#windows

LevelBlue Labs reports AsyncRAT delivered through a fileless attack chain using ScreenConnect, enabling credential theft and persistence.

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems. According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures. CHILLYHELL is the name assigned to a malware

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to

Meet Buterat, a new backdoor malware spreading through phishing and trojanized downloads, giving attackers persistent access to enterprise and government networks.

Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and

Media streaming platform Plex has warned customers about a data breach, advising them to reset their password.

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

September Microsoft Patch Tuesday. A total of 103 vulnerabilities, 29 fewer than in August. Of these, 25 vulnerabilities were added between the August and September MSPT. So far, no vulnerabilities are known to be exploited in the wild. Two have public PoC exploits: 🔸 DoS – Newtonsoft.Json (CVE-2024-21907)🔸 EoP – Azure Networking (CVE-2025-54914) Notable among […]

Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerability: Server-Side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could expose the ThinServer service account NTLM hash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following versions of ThinManager, a thin client management software, are affected: ThinManager: Versions 13.0 through 14.0 3.2 VULNERABILITY OVERVIEW 3.2.1 SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918 A server-side request forgery security issue exists within Rockwell Automation ThinManager software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, thereby exposing the ThinServer service account NTLM hash. CVE-2025-9065 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.2 has been calculated; the CVSS vecto...