#windows

For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious—and effective—than ever.

Fake emails pretending to come from the US Social Security Administration try to get targets to install ScreenConnect for remote access.

About Elevation of Privilege – Windows Process Activation (CVE-2025-21204) vulnerability. This vulnerability from the April Microsoft Patch Tuesday was not highlighted by VM vendors in their reviews. It affects the Windows Update Stack component and is related to improper link resolution before file access (CWE-59). 🔻 On April 14, researcher Elli Shlomo (CYBERDOM) published a […]

The cyberattack on Marks & Spencer (M&S) is linked to the notorious Scattered Spider group. Explore the severe…

### Summary The request to commence a site backup can be performed without authentication. Then these backups can also be downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create an archive and then download the archive without being authenticated. ### Details Create an installation using the instructions found in the docker folder of the repository, setup the site, and then send the request to create an archive, which you do not need to be authenticated for: ``` POST /?api/archives HTTP/1.1 Host: localhost:8085 action=startArchive&params%5Bsavefiles%5D=true&params%5Bsavedatabase%5D=true&callAsync=true ``` Then to retrieve it, make a simple `GET` request like to the correct URL: ``` http://localhost:8085/?api/archives/2025-04-12T14-34-01_archive.zip ``` A malicious attacker could simply fuzz this filename. ### PoC Here is a python script to fuzz this: ``` #!/usr/bin/env python3 import requests import argpars...

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur

This quarter, phishing attacks surged as the primary method for initial access. Learn how you can detect and prevent pre-ransomware attacks.

Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.

Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…

After hearing about ChatGPT o3 ability at geo-guessing we decided to run some tests and the tested AIs didn't fail to amaze us