Tag: windows
-
CISA Issues Alert on Active Exploitation of Microsoft Windows Privilege Escalation Flaw
Tags: access, cisa, control, cve, cyber, cybersecurity, exploit, flaw, infrastructure, microsoft, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a critical privilege escalation vulnerability in Microsoft Windows. Known as CVE-2021-43226, this flaw resides in the Common Log File System (CLFS) driver. Attackers who gain local access can bypass security controls and elevate their privileges, potentially leading to full system compromise. Background…
-
Datenschutz bei Windows 11: Diese versteckte Funktion verrät Microsoft alles über euer Surfverhalten
First seen on t3n.de Jump to article: t3n.de/news/datenschutz-bei-windows-11-diese-funktion-verraet-microsoft-alles-ueber-euer-surfverhalten-1709517/
-
Datenschutz bei Windows 11: Diese versteckte Funktion verrät Microsoft alles über euer Surfverhalten
First seen on t3n.de Jump to article: t3n.de/news/datenschutz-bei-windows-11-diese-funktion-verraet-microsoft-alles-ueber-euer-surfverhalten-1709517/
-
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, linux, microsoft, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This…
-
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, linux, microsoft, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This…
-
Critical CVE-2025-27237 Vulnerability in Zabbix Agent for Windows Enables Privilege Escalation via OpenSSL Misconfiguration
A security vulnerability has been identified in Zabbix Agent and Agent2 for Windows, potentially allowing local users to escalate their privileges to the SYSTEM level. Tracked as CVE-2025-27237, the flaw originates from the way these agents handle the OpenSSL configuration file on Windows systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/zabbix-agent-cve-2025-27237/
-
TDL 006 – Beyond the Firewall: How Attackers Weaponize Your DNS
Tags: access, attack, breach, business, cisa, ciso, computer, conference, control, cyber, data, data-breach, dns, exploit, firewall, google, government, group, guide, infrastructure, intelligence, Internet, iraq, jobs, leak, malicious, malware, network, phishing, ransomware, service, software, switch, threat, tool, windowsSummary Beyond the Firewall: How Attackers Weaponize Your DNS For many IT professionals, DNS is the internet’s invisible plumbing, historically managed by a “guy with a Unix beard in the basement,” as Infoblox educator Josh Kuo recalled on the Defenders Log podcast. But this foundational, often overlooked, protocol has become a primary vector for sophisticated…
-
Android and Windows gamers worldwide potentially affected by bug in Unity game engine
An advisory from Unity, which makes the software behind dozens of popular games, warns developers to patch a vulnerability that could allow an attacker to execute code via an affected app. First seen on therecord.media Jump to article: therecord.media/unity-game-engine-vulnerability-android-windows-linux-macos
-
Zabbix Agent/Agent2 for Windows Vulnerability Could Allow Privilege Escalation
A security flaw in Zabbix Agent and Agent2 for Windows has been discovered that could allow a local attacker to gain higher system privileges. The issue, tracked as CVE-2025-27237, stems from the way the agent loads its OpenSSL configuration file. By exploiting this weakness, an attacker with limited rights on a Windows host could escalate…
-
Yurei Ransomware leverages SMB shares and removable drives to Encrypt Files
Targeting Windows systems, Yurei employs advanced file encryption and stealth techniques to maximize impact and minimize detection. Encrypted files are appended with the extension .Yurei, and victims receive a ransom note named _README_Yurei.txt with Tor-based contact channels. CYFIRMA has observed a new ransomware strain, “Yurei Ransomware,” developed in Go language and circulating in multiple malware…
-
Unity Warns Developers of Security Vulnerability Affecting Games on Android, Windows, and Linux Platforms
A recently disclosed security vulnerability in Unity has prompted security updates and, in some cases, game removals across platforms like Steam. The issue affects Unity versions 2017.1 and later, spanning a wide range of games and applications released over the last several years. According to Unity, this Unity vulnerability impacts software built for Android, Windows, macOS,…
-
Microsoft Defender-Bug meldet fehlerhafte BIOS-Update Benachrichtigungen
Besitzer von Dell-Geräten mit Windows werden derzeit möglicherweise von Defender-Fehlalarmen überrascht, die ein “BIOS-Update” melden. Das Ganze betrifft wohl Dell-Geräte, auf denen Microsoft Defender for Endpoint unter Windows läuft und trat am 2. Oktober 2025 plötzlich auf. Microsoft hat dazu … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/03/microsoft-defender-bug-meldet-fehlerhafte-bios-update-benachrichtigungen/
-
Windows 10 refuses to go gentle into that good night
Rage, rage against the dying of the free security updates First seen on theregister.com Jump to article: www.theregister.com/2025/10/02/windows_10_statcounter/
-
New XWorm V6 Variant Embeds Malicious Code into Trusted Windows Applications
In the constantly evolving world of cyber threats, staying informed is not just an advantage; it’s a necessity. First observed in 2022, XWorm quickly gained notoriety as a highly effective malware, providing cybercriminals with a versatile toolkit for malicious activities. XWorm’s modular design is built around a core client and an array of specialized components…
-
GhostSocks Malware-as-a-Service Turns Compromised Devices into Proxies for Threat Actors
On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xss[.]is advertising a novel Malware-as-a-Service (MaaS) offering. The post introduced GhostSocks, a service designed to turn compromised Windows machines into residential SOCKS5 proxies, enabling cybercriminals to bypass anti-fraud defenses and monetize infected hosts. The initial…
-
WhatsApp Exploited to Spread SORVEPOTEL Malware on Windows Systems
An aggressive malware campaign dubbed SORVEPOTEL is exploiting WhatsApp messages to infiltrate Windows systems, with its epicenter in Brazil. Rather than pursuing data theft or ransomware extortion, this self-propagating malware is engineered for rapid spread, leveraging social trust and automation to reach new victims. Trend Research telemetry shows that 457 of the 477 detected infections…
-
New Obex Tools Blocks Runtime Loading of EDR Dynamic Libraries
Obex, a newly released proof-of-concept utility by security researcher dis0rder0x00, demonstrates a simple but effective user-mode method to stop unwanted security and monitoring modules from loading into Windows processes. The tool launches a target process under debugger control and enforces a configurable DLL blocklist, preventing both startup and runtime loads of designated libraries. A demonstration…
-
Microsoft Outlook stops displaying inline SVG images used in attacks
Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-outlook-stops-displaying-inline-svg-images-used-in-attacks/
-
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
-
Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down.…
-
Malicious ZIP Files Use Windows Shortcuts to Drop Malware
Cybersecurity firm Blackpoint Cyber reveals a new spear phishing campaign targeting executives. Learn how attackers use fraudulent document ZIPs containing malicious shortcut files, leveraging ‘living off the land’ tactics, and a unique Anti-Virus check to deliver a custom payload First seen on hackread.com Jump to article: hackread.com/malicious-zip-files-windows-shortcuts-malware/
-
Chrome Security Update Addressing 21 Vulnerabilities
The Chrome team has releasedChrome 141.0.7390.54/55to the stable channel for Windows, Mac, and Linux, rolling out over the coming days and weeks. This update delivers critical security fixes, including 21 distinct vulnerabilities that span high, medium, and low severity. External researchers contributed to several of these fixes, earning rewards up to $25,000. Users are strongly…
-
Microsoft Outlook Bug on Windows Devices Results in Repeated Email Crashes
Microsoft is currently investigating a significant bug affecting classic Outlook for Windows that prevents users from accessing their email accounts. The issue manifests as a persistent error message stating >>Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed.
-
Microsoft Outlook Bug on Windows Devices Results in Repeated Email Crashes
Microsoft is currently investigating a significant bug affecting classic Outlook for Windows that prevents users from accessing their email accounts. The issue manifests as a persistent error message stating >>Cannot start Microsoft Outlook. Cannot open the Outlook window. The set of folders cannot be opened. The attempt to log on to Microsoft Exchange has failed.
-
Support für Windows 10: Verbraucherschützer fordern klare Vorgaben der EU
Tags: windowsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/support-windows-10-verbraucherschuetzer-forderung-klarheit-vorgaben-eu
-
Chinese APT group Phantom Taurus targets gov and telecom organizations
mssq.bat that connects to an SQL database using the sa (system administrator) ID with a password previously obtained by the attackers. It then performs a dynamic search for specific keywords specified in the script, saving the results as a CSV file.”The threat actor used this method to search for documents of interest and information related…
-
Google Adds AI-Powered Ransomware Protection and Recovery to Drive for Desktop
This new ransomware detection is available in beta in Google Drive for desktop on Windows or macOS, with a general release expected by the end of the year. The post Google Adds AI-Powered Ransomware Protection and Recovery to Drive for Desktop appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-drive-ai-ransomware-detection/
-
Microsoft to force install Microsoft 365 companion apps in October
Later this month, Microsoft will start automatically installing the Microsoft 365 companion apps on Windows 11 devices that have the Microsoft 365 desktop client apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-microsoft-365-companion-apps-in-october/
-
Windows 11 2025 Update (25H2) is now available, Here’s what’s new
Today, Microsoft announced the release of Windows 11 25H2, also known as Windows 11 2025 Update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-2025-update-25h2-is-now-available-heres-whats-new/