Tag: windows
-
China-aligned crew poisons Windows servers to manipulate Google results
Defrauding search with custom malware, Potato-family exploits First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/new_chinaaligned_crew_poisons_windows_servers/
-
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam.The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS)…
-
GhostRedirector Emerges as New China-Aligned Threat Actor
A newly identified hacking group named GhostRedirector has compromised 65 Windows servers using previously unknown tools First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ghostredirector-new-china-threat/
-
Sticking with Windows 10 could be costly
Tags: windowsAs the clock ticks down on support for the OS, research indicates that sticking with the platform could be expensive First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366630336/Sticking-with-Windows-10-could-be-costly
-
GhostRedirector Hackers Target Windows Servers Using Malicious IIS Module
ESET security researchers have uncovered a sophisticated cyber threat campaign targeting Windows servers across multiple countries, with attackers deploying custom malware tools designed for both remote access and search engine manipulation. Cybersecurity experts at ESET have identified a previously unknown threat group dubbed GhostRedirector, which has successfully compromised at least 65 Windows servers primarily located in…
-
New Malware Uses Windows Character Map for Cryptomining
Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software… First seen on hackread.com Jump to article: hackread.com/new-malware-uses-windows-character-map-cryptomining/
-
Komplett vorkonfigurierte Software-basierte Appliance von Veeam
Veeam Software hat die Verfügbarkeit seiner ersten vollständig konfigurierten, vorgehärteten Software-Appliance angekündigt. Die neue Veeam-Software-Appliance wurde entwickelt, um IT-Teams sofortigen Schutz ohne komplexe Implementierung zu bieten. Sie macht Schluss mit manueller Einrichtung, Betriebssystem-Patching und Windows-Lizenzierung und wird als bootfähiges ISO oder virtuelle Appliance geliefert. Obendrein läuft sie auf einem gehärteten, von Veeam verwalteten Linux-Betriebssystem, das…
-
Enterprises sticking with Windows 10 could shell out billions for continued support
Tags: windowsNexthink estimates ESU bills could top $7.3B as millions of devices set to miss upgrade deadline First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/windows_10_esu_costs/
-
Microsoft says recent Windows updates cause app install issues
Microsoft says the August 2025 security updates are triggering unexpected User Account Control (UAC) prompts and app installation issues for non-admin users across all supported Windows versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-says-recent-windows-updates-cause-app-install-issues-due-to-unexpected-admin-UAC-prompts/
-
Microsoft Confirms UAC Bug Disrupts App Installation on Windows 10 11
Microsoft has officially acknowledged a significant User Account Control (UAC) bug that is causing widespread installation issues across Windows 10 and Windows 11 systems. The problem stems from a security update released in August 2025 and affects millions of users attempting to install or repair applications. The Core Issue The bug emerged following Microsoft’sAugust 2025…
-
Is a Recent Windows Update Responsible for SSD Failures? Microsoft Has an Answer
A rash of SSD failures have prompted some users to blame a recent Windows Update. Microsoft insist the problem is not its fault. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-update-ssd-failures/
-
New threat group uses custom tools to hijack search results
ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/04/ghostredirector-seo-fraud-threat-group/
-
California Tax Refund Mobile Phish
A new round of mobile phish is imitating the State of California’s “Franchise Tax Board” in a round of phishing sites that are gaining prominence in the past few days. I visited ftb.ca-gov-sg[.]top/notice from a burner phone to see how the scheme works (the page doesn’t load from the Windows browsers I tested.) After harvesting…
-
IT departments face huge Windows 10 support bill
When Windows 10 reaches end-of-life on October 14th, organisations will need to purchase an Extended Support contract to receive Microsoft patches First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630293/IT-departments-face-huge-Windows-10-support-bill
-
Dire Wolf Ransomware Targets Windows, Wipes Logs and Backups
The recently emerged DireWolf ransomware group has launched a sophisticated new campaign targeting Windows systems worldwide, employing ruthless tactics to delete event logs, erase backup-related data, and thwart recovery efforts. First sighted in May 2025, DireWolf has rapidly escalated its operations, infecting 16 organizations across 16 regions”, including the United States, Thailand, Taiwan, Australia, and…
-
Dire Wolf Ransomware Targets Windows, Wipes Logs and Backups
The recently emerged DireWolf ransomware group has launched a sophisticated new campaign targeting Windows systems worldwide, employing ruthless tactics to delete event logs, erase backup-related data, and thwart recovery efforts. First sighted in May 2025, DireWolf has rapidly escalated its operations, infecting 16 organizations across 16 regions”, including the United States, Thailand, Taiwan, Australia, and…
-
Chrome 140 Release Fixes Critical RCE Vulnerabilities
Tags: browser, chrome, cyber, google, linux, rce, remote-code-execution, update, vulnerability, windowsGoogle has released Chrome 140 to the stable channel for Windows, Mac, and Linux. This update will roll out to users over the coming days and weeks. The new version, 140.0.7339.80 for Linux and 140.0.7339.80/81 for Windows and Mac, delivers several security fixes and improvements. A full list of changes is available in the Chromium log.…
-
25H2: Der nächste große Windows-11-Patch entfernt Features
Normalerweise werden die jährlichen Feature-Updates genutzt, um neue Features für Windows 11 zu bringen – dieses Mal allerdings nicht. First seen on golem.de Jump to article: www.golem.de/news/25h2-der-naechste-grosse-windows-11-patch-entfernt-features-2509-199747.html
-
Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam
A new and clever ClickFix scam is using a fake AnyDesk installer and Windows search to bypass security,… First seen on hackread.com Jump to article: hackread.com/fake-anydesk-installer-metastealer-clickfix-scam/
-
Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam
A new and clever ClickFix scam is using a fake AnyDesk installer and Windows search to bypass security,… First seen on hackread.com Jump to article: hackread.com/fake-anydesk-installer-metastealer-clickfix-scam/
-
Stealthy Python Malware Uses Discord to Steal Windows Data
Inf0s3c Stealer, a stealthy Python-based grabber built to harvest system information and user data from Windows hosts. Packed as a 64-bit PE file compressed with UPX and bundled via PyInstaller, the executable imports a suite of Windows API functions to enumerate processes, navigate directories, manipulate memory, and manage security settings. Once executed, it methodically collects…
-
Stealthy Python Malware Uses Discord to Steal Windows Data
Inf0s3c Stealer, a stealthy Python-based grabber built to harvest system information and user data from Windows hosts. Packed as a 64-bit PE file compressed with UPX and bundled via PyInstaller, the executable imports a suite of Windows API functions to enumerate processes, navigate directories, manipulate memory, and manage security settings. Once executed, it methodically collects…
-
TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows
A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation, USB propagation, and deceptive shortcut files. The malware, which serves as a delivery mechanism for…
-
Silver Fox APT Abuses Windows Driver in Active Campaign
Gap in Microsoft Blocklist Exploited, ValleyRAT Runs Undetected. A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/silver-fox-apt-abuses-windows-driver-in-active-campaign-a-29351
-
Grau Data präsentiert auf der it-sa Ransomware-Schutz für Backups mit Blocky for Veeam
Grau Data präsentiert auf der it-sa 2025 seinen Backup-Ransomware-Schutz Blocky for Veeam in der Version 3.5. Die Software ist derzeit der einzige Ransomware-Schutz für Backups, der direkt auf dem Veeam-Windows-Server aufsetzt und mit der erprobten Grau-Data-WORM (Write Once, Read Many) -Technologie einen unveränderlichen Schutzschild für Veeam-Backups erzeugt. Durch den Einsatz der WORM-Technologie verhindert Blocky for…
-
Silver Fox APT Exploits Signed Windows Driver to Deliver ValleyRAT
Check Point reports Silver Fox APT using a signed WatchDog driver flaw to disable Windows security and deliver… First seen on hackread.com Jump to article: hackread.com/silver-fox-apt-exploit-signed-windows-driver-valleyrat/
-
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts.The vulnerable driver in question is “amsdk.sys” (version 1.0.600), a 64-bit, validly signed Windows…
-
New TinkyWinkey Trojan Targets Windows Systems With Sophisticated Keylogging
A sophisticated new keylogger malware dubbed >>TinkyWinkey
-
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347 First seen…