Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Scarcity signals: Are rare activities red flags?

Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones.

TALOS
Open in Source
#web#mac#windows#amazon#cisco#git#intel#aws
ABB Cylon Aspect Studio 3.08.03 Insecure Permissions

The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users' group.

ABB Cylon Aspect Studio 3.08.03 (CylonLicence.dll) Binary Planting

A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary("CylonLicence") without a full path, falling back to the standard library search order. If an attacker can plant a malicious CylonLicence.dll in a writable directory that is searched before the legitimate library path, this DLL will be loaded and executed with the privileges of the user running the application. This flaw enables arbitrary code execution and can be exploited for privilege escalation or persistence, especially in environments where the application is executed by privileged users.

Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords

Cybersecurity researcher Jeremiah Fowler discovered a misconfigured cloud server containing a massive 184 million login credentials, likely collected…

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD). "The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement," Akamai security researcher Yuval Gordon said in a

Lumma information stealer infrastructure disrupted

The Lumma infostealer infrastructure has suffered a serious blow by a coordinated action of the DOJ and Microsoft.

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections

A sprawling operation undertaken by global law enforcement agencies and a consortium of private sector firms has disrupted the online infrastructure associated with a commodity information stealer known as Lumma (aka LummaC or LummaC2), seizing 2,300 domains that acted as the command-and-control (C2) backbone to commandeer infected Windows systems. "Malware like LummaC2 is deployed to steal

Microsoft Dismantles Lumma Stealer Network, Seizes 2,000+ Domains

Microsoft disrupts Lumma Stealer network, seizing 2,000 domains linked to 394,000 infections in global cybercrime crackdown with law enforcement partners.

Unpatched Windows Server Flaw Threatens Active Directory Users

Attackers can exploit a vulnerability present in the delegated Managed Service Account (dMSA) feature that fumbles permission handling and is present by default.