Tag: windows
-
Microsoft lifts Windows 11 update block for Easy Anti-Cheat users
Microsoft has removed a compatibility hold that prevented some Easy Anti-Cheat users from installing the Windows 11 2024 Update because of a known issue that triggers restarts with blue screen of death (BSOD) errors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-lifts-windows-11-update-block-for-easy-anti-cheat-users/
-
Critical VGAuth Flaw in VMware Tools Grants Full System Access
Security researchers have uncovered critical vulnerabilities in VMware Tools’ Guest Authentication Service (VGAuth) that allow attackers to escalate privileges from any user account to full SYSTEM access on Windows virtual machines. The flaws, tracked as CVE-2025-22230 and CVE-2025-22247, affect VMware Tools 12.5.0 and earlier versions across ESXi-managed environments and standalone VMware Workstation deployments. Authentication Bypass…
-
New CastleLoader Attack Uses Cloudflare-Themed Clickfix Method to Compromise Windows Systems
A newly identified loader malware dubbed CastleLoader has emerged as a significant threat since early 2025, rapidly evolving into a distribution platform for various information stealers and remote access trojans (RATs). Leveraging sophisticated phishing tactics under T1566 and drive-by compromise methods classified as T1189, attackers masquerade as legitimate software libraries, online meeting platforms like Google…
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
Coyote malware is first-ever malware abusing Windows UI Automation
Tags: automation, banking, credentials, crypto, exploit, finance, framework, malware, microsoft, windowsNew Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s UI Automation framework in the wild, validating prior warnings from Akamai researchers in December 2024. The UI Automation (UIA) framework is a Microsoft accessibility framework that…
-
AWS Client VPN for Windows Vulnerability Could Allow Privilege Escalation
Amazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow non-administrative users to escalate their privileges to root-level access during the installation process. The vulnerability, tracked as CVE-2025-8069, affects multiple versions of the AWS Client VPN client and has been addressed in the latest software update.…
-
AWS Client VPN for Windows Vulnerability Could Allow Privilege Escalation
Amazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow non-administrative users to escalate their privileges to root-level access during the installation process. The vulnerability, tracked as CVE-2025-8069, affects multiple versions of the AWS Client VPN client and has been addressed in the latest software update.…
-
Brave blocks Windows Recall from screenshotting your browsing activity
Brave Software says its privacy-focused browser will block Microsoft’s Windows Recall from capturing screenshots of Brave windows by default to protect users’ privacy. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/
-
Banking Trojan Coyote Abuses Windows UI Automation
It’s the first known instance of malware that abuses the UIA framework and has enabled dozens of attacks against banks and crypto exchanges in Brazil. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/banking-trojan-coyote-windows-ui-automation
-
Microsoft fixes bug behind incorrect Windows Firewall errors
Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-incorrect-windows-firewall-errors/
-
New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information.”The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges,” Akamai security researcher Tomer…
-
Forscher täuscht ChatGPT mit Ratespiel und ergattert echte Windows-Keys
First seen on t3n.de Jump to article: t3n.de/news/forscher-chatgpt-windows-keys-1696521/
-
Copilot Vision on Windows 11 sends data to Microsoft servers
Total Recall: Capturing everything you do on your PC screen to become a ‘true companion’ First seen on theregister.com Jump to article: www.theregister.com/2025/07/23/microsoft_copilot_vision/
-
Microsoft rolls out Windows 11 >>quick recovery<< feature
With the latest Windows 11 update, Microsoft is saying goodbye to the infamous >>Blue Screen of Death
-
Debug Code in ExpressVPN Windows App Caused IP Leak via RDP Port
ExpressVPN has alerted users of a security issue in its Windows application that allowed certain Remote Desktop Protocol (RDP) traffic to bypass the VPN tunnel, potentially exposing users’ IP addresses. This vulnerability primarily affected TCP traffic routed over port 3389, the standard port for RDP connections, which are often used in enterprise environments rather than…
-
Windows Server KB5062557 causes cluster, VM issues
Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month’s Windows Server 2019 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-kb5062557-causes-cluster-vm-issues/
-
Kubernetes Image Builder Vulnerability Grants Root Access to Windows Nodes
A critical vulnerability in the Kubernetes Image Builder has been disclosed that allows attackers to gain root access on Windows nodes by exploiting default credentials embedded in virtual machine images. Tracked as CVE-2025-7342, the flaw affects images built with the Nutanix or OVA providers in Kubernetes Image Builder versions v0.1.44 and earlier. CVE Identifier Description…
-
ExpressVPN Windows Client Flaw Could Expose User Information
ExpressVPN disclosed a vulnerability in its Windows desktop client that, under specific circumstances, could have permitted the leakage of user connection details. The flaw was discovered by security researcher Adam-X through ExpressVPN’s bug bounty program and pertains to Remote Desktop Protocol (RDP) and other TCP traffic routed over port 3389. Although the bug did not…
-
DeerStealer Malware Spread Through Weaponized .LNK and LOLBin Tools
A new wave of cyber-attacks has emerged, exploiting Windows shortcut files (.LNK) combined with legitimate system utilities collectively known as Living-off-the-Land Binaries and Scripts (LOLBin/S) to deliver the DeerStealer infostealer through highly obfuscated multi-stage chains. Recent campaigns begin with phishing emails or fraudulent file shares containing weaponized .LNK files camouflaged as seemingly benign documents, often…
-
APT41 Hackers Exploiting Atexec and WmiExec Windows Modules for Malware Deployment
Kaspersky MDR analysts recently uncovered a sophisticated targeted attack by the Chinese-speaking cyberespionage group APT41 against government IT services in the African region, marking a notable escalation in the group’s activity on the continent, which had previously seen minimal incidents from this actor. The attackers embedded hardcoded names of internal services, IP addresses, and proxy…
-
ExpressVPN bug leaked user IPs in Remote Desktop sessions
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users’ real IP addresses. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/
-
Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses
Hackers are exploiting a significant Microsoft vulnerability chain that allows them gain control of on-premises SharePoint servers, steal cryptographic keys, and access Windows applications like Outlook, Teams, and OneDrive. It also gives them persistence in the systems even after reboots and updates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/hackers-exploiting-microsoft-flaw-to-attack-governments-businesses/
-
Novel malware from Russia’s APT28 prompts LLMs to create malicious Windows commands
Tags: ai, api, attack, computer, control, cyber, cyberattack, cybercrime, data, detection, dos, exploit, government, group, hacking, infrastructure, intelligence, LLM, malicious, malware, military, network, phishing, programming, russia, service, tool, ukraine, vulnerability, windows.pif (MS-DOS executable) extension, though variants with .exe and .py extensions have also been observed.CERT-UA attributes these attacks to a group it tracks as UAC-0001, but which is better known in the security community as APT28. Western intelligence agencies have officially associated this group with Unit 26165, or the 85th Main Special Service Center (GTsSS)…
-
Microsoft mistakenly tags Windows Firewall error log bug as fixed
Microsoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-mistakenly-tags-windows-firewall-error-log-bug-as-fixed/
-
Snake Keylogger Bypasses Windows Defender and Uses Scheduled Tasks to Steal Credentials
Threat actors have been using a sophisticated phishing operation to impersonate Turkish Aerospace Industries (TUSAÅž) in order to attack Turkish businesses, especially those in the defense and aerospace sectors. The campaign distributes malicious emails masquerading as contractual documents, such as the file >>TEKLÄ°F Ä°STEĞİ TUSAÅž TÜRK HAVACILIK UZAY SANAYÄ°Ä°_xlsx.exe
-
Ich gebe auf: Wie ein Forscher ChatGPT mit einem simplen Trick dazu bringt, Windows-Keys herauszurücken
First seen on t3n.de Jump to article: t3n.de/news/forscher-knackt-chatgpt-windows-key-mit-trick-1696521/
-
Sophos Intercept X for Windows Flaws Enable Arbitrary Code Execution
Sophos has disclosed three critical security vulnerabilities in its Intercept X for Windows endpoint security solution that could allow attackers to execute arbitrary code and gain system-level privileges on affected systems. The vulnerabilities, designated CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, all carry high severity ratings and affect different components of the security software including the updater, Device…
-
New “LameHug” Malware Deploys AI-Generated Commands
Ukraine’s CERT-UA has identified a new AI-powered malware, dubbed “LameHug,” which executes commands on compromised Windows systems in cyber-attacks, targeting the nation’s security and defense sector First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-lamehug-malware-deploys/