Tag: windows
-
Expiring Microsoft Secure Boot Keys May Block DBX Updates on Legacy Devices
Expiring Microsoft Secure Boot keys will not brick unmigrated systems on June 27, 2026. However, they will silently freeze DB/DBX updates and lock affected Windows and Linux fleets out of future boot”‘level protections. On June 27, 2026, the Microsoft Corporation KEK CA 2011 used to authorize DB/DBX updates via Windows Update reaches its end of…
-
U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw added to the catalog, tracked…
-
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker.Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress.CVE-2026-33829 refers to a spoofing vulnerability that could…
-
Global Stock Exchange Hit by Monthslong Email Campaign
A threat actor got a near-continuous view into an influential finance executive’s email inbox, thanks to clever use of legitimate, native Windows tools. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/global-stock-exchange-hit-monthslong-email-campaign
-
Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers
Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring the previously patched CVE-2026-33829 in the Snipping Tool. Windows Search URI Handler Vulnerability Security researchers from Huntress have identified that the Windows search URI handler improperly processes user-supplied parameters, allowing attackers to coerce…
-
Microsoft resolves Windows 11 update installation errors
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-resolves-windows-11-update-installation-errors
-
Microsoft’s Coreutils project brings Linux commands to Windows
Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsofts-coreutils-project-brings-linux-commands-to-windows/
-
Kritische Sicherheitslücke: Angreifer kapern Windows-Server über das Netzwerk
Aufgrund einer kritischen Netlogon-Lücke lassen sich Windows-Server durch spezielle Datenpakete kompromittieren. Angreifer nutzen das bereits. First seen on golem.de Jump to article: www.golem.de/news/kritische-sicherheitsluecke-attacken-auf-windows-server-beobachtet-2606-209287.html
-
Kritische Sicherheitslücke: Attacken auf Windows-Server beobachtet
Aufgrund einer kritischen Netlogon-Lücke lassen sich Windows-Server durch spezielle Datenpakete kompromittieren. Angreifer nutzen das bereits. First seen on golem.de Jump to article: www.golem.de/news/kritische-sicherheitsluecke-attacken-auf-windows-server-beobachtet-2606-209287.html
-
Threat Actors Target Critical Windows Netlogon Flaw CVE-2026-41089
A critical Windows Netlogon vulnerability, tracked as CVE-2026-41089, has emerged as a significant security concern after authorities warned that threat actors are actively attempting to exploit the flaw to gain remote code execution capabilities on vulnerable systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-41089-windows-netlogon-vulnerability/
-
PHANTOMPULSE RAT Uses UAC Bypass to Hijack Windows Systems
New technical details about PHANTOMPULSE, a sophisticated remote access trojan (RAT) used in multi-stage intrusions targeting Windows environments. The malware represents the final payload in an attack chain previously linked to Obsidian plugin abuse and in-memory loaders, but this latest analysis focuses on its advanced post-exploitation capabilities. PHANTOMPULSE stands out for combining multiple stealth techniques,…
-
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/
-
Critical Windows Netlogon RCE flaw now exploited in attacks
Tags: attack, country, cybersecurity, exploit, flaw, rce, remote-code-execution, threat, vulnerability, windowsThe Centre for Cybersecurity Belgium (CCB), the country’s national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/critical-windows-netlogon-remote-code-execution-flaw-now-exploited-in-attacks/
-
Microsoft fixes KB5089549 Windows security update install issues
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/
-
FSB Group Gamaredon Hides Worm in Windows Data Streams
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gamaredon-worm-ntfs-data-streams/
-
Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives
Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users’ browser, crypto, and Discord data. First seen on hackread.com Jump to article: hackread.com/purchase-emails-fileless-purelogs-malware-rar-archives/
-
Microsoft KB5089573 Fixes Windows 11 Patch Tuesday Install Failures
Microsoft has released cumulative update KB5089573 for Windows 11 versions 24H2 and 25H2, aimed at improving stability and resolving installation issues reported during recent Patch Tuesday deployments. The update is part of Microsoft’s ongoing effort to streamline update reliability while introducing refinements to AI-driven system components. KB5089573 primarily addresses problems users encountered while installing earlier…
-
Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation
Tags: cve, cyber, exploit, microsoft, rce, remote-code-execution, risk, update, vulnerability, windowsMicrosoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is now being actively exploited in the wild. Tracked as CVE-2026-41089, the vulnerability allows unauthenticated attackers to execute remote code against domain controllers without any user interaction, making it one of the most dangerous…
-
Viren und Malware – Wie schützt ihr euch, wart ihr betroffen und wie kam es dazu?
Wie haltet ihr euer System frei von Viren und Malware? Nutzt ihr Software abseits des Windows Defenders? Und wart ihr schon mal betroffen? First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/viren-und-malware-wie-schuetzt-ihr-euch-wart-ihr-betroffen-und-wie-kam-es-dazu.97613
-
China-Linked Hackers Hit SEA Edge Routers With Custom Linux Implant
China-linked hackers are conducting a stealthy infrastructure-centric espionage campaign across Southeast Asia by compromising Linux-based edge routers with a custom ELF implant and pairing it with a cracked Cobalt Strike Beacon on Windows systems for unified command-and-control over entire networks. The operation enables full visibility into, and manipulation of, downstream traffic while largely bypassing traditional…
-
Domain Controller lookup may fail on Windows Server 2016
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-domain-controller-lookup-may-fail-on-windows-server-2016/
-
Ransomware Uses ChaCha20 and Curve25519 to Encrypt Windows Files
Payload ransomware is a new Windows ransomware family that combines ChaCha20 stream encryption with per-file Curve25519 ECDH key exchange, making victim data effectively unrecoverable without the attackers’ private key. It also implements strong anti-forensics, including ETW patching, VSS deletion, event log wiping, and aggressive process/service termination to hinder detection and recovery. Payload first appeared publicly…
-
APT Group Patches termsrv.dll to Enable Multiple RDP Sessions
A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll library to enable multiple Remote Desktop Protocol (RDP) sessions on compromised systems. Observed throughout 2025 and continuing into 2026, the activity primarily targets government and commercial entities in Russia and…
-
Zentrale Analyse und Betriebs-Monitoring für hybride Serverlandschaften – Lokale Windows-Server aus der Cloud überwachen mit Azure Arc
First seen on security-insider.de Jump to article: www.security-insider.de/lokale-windows-server-aus-der-cloud-ueberwachen-mit-azure-arc-a-3652952f07d88f470e3f3620ffe1ffb4/
-
Zentrale Analyse und Betriebs-Monitoring für hybride Serverlandschaften – Lokale Windows-Server aus der Cloud überwachen mit Azure Arc
First seen on security-insider.de Jump to article: www.security-insider.de/lokale-windows-server-aus-der-cloud-ueberwachen-mit-azure-arc-a-3652952f07d88f470e3f3620ffe1ffb4/
-
Organizations knowingly ship vulnerable code amid shrinking exploit windows
First seen on scworld.com Jump to article: www.scworld.com/brief/organizations-knowingly-ship-vulnerable-code-amid-shrinking-exploit-windows
-
New Telecom Espionage Campaign Tied to China
Researchers Trace Linux and Windows Toolsets to Suspected PRC Espionage Activity. Newly discovered malware tied to China-linked actors breached telecom providers across Asia and the Middle East, highlighting growing efforts to gain persistent access into interconnected communications infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-telecom-espionage-campaign-tied-to-china-a-31763
-
Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker
Microsoft has released a temporary mitigation for YellowKey, a Windows zero-day that can reportedly bypass BitLocker protections. The post Microsoft Warns: Windows Zero-Day ‘YellowKey’ Can Bypass BitLocker appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-yellowkey-bitlocker-bypass-mitigation/
-
Microsoft addresses Windows Update failures in restricted environments
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-addresses-windows-update-failures-in-restricted-environments
-
Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-warns-of-apex-one-zero-day-exploited-in-attacks/