3CX supply chain attack: What do we know?
Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software’s manufacturer is yet to confirm how the …
Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 76 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, …
BlackLotus UEFI bootkit disables Windows security mechanisms
ESET researchers have published the first analysis of a UEFI bootkit capable of circumventing UEFI Secure Boot, a critical platform security feature. The functionality of the …
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker …
Microsoft fixes exploited zero-day, revokes certificate used to sign malicious drivers (CVE-2022-44698)
It’s December 2022 Patch Tuesday, and Microsoft has delivered fixes for 50+ vulnerabilities, including a Windows SmartScreen bypass flaw (CVE-2022-44698) exploited by …
Microsoft fixes many zero-days under attack
November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and …
Microsoft patches Windows flaw exploited in the wild (CVE-2022-41033)
October 2022 Patch Tuesday is here, with fixes for 85 CVE-numbered vulnerabilities, including CVE-2022-41033, a vulnerability in Windows COM+ Event System Service that has …
Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)
September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day (CVE-2022-37969) exploited by …
MiniTool Power Data Recovery 11.3 helps users with various data loss situations
MiniTool has released its data recovery software for Windows – MiniTool Power Data Recovery to version 11.3. The released version brings users brand-new data filtering …
Microsoft adds default protection against RDP brute-force attacks
“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at …
Beware of password-cracking software for PLCs and HMIs!
A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine …
Microsoft fixes Follina and 55 other CVEs
June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina (CVE-2022-30190), the Microsoft …
Featured news
Resources
Don't miss
- The AI safety conversation is focused on the wrong layer
- Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)
- GitHub-hosted malware campaign uses split payload to evade detection
- Measuring security performance in real-time, not once a quarter
- Attackers are handing off access in 22 seconds, Mandiant finds