Windows Archives

Vulnerabilities

Newly Patched Windows Zero-Day Exploited for Two Years

Microsoft on Tuesday patched a zero-day vulnerability in the Windows Win32 kernel that has been exploited since March 2023.

Ionut Arghire6 days ago

Vulnerabilities

New Windows Zero-Day Exploited by Chinese APT: Security Firm

ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda.

Eduard KovacsFebruary 14, 2025

Vulnerabilities

Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability

Proof-of-concept (PoC) code was published for CVE-2024-49113, a denial-of-service (DoS) vulnerability in Windows LDAP.

Ionut ArghireJanuary 3, 2025

Vulnerabilities

CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities

CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild.

Eduard KovacsDecember 17, 2024

Nation-State

Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets

The Russia-linked RomCom APT has been observed chaining two zero-days in Firefox and Windows for backdoor delivery.

Ionut ArghireNovember 27, 2024

Vulnerabilities

Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them.

Ionut ArghireNovember 14, 2024

Vulnerabilities

More Details Shared on Windows Downgrade Attacks After Microsoft Rolls Out Mitigations

Microsoft has rolled out mitigations for recently disclosed downgrade attacks targeting the Windows Update process.

Ionut ArghireOctober 28, 2024

Endpoint Security

Microsoft’s Take on Kernel Access and Safe Deployment Following CrowdStrike Incident

SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices.

Kevin TownsendOctober 10, 2024

Incident Response

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes

CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the July BSOD incident.

Ryan NaraineSeptember 24, 2024

Vulnerabilities

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day

Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024.

Ionut ArghireSeptember 16, 2024

Endpoint Security

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe.

Ryan NaraineSeptember 13, 2024

Vulnerabilities

Copy2Pwn Zero-Day Exploited to Bypass Windows Protections

ZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows.

Eduard KovacsAugust 16, 2024

SECURITYWEEK NETWORK:

ICS:

All posts tagged "Windows"

Vulnerabilities

Newly Patched Windows Zero-Day Exploited for Two Years

Vulnerabilities

New Windows Zero-Day Exploited by Chinese APT: Security Firm

Vulnerabilities

Exploit Code Published for Potentially Dangerous Windows LDAP Vulnerability

Vulnerabilities

CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities

Nation-State

Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets

Vulnerabilities

Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

Vulnerabilities

More Details Shared on Windows Downgrade Attacks After Microsoft Rolls Out Mitigations

Endpoint Security

Microsoft’s Take on Kernel Access and Safe Deployment Following CrowdStrike Incident

Incident Response

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes

Vulnerabilities

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day

Endpoint Security

Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel

Vulnerabilities

Copy2Pwn Zero-Day Exploited to Bypass Windows Protections

Featured

Funding/M&A

Google to Acquire Cloud Security Giant Wiz for $32 Billion in Cash

Artificial Intelligence

ChatGPT Vulnerability Exploited Against US Government Organizations

Artificial Intelligence

Nvidia Patches Vulnerabilities That Could Let Hackers Exploit AI Services

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

Ransomware

Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks

Ransomware

Medusa Ransomware Made 300 Critical Infrastructure Victims

ICS/OT

China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days

Latest News

Data Protection

HP Launches Printers with Quantum Resilient Cryptography

Uncategorized

AI Is Turbocharging Organized Crime, EU Police Agency Warns

Endpoint Security

Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover

Application Security

Google Releases Major Update for Open Source Vulnerability Scanner

Malware & Threats

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft

Threat Intelligence

New Cloudflare Service Provides Real-Time Threat Intelligence

Cybersecurity Funding

VulnCheck Raises $12 Million for Vulnerability Intelligence Platform

Daily Briefing Newsletter