Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-62569: Microsoft Brokering File System Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#Microsoft Brokering File System#Security Vulnerability
CVE-2025-62469: Microsoft Brokering File System Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

GHSA-wq34-7f4g-953v: Csla affected by Remote Code Execution via WcfProxy (NetDataContractSerializer)

### Impact Versions of CSLA .NET prior to version 6 allow the use of WcfProxy. WcfProxy uses the NetDataContractSerializer (NDCS) which has known vulnerabilities that can allow remote execution of code during deserialization. NDCS itself is considered obsolete, and you should avoid using WcfProxy or upgrade to CSLA 6 or higher where this issue does not exist. ### Patches CSLA .NET version 6 and higher do not use WCF or NetDataContractSerializer. ### Workarounds If you are using a version CSLA .NET older than version 6, you should stop using WcfProxy in your data portal configuration. Doing this avoids the use of WCF and the NetDataContractSerializer, avoiding the vulnerability.

How phishers hide banking scams behind free Cloudflare Pages

We found a campaign that hosts fake login pages on Cloudflare Pages and sends the stolen info straight to Telegram.

Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI

Family photos pulled from social media are being used as "proof-of-life" in virtual kidnapping scams, the FBI warns.

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers chasing AI tools, fake apps stealing cash, and record-breaking cyberattacks — all within days. If you blink, you’ll miss how fast the threat map is changing. New flaws are being found, published, and exploited in hours instead of weeks. AI-powered tools meant to help developers

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs. "This malware enables remote control of compromised systems by allowing