#windows

### Impact This impact users of Shescape on Windows that explicitly configure `shell: 'cmd.exe'` or `shell: true` using any of `quote`/`quoteAll`/`escape`/`escapeAll`. An attacker may be able to get read-only access to environment variables. Example: ```javascript import * as cp from "node:child_process"; import { Shescape } from "shescape"; // 1. Prerequisites const shescape = new Shescape({ shell: "cmd.exe", // Or shell: true, // Only if the default shell is CMD }); // 2. Payload const payload = '"%PATH%'; // 3. Usage let escapedPayload; escapedPayload = shescape.quote(payload); // Or escapedPayload = shescape.quoteAll([payload]); // Or escapedPayload = shescape.escape(payload); // Or escapedPayload = shescape.escapeAll([payload]); // And (example) const result = cp.execSync(`echo Hello ${escapedPayload}`, options); // 4. Impact console.log(result.toString()); // Outputs "Hello" followed by the contents of the PATH environment variable ``` For Shescape prior to ...

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,

Fake Booking.com emails sent to hotels lead to fake Captcha sites that trick the staff into infecting their own systems

Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

Cybercriminals exploit AbyssWorker driver to disable EDR systems, deploying MEDUSA ransomware with revoked certificates for stealthy attacks.

LayerX Labs reports a sophisticated macOS phishing campaign, evading security measures. Learn how attackers adapt and steal credentials from Mac users.

Credential theft alert! Venak Security discovers a BYOVD attack using .SYS drivers to bypass Windows security. Learn how…

In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting new Talos video.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure™ Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a local privilege escalation, which could result in loss of confidentiality, integrity and availability of the engineering workstation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of EcoStruxure™ are affected: EcoStruxure™ Process Expert: Versions 2020R2, 2021 & 2023 (prior to v4.8.0.5715) EcoStruxure™ Process Expert for AVEVA System Platform: Versions 2020R2, 2021 & 2023 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 An improper privilege management vulnerability exists for two services, one managing audit trail data and the other acting as server managing client request, that could cause a loss of confidentiality, integrity, and availability of engineering workstation when ...