Tag: windows
-
TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows
A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation, USB propagation, and deceptive shortcut files. The malware, which serves as a delivery mechanism for…
-
Silver Fox APT Abuses Windows Driver in Active Campaign
Gap in Microsoft Blocklist Exploited, ValleyRAT Runs Undetected. A Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/silver-fox-apt-abuses-windows-driver-in-active-campaign-a-29351
-
Grau Data präsentiert auf der it-sa Ransomware-Schutz für Backups mit Blocky for Veeam
Grau Data präsentiert auf der it-sa 2025 seinen Backup-Ransomware-Schutz Blocky for Veeam in der Version 3.5. Die Software ist derzeit der einzige Ransomware-Schutz für Backups, der direkt auf dem Veeam-Windows-Server aufsetzt und mit der erprobten Grau-Data-WORM (Write Once, Read Many) -Technologie einen unveränderlichen Schutzschild für Veeam-Backups erzeugt. Durch den Einsatz der WORM-Technologie verhindert Blocky for…
-
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts.The vulnerable driver in question is “amsdk.sys” (version 1.0.600), a 64-bit, validly signed Windows…
-
Silver Fox APT Exploits Signed Windows Driver to Deliver ValleyRAT
Check Point reports Silver Fox APT using a signed WatchDog driver flaw to disable Windows security and deliver… First seen on hackread.com Jump to article: hackread.com/silver-fox-apt-exploit-signed-windows-driver-valleyrat/
-
New TinkyWinkey Trojan Targets Windows Systems With Sophisticated Keylogging
A sophisticated new keylogger malware dubbed >>TinkyWinkey
-
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347 First seen…
-
8 bösartige Open-Source-Pakete, die auf WindowsBenutzerdaten abzielen
JFrog, das Liquid-Software-Unternehmen gibt die Entdeckung von acht bösartigen Paketen bekannt, die auf npm, einem der weltweit größten Repositorys für Open-Source-Javascript-Komponenten, veröffentlicht wurden. Die Pakete, darunter react-sxt (Version 2.4.1), react-typex (Version 0.1.0) und react-native-control (Version 2.4.1), wurden von böswilligen npm-Benutzern hochgeladen. Sie enthielten eine hochentwickelte multi-layer Verschleierung mit über 70 Layers versteckten Codes, die es Angreifern ermöglichte,…
-
Google Web Designer Vulnerability Lets Hackers Take Over Client Systems
Tags: api, cyber, data-breach, flaw, google, hacker, malicious, remote-code-execution, vulnerability, windowsA critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according to a detailed write-up by security researcher Balint Magyar. Affecting versions prior to 16.4.0.0711 (released July 29, 2025), the flaw allowed attackers to inject malicious CSS into a configuration file and leverage an internal API…
-
Google Web Designer Vulnerability Lets Hackers Take Over Client Systems
Tags: api, cyber, data-breach, flaw, google, hacker, malicious, remote-code-execution, vulnerability, windowsA critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according to a detailed write-up by security researcher Balint Magyar. Affecting versions prior to 16.4.0.0711 (released July 29, 2025), the flaw allowed attackers to inject malicious CSS into a configuration file and leverage an internal API…
-
Windows 11 24H2: Sicherheitsproblem durch unattend.xml?
Tags: windowsAdministratoren lassen Windows mittels einer unattend.xml-Datei installieren und einrichten. Die Datei unattend.xml lässt sich mit einem Generator erstellen. Ein Blog-Leser hat mich bereits im Juli 2025 darauf hingewiesen, dass unter Windows 11 24H2 aber bei Verwendung einer unattend.xml ein Sicherheitsproblem … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/01/windows-11-24h2-sicherheitsproblem-durch-unattend-xml/
-
Windows 11 24H2: Sicherheitsproblem durch unattend.xml?
Tags: windowsAdministratoren lassen Windows mittels einer unattend.xml-Datei installieren und einrichten. Die Datei unattend.xml lässt sich mit einem Generator erstellen. Ein Blog-Leser hat mich bereits im Juli 2025 darauf hingewiesen, dass unter Windows 11 24H2 aber bei Verwendung einer unattend.xml ein Sicherheitsproblem … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/01/windows-11-24h2-sicherheitsproblem-durch-unattend-xml/
-
Malicious npm Package Impersonates Popular Nodemailer, Puts 3.9M Weekly Downloads at Risk of Crypto Theft
A sophisticated cryptocurrency theft scheme involving a malicious npm package that masquerades as the widely-used Nodemailer email library while secretly hijacking desktop cryptocurrency wallets on Windows systems. Socket’s Threat Research Team identified the malicious package, nodejs-smtp, which impersonates the legitimate Nodemailer library that averages approximately 3.9 million weekly downloads. The fraudulent package employs a clever…
-
Bei Digital-Produkten auch auf Ausfallrisiken achten
Das BSI empfiehlt Nutzern von digitalen Produkten darauf zu achten, wie der Hersteller mit Sicherheitsrisiken umgeht.Das Bundesamt für Sicherheit in der Informationstechnik (BSI) rät bei der Auswahl digitaler Produkte darauf zu achten, ob es Ausfallrisiken gibt. Eine Sprecherin der Behörde sagte der Deutschen Presse-Agentur auf die Frage, worauf Nutzer bei der Auswahl von Online-Bezahlsystemen achten…
-
Windows 11 25H2 Preview Build Released: Here’s What’s New
Microsoft has begun rolling out the Windows 11, version 25H2 (Build 26200.5074) preview to the Release Preview Channel, offering enthusiasts and enterprise customers an early look at this year’s annual feature update ahead of general availability later in 2025. This build arrives as an enablement package (eKB), streamlining the installation process by sharing a common…
-
Hackers Exploit Windows Defender Policies to Shut Down EDR Agents
Cybercriminals are now weaponizing Windows Defender Application Control (WDAC) policies to disable Endpoint Detection and Response (EDR) agents en masse. What began as a proof-of-concept research release in December 2024 has quickly evolved into an active threat, with multiple malware families adopting WDAC policy abuse to evade detection and block security tools entirely. The original…
-
Windows 11 24H2: Sicherheitsproblem durch unattend.xml
Tags: windowsAdministratoren lassen Windows mittels einer unattend.xml-Datei installieren und einrichten. Die Datei unattend.xml lässt sich mit einem Generator erstellen. Ein Blog-Leser hat mich bereits im Juli 2025 darauf hingewiesen, dass unter Windows 11 24H2 aber bei Verwendung einer unattend.xml ein Sicherheitsproblem … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/01/windows-11-24h2-sicherheitsproblem-durch-unattend-xml/
-
Netskope Windows Client Vulnerability Enables Privilege Escalation via Rogue Server
A serious security vulnerability in Netskope’s Windows client has been discovered that could allow attackers to escalate privileges from a low-privileged user to full system-level access. The flaw, tracked as CVE-2025-0309, affects all versions of the Netskope Windows client prior to version R129 and has prompted the company to release urgent security updates. Exploiting Rogue…
-
Nicht bereit für Windows 11? So verlängerst du den Windows 10-Support bis Oktober 2026
Tags: windowsFirst seen on t3n.de Jump to article: t3n.de/news/nicht-bereit-fuer-windows-11-1700273/
-
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser… First seen on hackread.com Jump to article: hackread.com/malicious-npm-packages-stole-chrome-user-data-windows/
-
Windows 11 KB5064081 update clears up CPU usage metrics in Task Manager
Microsoft has released the KB5064081 preview cumulative update for Windows 11 24H2, which includes thirty-six new features or changes, with many gradually rolling out. These updates include new Recall features and a new way of displaying CPU usage in Task Manager. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5064081-update-clears-up-cpu-usage-metrics-in-task-manager/
-
Microsoft fixes bug behind Windows certificate enrollment errors
Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-windows-certificate-enrollment-errors/
-
Microsoft says recent Windows update didn’t kill your SSD
Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-says-recent-KB5063878-windows-update-didnt-kill-your-ssd/
-
Weaponized PDFs and LNK Files Used in Windows Attacks
A clandestine campaign in which threat actors are weaponizing a legitimate-looking PDF document, titled “êµê°€ì •ë³´ì—°êµ¬íšŒ 소ì‹ì§€ (52호)” (National Intelligence Research Society Newsletter Issue 52), alongside a malicious Windows shortcut (LNK) file named êµê°€ì •ë³´ì—°êµ¬íšŒ 소ì‹ì§€(52호).pdf.LNK. The attackers distribute both files together”, either within the same archive or as seemingly related attachments. When victims open the LNK…
-
AppSuite PDF Editor Exploit Lets Hackers Run Arbitrary Commands
A sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems. Initially flagged as a potentially unwanted program due to its aggressive installation behavior, AppSuite’s true nature was revealed when its malicious components were deobfuscated and analyzed. Threat actors exploited high-ranking PDF tool websites to distribute a…
-
Threat Actors Use Facebook Ads to Deliver Android Malware
Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these threat actors have shifted tactics after months of targeting Windows users with fake trading and cryptocurrency ads, now focusing worldwide on smartphone…
-
Silver Fox Hackers Use Driver Vulnerability to Evade Security on Windows Systems
A sophisticated campaign by the Silver Fox APT group that exploits a previously unknown vulnerable driver to bypass endpoint detection and response (EDR) and antivirus solutions on fully updated Windows 10 and 11 systems. Check Point Research (CPR) revealed on August 28, 2025, that the advanced persistent threat group has been leveraging the WatchDog Antimalware…