Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

GHSA-ffvr-gmp3-xx43: Apache EventMesh: raft Hessian Deserialization Vulnerability allowing remote code execution

CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo or version 1.11.0 to fix this issue.

ghsa
Open in Source
#vulnerability#mac#windows#linux#apache#rce#auth
FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux

Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets include a telecommunications entity and a university,

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild: 🔻 EoP – Windows Ancillary Function Driver for WinSock (CVE-2025-21418)🔻 EoP – Windows Storage (CVE-2025-21391) There are no vulnerabilities with public exploits, but there are 7 with private ones: 🔸 RCE – Microsoft Edge (CVE-2025-21279, CVE-2025-21283)🔸 Auth. […]

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

A team Microsoft calls BadPilot is acting as Sandworm's “initial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.

Patch Tuesday: Microsoft Fixes 63 Bugs with 2 Zero-Days

Microsoft’s February Patch Tuesday addresses 63 security vulnerabilities, including two actively exploited zero-days. Update your systems now to…

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

Microsoft's February Patch a Lighter Lift Than January's

But there's plenty in it — including two zero-days — that need immediate attention.

Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.”

Cisco Rejects Kraken Ransomware’s Data Breach Claims

Cisco denies recent data breach claims by the Kraken ransomware group, stating leaked credentials are from a resolved 2022 incident. Learn more about Cisco's response and the details of the original attack.

SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk & Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks.