#windows

Cisco Talos researchers have discovered a dangerous new malware framework called PS1Bot. Active since early 2025, this sophisticated…

Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Web Installer Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Automation License Manager V6.0: All versions OpenPCS 7 V9.1: All versions SIMATIC WinCC Runtime Professional: All versions SIMATIC WinCC Runtime Professional V20: All versions SIMATIC WinCC TeleControl: All versi...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Wibu CodeMeter Vulnerability: Least Privilege Violation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user to navigate from Import License to a privileged instance of Windows Explorer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC Information Server 2020: All versions Siemens SIMATIC WinCC OA V3.20: All versions prior to V3.20 P008 Siemens SIMATIC Information Server 2022: All versions Siemens SIMATIC Information Server 2024: All versions Siemens SIMATIC PDM Maintenanc...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: Engineering Platforms Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local authenticated attacker to cause a type confusion and execute arbitrary code within the affected application and its privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens SIMATIC PCS neo V4.1: All Versions Siemens SIMATIC WinCC V18: All Versions Siemens SIMATIC WinCC V19: All versions prior to V19 Update 4 Siemens SIMATIC WinCC V20: All Versions Siemens SIMO...

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse. Your

August Microsoft Patch Tuesday. A total of 132 vulnerabilities, 20 fewer than in July. Of these, 25 were added between the July and August MSPT. Three are actively exploited, including two related to the trending SharePoint “ToolShell” flaw, exploited since July 17. 🔻 RCE – Microsoft SharePoint Server (CVE-2025-53770)🔻 Spoofing – Microsoft SharePoint Server (CVE-2025-53771) […]

In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities, some of which are very important.

Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.  The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation. "Untrusted search path in

Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point…