz für Backup – Windows Backup for Organizations beschleunigt die Wiederherstellung

Dec 9, 2025 11:32 AM

Tags: backup, windows

First seen on security-insider.de Jump to article: www.security-insider.de/windows-backup-for-organizations-wiederherstellung-a-dda9067a7615ef04e083611b803ec803/
ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings

Dec 8, 2025 10:33 PM

Tags: browser, chrome, windows

ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings. First seen on hackread.com Jump to article: hackread.com/chrimerawire-trojan-fakes-chrome-search-activity/
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites

Dec 8, 2025 7:33 PM

Tags: attack, control, hacker, rat, threat, windows

Securonix Threat Research details the complex JS#SMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access. First seen on hackread.com Jump to article: hackread.com/jssmuggler-netsupport-rat-infected-sites/
New Splunk Windows Flaw Enables Privilege Escalation Attacks

Dec 8, 2025 5:32 PM

Tags: attack, flaw, windows

Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions. Learn how to fix it. The post New Splunk Windows Flaw Enables Privilege Escalation Attacks appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-splunk-windows-flaw-dec-2025/
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks

Dec 8, 2025 1:32 PM

Tags: attack, china, cyber, cyberespionage, group, linux, supply-chain, technology, threat, windows

The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks

Dec 8, 2025 1:32 PM

Tags: attack, china, cyber, cyberespionage, group, linux, supply-chain, technology, threat, windows

The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang
OceanLotus Targets Xinchuang Ecosystem with Sophisticated Supply Chain Attacks

Dec 8, 2025 1:32 PM

Tags: attack, china, cyber, cyberespionage, group, linux, supply-chain, technology, threat, windows

The advanced persistent threat (APT) group known as OceanLotus (APT32) has been observed launching a sophisticated cyberespionage campaign specifically targeting China’s >>Xinchuang