Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2025-53797: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#Windows Routing and Remote Access Service (RRAS)#Security Vulnerability
CVE-2025-54095: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are none (PR:N). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an unauthorized attacker to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.

CVE-2025-54101: Windows SMB Client Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N), user interaction is required (UI:R), and privileges required are low (PR:L). What does that mean for this vulnerability?** Exploitation of this vulnerability requires an authorized attacker on the domain to wait for a user to initiate a connection to a malicious server that the attacker has set up prior to the user connecting.

'MostereRAT' Malware Blends In, Blocks Security Tools

A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems.

MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access

MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity…

Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews

North Korea’s Lazarus Group uses the ClickFix scam in fake crypto job interviews to deploy malware, steal data,…

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the

A week in security (September 1 – September 7)

A list of topics we covered in the week of September 1 to September 7 of 2025