#windows

A new report details how the advanced hacking tool Shellter Elite was leaked and is now being used…

There is no evidence the footage was deceptively manipulated, but ambiguities around how the video was processed may further fuel conspiracy theories about Epstein’s death.

Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.

Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and

### Impact Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to get access to a machine running a unit using the affected charm. ### Details A controller exposes three charm-related HTTP API endpoints, as follows: - PUT/GET https://<controller-ip>:17070/model-<model-uuid>/charms/<nameofcharm>-<hashofcharm> - POST/GET https://<controller-ip>:17070/model-<model-uuid>/charms - GET https://<controller-ip>:17070/charms These endpoints require Basic HTTP authentication credentials and will accept any valid user within the context of the controller. A user that has no specific permission or access granted can call all of these APIs. To reproduce: ``` juju bootstrap juju add-user testuser juju change-user-password testuser ``` Download the ZIP file of an...

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.

Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.”

Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma.

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. "The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract," the Russian company said. "The main goal of the

**Why is this AMD CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in certain processor models offered by AMD. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigation and provide protection against the vulnerability. Please see the following for more information: * AMD-SB-7029