Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

TALOS
Open in Source
#vulnerability#web#ios#mac#windows#apple#microsoft#cisco#js#git#java#intel#backdoor#bios#auth#ssh#ibm#zero_day#webkit
Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials

The trove has now been taken down but included users’ logins for platforms including Apple, Google, and Meta, plus services from multiple governments.

CVE-2025-47181: Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.

New updates for Red Hat Enterprise Linux on confidential virtual machines

The new major release of Red Hat Enterprise Linux (RHEL) brings a number of important improvements in the confidential computing domain. This article covers the most important features available now in both RHEL 10 and RHEL 9.6: Full support for RHEL Unified Kernel Image (UKI), including FIPS and kdump supportIntel Trusted Domain Extension (TDX) guestsTrustee attestation clientFull support for RHEL Unified Kernel Image (UKI)First introduced in RHEL9.2 as a Technology Preview, UKI for RHEL is a UEFI Portable Executable (PE) binary containing the Linux kernel, initramfs, and kernel command line.

Microsoft Dismantles Lumma Stealer Network, Seizes 2,000+ Domains

Microsoft disrupts Lumma Stealer network, seizing 2,000 domains linked to 394,000 infections in global cybercrime crackdown with law enforcement partners.

Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals

US, European, and Japanese authorities, along with tech companies including Microsoft and Cloudflare, say they’ve disrupted Lumma, an infostealer popular with criminal gangs.

May “In the Trend of VM” (#15): vulnerabilities in Microsoft Windows and the Erlang/OTP framework

May “In the Trend of VM” (#15): vulnerabilities in Microsoft Windows and the Erlang/OTP framework. A traditional monthly vulnerability roundup. 🙂 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) A total of 4 trending vulnerabilities: 🔻 Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824)🔻 Elevation of Privilege – Windows […]

Tenable Adds Third-Party Connectors to Exposure Management Platform

Tenable One now pulls in data from AWS, Microsoft, and competitors to provide a holistic security view of an organization's attack surface.

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the Domain Name System (DNS) records. The hijacked domains are then used to host URLs that direct users to scams and malware via traffic distribution systems (TDSes), according to

Compromised RVTools Installer Spreading Bumblebee Malware

RVTools installer on its official site was found delivering malware. Research shows it spread Bumblebee loader. Users urged to verify downloads.