Please turn on your JavaScript for this page to function normally.
Microsoft Recall
Microsoft delays Windows Recall rollout, more security testing needed

Microsoft is delaying the release of Recall, a controversial Windows 11 feature that will allow users to search their computer for specific content that has previously been …

PHP
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks …

Microsoft Recall
Windows Recall will be opt-in and the data more secure, Microsoft says

The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature …

Patch Tuesday
June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft

June 2024 Patch Tuesday is now live: Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) May 2024 Patch Tuesday was unusual because we had …

TotalRecall
TotalRecall shows how easily data collected by Windows Recall can be stolen

Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal …

Microsoft Recall
Windows’ new Recall feature: A privacy and security nightmare?

Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts …

BLint
BLint: Open-source tool to check the security properties of your executables

BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also …

printer
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print …

patch Tuesday
April 2024 Patch Tuesday forecast: New and old from Microsoft

April 2024 Patch Tuesday is now live: Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) This month, we have a new product preview …

Patch Tuesday
March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known …

malware
Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among …

email
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes

A threat actor specializing in establishing initial access to target organizations’ computer systems and networks is using booby-trapped email attachments to steal …

Don't miss

Cybersecurity news