Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers

Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,

The Hacker News
Open in Source
#web#android#mac#windows#google#git#auth#The Hacker News
CVE-2025-62213: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

CVE-2025-62215: Windows Kernel Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2025-62209: Windows License Manager Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

CVE-2025-60718: Windows Administrator Protection Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** With successful exploitation of this vulnerability, an attacker could gain elevated privileges equivalent to a system managed administrator, allowing them to execute arbitrary code with high integrity and bypass administrator protections.

CVE-2025-60717: Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

CVE-2025-62208: Windows License Manager Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.

CVE-2025-62452: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.