Tag: windows
-
Windows 11: Microsoft testet freie Datumswahl für Updates
Microsoft testet unter Windows 11 eine Kalender-Auswahl für Update-Pausen. Ab Mai 2026 soll zudem Hotpatching störende Neustarts minimieren. First seen on golem.de Jump to article: www.golem.de/news/windows-11-microsoft-testet-freie-datumswahl-fuer-updates-2604-207525.html
-
âš¡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet…
-
Hackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows Attacks
Cyber attackers are increasingly using Living Off the Land Binaries (LOLBins) to bypass security detection. By leveraging legitimate system tools, these attacks avoid signature-based defenses and operate without dropping traditional malware files. One such LOLBin now gaining attention is MSBuild.exe, a native Windows development tool signed by Microsoft. Originally designed to build and run C# code from XML-based…
-
Kein Fix erwartet: Uhr auf Windows-Sperrbildschirm geht absichtlich nach
Die Uhrzeit auf dem Lockscreen von Windows aktualisiert sich teilweise verzögert. Microsoft will daran nichts ändern. Das Verhalten sei beabsichtigt. First seen on golem.de Jump to article: www.golem.de/news/kein-fix-erwartet-uhr-auf-windows-sperrbildschirm-geht-absichtlich-nach-2604-207497.html
-
Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader
Adobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating from the company. Designated as CVE-2026-34621, this vulnerability is an Improperly Controlled Modification of Object…
-
Week in review: Windows zero-day exploit leaked, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cloudflare moves up its post-quantum deadline as researchers narrow the path … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/12/week-in-review-windows-zero-day-exploit-leaked-patch-tuesday-forecast/
-
Google Locks Chrome Sessions to Devices to Stop Cookie Theft
Google has officially launched a major security upgrade to protect users from session hijacking. Starting with Chrome version 146 for Windows users, Device Bound Session Credentials (DBSC) is now publicly available. This new feature aims to stop malware from stealing web cookies and using them to bypass passwords and multi-factor authentication. Support for macOS users…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
France to ditch Windows for Linux to reduce reliance on US tech
France’s move to ditch Windows for Linux is its latest effort to reduce its reliance on American tech giants. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/10/france-to-ditch-windows-for-linux-to-reduce-reliance-on-us-tech/
-
Microsoft Recall Flaw Exposes Decrypted User Data, Researchers Find
When Microsoft reintroduced its redesigned Recall feature, security took center stage. The architecture was built around hardened components, including Virtualization-Based Security (VBS) enclaves, AES-256-GCM encryption, Windows Hello authentication, and a Protected Process Light (PPL) host. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/totalrecall-windows-recall-security-gap/
-
Microsoft Recall Flaw Exposes Decrypted User Data, Researchers Find
When Microsoft reintroduced its redesigned Recall feature, security took center stage. The architecture was built around hardened components, including Virtualization-Based Security (VBS) enclaves, AES-256-GCM encryption, Windows Hello authentication, and a Protected Process Light (PPL) host. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/totalrecall-windows-recall-security-gap/
-
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta.The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release.”This project represents a significant First…
-
‘BlueHammer’ Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
Under the alias ‘Chaotic Eclipse,’ a researcher released a PoC exploit for a zero-day flaw that allows for system takeover by a local user, citing an undisclosed beef with Microsoft. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/bluehammer-windows-exploit-microsoft-bug-disclosure-issues
-
Google Chrome adds infostealer protection against session cookie theft
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-chrome-adds-infostealer-protection-against-session-cookie-theft/
-
In-Memory Loader Drops ScreenConnect
IntroductionIn February 2026, Zscaler ThreatLabz discovered an attack chain where attackers used a fake Adobe Acrobat Reader download to lure victims into installing ConnectWise’s ScreenConnect. While ScreenConnect is a legitimate remote access tool, it can be leveraged for malicious purposes. In this blog post, ThreatLabz examines the various stages of this attack, from the download lure to the…
-
(g+) Windows: So werden die Zertifikate für Secure Boot getauscht
Tags: windowsDie Secure-Boot-Zertifikate laufen bald aus – doch es gibt einen Austauschprozess. Wir beschreiben ihn Schritt für Schritt für Admins. First seen on golem.de Jump to article: www.golem.de/news/windows-so-werden-die-zertifikate-fuer-secure-boot-getauscht-2604-207349.html
-
This fake Windows support website delivers password-stealing malware
A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/this-fake-windows-support-website-delivers-password-stealing-malware/
-
Patch windows collapse as timeexploit accelerates
N-day exploitation: Rapid7 Labs validated its findings about a more febrile threat environment by producing both n-day and zero-day exploits using AI-assisted research, substantially reducing development time.In practice, n-day bugs, or the development of exploits against patched software, are a bigger problem than headline-grabbing zero-day vulnerabilities, adds Leeann Nicolo, incident response lead at Coalition, a technology…
-
Weak at the seams
Tags: advisory, ai, attack, automation, business, cloud, compliance, control, crowdstrike, cybersecurity, data, data-breach, endpoint, exploit, finance, firewall, framework, healthcare, infrastructure, insurance, Internet, network, resilience, risk, service, supply-chain, technology, tool, update, vulnerability, windows, zero-dayThe normal choices are the dangerous ones: Consider the stack a typical large enterprise was running in 2024: One vendor for ERP and supply chain, another for perimeter enforcement, another for networking and another for endpoint protection. Standard choices, responsibly made. Within a twelve-month window, each of those categories experienced significant disruptions, from zero-day exploits…
-
Weak at the seams
Tags: advisory, ai, attack, automation, business, cloud, compliance, control, crowdstrike, cybersecurity, data, data-breach, endpoint, exploit, finance, firewall, framework, healthcare, infrastructure, insurance, Internet, network, resilience, risk, service, supply-chain, technology, tool, update, vulnerability, windows, zero-dayThe normal choices are the dangerous ones: Consider the stack a typical large enterprise was running in 2024: One vendor for ERP and supply chain, another for perimeter enforcement, another for networking and another for endpoint protection. Standard choices, responsibly made. Within a twelve-month window, each of those categories experienced significant disruptions, from zero-day exploits…
-
Microsoft suspends dev accounts for high-profile open source projects
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-suspends-dev-accounts-for-high-profile-open-source-projects/
-
Critical Chrome Flaws Let Attackers Execute Arbitrary Code
Google has released an urgent security update for its Chrome browser, resolving multiple dangerous vulnerabilities. The Chrome team promoted version 147 to the stable channel for Windows, Mac, and Linux users on April 7, 2026. This major release patches flaws that could allow attackers to execute arbitrary code and take full control of affected systems.…
-
Microsoft Confirms Windows 11 Update Breaks Start Menu Search
Microsoft recently addressed a disruptive server-side flaw that completely disabled Start Menu search functionality for some Windows 11 23H2 users. The tech giant quickly acknowledged the incident and deployed an automatic fix behind the scenes. Because the repair happens directly on Microsoft’s servers, users do not need to search for or install any additional software…
-
BlueHammer: Windows zero-day exploit leaked
A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/08/bluehammer-windows-zero-day-exploit-leaked/
-
Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account
The maker of the popular open-source file encryption software VeraCrypt said Microsoft locked his online account, which may prevent device owners from booting up their computers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/08/veracrypt-encryption-software-windows-microsoft-lock-boot-issues/
-
‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices
A researcher released a working ‘BlueHammer’ Windows zero-day exploit that could impact over 1 billion devices, granting SYSTEM-level access and leaving no patch yet. The post ‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-bluehammer-windows-zero-day-exploit-microsoft/
-
(g+) Windows: Der Update-Guide für Secure Boot
Die Secure-Boot-Zertifikate laufen bald aus und müssen getauscht werden. Unser Leitfaden zeigt, welche To-dos auf Admins zukommen. First seen on golem.de Jump to article: www.golem.de/news/windows-der-update-guide-fuer-secure-boot-2604-207330.html
-
Keine neuen Windows-Versionen: Microsoft sperrt Veracrypt-Entwickler aus
Der Veracrypt-Entwickler kann die Windows-Variante seiner Verschlüsselungssoftware nicht mehr aktualisieren. Microsoft hat sein Konto gekündigt. First seen on golem.de Jump to article: www.golem.de/news/keine-neuen-windows-versionen-microsoft-sperrt-veracrypt-entwickler-aus-2604-207334.html
-
Microsoft rolls out fix for broken Windows Start Menu search
Microsoft has pushed a server-side fix for a known issue that broke the Windows Start Menu search feature on some Windows 11 23H2 devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-fix-for-broken-windows-start-menu-search/