Tag: windows

New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images

Apr 7, 2026 8:51 AM

Tags: ai, antivirus, cloud, cyber, detection, endpoint, intelligence, malware, microsoft, threat, update, windows

Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and AI-enhanced cloud protection to defend against emerging malware campaigns. Keeping antimalware solutions up to date…
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers

Apr 7, 2026 7:52 AM

Tags: crypto, cyber, macOS, malware, threat, windows

A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information”‘stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView Premium, a popular browser”‘based charting and social platform for stock, crypto, and forex traders. Threat…
Windows Defender 0-Day Published Online, Giving Attackers Potential Full Access

Apr 7, 2026 7:52 AM

Tags: access, cyber, data-breach, flaw, microsoft, update, vulnerability, windows, zero-day

A newly discovered zero-day vulnerability, dubbed >>BlueHammer,<< has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromised systems. Because a patch is not yet available from Microsoft, this public release leaves Windows users temporarily exposed to…
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Apr 6, 2026 9:52 PM

Tags: exploit, flaw, leak, microsoft, windows, zero-day

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/
Microsoft removes Support and Recovery Assistant from Windows

Apr 6, 2026 8:52 PM

Tags: microsoft, update, windows

Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Apr 6, 2026 7:52 PM

Tags: attack, control, fortinet, github, hacker, infrastructure, korea, threat, windows

Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea.The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows shortcut (LNK) files acting as the starting point to drop a decoy PDF First seen on thehackernews.com…
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Apr 6, 2026 4:51 PM

Tags: attack, cyberattack, endpoint, infrastructure, linux, mobile, risk, soc, windows

Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact that many SOC workflows are still fragmented by platform. For security leaders, this creates a First seen on…
GitHub-Backed Malware Spread via LNK Files in South Korea

Apr 6, 2026 2:52 PM

Tags: api, cyber, github, hacker, korea, malware, powershell, tool, windows

Hackers are abusing Windows shortcut files and GitHub to run a stealthy, multi”‘stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into normal enterprise traffic.The campaign begins with weaponized LNK files that contain hidden scripts instead of simple shortcuts. These older…
Authentication is broken: Here’s how security leaders can actually fix it

Apr 6, 2026 12:51 PM

Tags: access, attack, authentication, backup, business, communications, control, credentials, cryptography, data, exploit, fido, firmware, Hardware, healthcare, identity, login, mfa, microsoft, okta, passkey, privacy, resilience, risk, soc, technology, update, windows

Sector snapshots: Where it breaks (and why that matters): Healthcare. Clinicians need tap and go speed with zero tolerance for downtime. One large hospital attempted to pair advanced HID SEOS credentials, which use privacy-preserving randomized IDs, with a clinical SSO platform that expects static IDs for user recognition. This architectural mismatch forced a choice between…
Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency

Apr 6, 2026 10:51 AM

Tags: access, cyber, hacker, linux, macOS, malicious, malware, windows

Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross”‘platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most widely used HTTP clients, with over 100 million weekly downloads on npm, making it deeply…
ResokerRAT Hijacks Telegram API to Command Infected Windows PCs

Apr 6, 2026 8:51 AM

Tags: api, control, cyber, defense, malware, network, windows

A newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker”‘owned server. By blending in with legitimate encrypted Telegram traffic, it becomes harder for network defenses to distinguish its C2 communication from normal user activity. When ResokerRAT runs,…
Supply Chain Attacks Surge in March 2026

Apr 4, 2026 5:53 AM

Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windows

IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)

Apr 3, 2026 10:52 PM

Tags: ai, antivirus, attack, automation, backup, business, control, data, defense, detection, edr, endpoint, exploit, identity, linux, macOS, malware, metric, monitoring, ransomware, resilience, risk, soc, strategy, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Inventory all devices continuously. Go beyond manual tracking. Automated discovery tools can identify each device, from remote laptops to IoT assets, as soon as they join your network. Mitigate shadow IT risk. Unmanaged devices are a favorite entry point for attackers. Every asset must be accounted for and brought under management. No exceptions. Learn more about automating discovery and reducing blind spots in your endpoint management strategy…
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)

Apr 3, 2026 10:52 PM

Tags: ai, antivirus, attack, automation, backup, business, control, data, defense, detection, edr, endpoint, exploit, identity, linux, macOS, malware, metric, monitoring, ransomware, resilience, risk, soc, strategy, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Inventory all devices continuously. Go beyond manual tracking. Automated discovery tools can identify each device, from remote laptops to IoT assets, as soon as they join your network. Mitigate shadow IT risk. Unmanaged devices are a favorite entry point for attackers. Every asset must be accounted for and brought under management. No exceptions. Learn more about automating discovery and reducing blind spots in your endpoint management strategy…
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

Apr 3, 2026 2:51 PM

Tags: microsoft, windows

Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/windows-secure-boot-certificate-update-2026-expiration/
Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2

Apr 3, 2026 2:51 PM

Tags: cyber, microsoft, update, vulnerability, windows

Microsoft has officially initiated an automated, machine-learning-based rollout for Windows 11, version 25H2, targeting unmanaged systems. As part of its ongoing efforts to keep devices secure, similar to routine patch deployments that address critical system vulnerabilities, the tech giant is forcefully upgrading all eligible Home and Pro devices currently running version 24H2. For consumers and…
Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer

Apr 3, 2026 2:51 PM

Tags: attack, cyber, extortion, hacking, infrastructure, windows

Daniel Rhyne, a 59-year-old former core infrastructure engineer, pleaded guilty on April 1, 2026, to federal hacking and extortion charges. He admitted to locking out administrators and sabotaging systems at his former New Jersey-based employer in an attack that began in November 2023. Rhyne entered his plea before U.S. District Judge Michael A. Shipp in…
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor

Apr 3, 2026 1:51 PM

Tags: backdoor, cyber, detection, malicious, windows

Kimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The campaign abuses Windows Task Scheduler, Dropbox, and bundled Python runtimes to evade detection and maintain persistence on infected systems. The ZIP contained a Python script (can.py), a standalone Python interpreter,…
Man admits to locking thousands of Windows devices in extortion plot

Apr 3, 2026 11:51 AM

Tags: extortion, infrastructure, windows

A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/man-admits-to-extortion-plot-locking-coworkers-out-of-thousands-of-windows-devices/
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs

Apr 3, 2026 10:50 AM

Tags: microsoft, windows

Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-force-upgrades-unmanaged-windows-11-24h2-pcs/
North Korea Uses GitHub as C2 in New LNK Phishing Campaign

Apr 3, 2026 7:50 AM

Tags: control, cyber, github, infrastructure, korea, malicious, north-korea, phishing, windows

A new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korearelated actors, shows a clear evolution from earlier, less obfuscated XenoRAT-delivery campaigns observed since 2024. In…
When Your Own Eyes Turn Against You: How Compromised Security Cameras and IoT/OT Devices Become Tools for Your Attackers

Apr 3, 2026 1:51 AM

Tags: access, advisory, attack, botnet, cctv, china, cloud, control, corporate, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, defense, detection, endpoint, espionage, exploit, finance, firmware, flaw, government, group, hacking, healthcare, infrastructure, intelligence, international, Internet, iot, iran, law, linux, malware, network, office, privacy, ransomware, resilience, risk, russia, service, supply-chain, technology, threat, tool, ukraine, unauthorized, update, vpn, vulnerability, warfare, windows, zero-day, zero-trust

TL;DR Security cameras, IoT, and OT devices that are meant to protect us, are easily compromised and turned against defenders, enabling nation-state reconnaissance (Iranian hacks on Hikvision/Dahua cameras during strikes, Russian webcam abuse in Ukraine), espionage via exposed live feeds, ransomware pivots (Akira group bypassing EDR), massive botnets (Mirai/Eleven11bot), and physical disruption. Structural weaknesses like…
Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs

Apr 2, 2026 5:50 PM

Tags: access, backdoor, control, hacker, malware, microsoft, windows

Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems. First seen on hackread.com Jump to article: hackread.com/microsoft-whatsapp-attachments-backdoor-windows-pcs/
Akira-Style Ransomware Campaign Hits Windows Users Across South America

Apr 2, 2026 3:51 PM

Tags: cyber, dark-web, exploit, infrastructure, ransom, ransomware, tactics, threat, usa, windows

A newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware group. According to ESET’s findings, the threat actors behind this campaign are attempting to exploit Akira’s reputation by replicating its branding, ransom notes, and dark web infrastructure references. This includes the use of Tor-based…
Cyberkriminelle haben bis zu 76 Tage im Jahr freien Zugang zu Unternehmens-PCs in aller Welt

Apr 2, 2026 1:52 PM

Tags: ai, cyberattack, resilience, risk, windows

Betriebssystem-Patches auf PCs mit Windows 10/11 kommen durchschnittlich 127 Tage zu spät. Cybervorfälle und KI-gestützte Angriffe verursachen jährlich Verluste in Höhe von 400 Milliarden US-Dollar durch Ausfallzeiten. Nicht mehr die Sicherheitsverletzung selbst ist die schwerwiegendste Folge eines Cybervorfalls, sondern die daraus resultierenden Betriebsstörungen. Das ist die Quintessenz des Resilience Risk Index 2026, den Absolute… First…
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor

Apr 2, 2026 8:50 AM

Tags: access, attack, backdoor, cloud, cyber, malicious, malware, windows

A new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign but execute as scripts when opened on Windows. Once launched, the initial script creates hidden folders…
Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

Apr 1, 2026 7:30 PM

Tags: exploit, hacker, malware, microsoft, windows

Hackers are using WhatsApp messages to deliver malware to Windows PCs, exploiting user trust and attachments to trigger stealthy, multi-stage attacks. The post Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-whatsapp-malware-windows-attack/
WhatsApp on Windows users targeted in new campaign, warns Microsoft

Apr 1, 2026 7:30 PM

Tags: access, microsoft, windows

Microsoft warns WhatsApp on Windows users about an ongoing campaign that tries to gain permanent access to your machine First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/whatsapp-on-windows-users-targeted-in-new-campaign-warns-microsoft/
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Apr 1, 2026 4:29 PM

Tags: banking, crime, cybercrime, group, malware, phishing, threat, usa, windows

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot.The activity has been attributed to a Brazilian cybercrime threat actor tracked as Augmented Marauder and Water Saci. The e-crime group was first documented by Trend Micro…
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Apr 1, 2026 4:29 PM

Tags: infection, malicious, malware, microsoft, threat, windows

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to trick…