automate Archives

Winsage

June 18, 2025

XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users

A cyber espionage campaign attributed to the XDSpy threat actor has been discovered, exploiting a zero-day vulnerability in Windows shortcut files identified as “ZDI-CAN-25373.” This vulnerability allows attackers to conceal executed commands within specially crafted shortcut files. XDSpy has primarily targeted government entities in Eastern Europe and Russia since its activities became known in 2020. Researchers from HarfangLab found malicious LNK files exploiting this vulnerability in mid-March, revealing issues with how Windows parses LNK files. The infection begins with a ZIP archive containing a malicious LNK file, which triggers a complex Windows shell command to execute malicious components while displaying a decoy document. This command extracts and executes a first-stage malware called “ETDownloader,” which establishes persistence and downloads a second-stage payload known as “XDigo.” The XDigo implant, written in Go, collects sensitive information and employs encryption for data exfiltration. This campaign represents an evolution in XDSpy's tactics, combining zero-day exploitation with advanced multi-stage payloads.

Winsage

June 13, 2025

Announcing Windows 11 Insider Preview Build 26200.5651 (Dev Channel)

Windows 11 Insider Preview Build 26200.5651 (KB5060818) has been released to the Dev Channel, introducing new features and improvements. 1. New Agent in Settings: An AI-powered agent helps users find and adjust settings by understanding user intent and automating tasks. Currently available for Snapdragon-powered Copilot+ PCs, with support for AMD and Intel devices coming soon. English is the primary display language requirement. 2. Recall Export Experience for EEA: Windows Insiders in the European Economic Area can export Recall snapshots with a unique export code, which is encrypted and requires Windows Hello authentication. Users can reset Recall if the export code is lost. 3. Bigger Clock in Notification Center: A new option to display a larger clock with seconds in the notification center is being rolled out, which can be activated in Settings. 4. Recall Changes: Users can now reset Recall and its data, with a new maximum storage duration for snapshots set to 90 days by default. 5. Click to Do Enhancements: New actions allow users to send text or images to Microsoft 365 Copilot and communicate via Microsoft Teams directly from recognized email addresses. 6. File Explorer Updates: Dividers have been added to the context menu for improved organization. 7. Voice Access Language Support: Support for Chinese and Japanese languages has been reintroduced in voice access. 8. Windows Share Options: New sharing options for OneDrive files are available when right-clicking to share. 9. Settings Search Box: The search box in Settings has been repositioned for better usability. 10. Fixes: Various fixes have been implemented for Recall, File Explorer, Start Menu, Settings, and other areas. 11. Known Issues: Issues include inaccurate build version display post-PC reset, non-functional reset options, and problems with Xbox Controllers via Bluetooth. 12. Reminders: Updates are rolled out gradually, and features may evolve or be removed before final release.

Tech Optimizer

June 13, 2025

Databricks opens up agentic AI pipelines, fills in Postgres-powered Lakebase

Databricks has introduced advancements at its user conference, focusing on agentic AI pipelines and a Postgres-powered Lakebase. The Lakebase streamlines data management and analytics by combining PostgreSQL with Databricks' data lake architecture. The agentic AI pipelines automate data workflows, allowing organizations to gain AI-driven insights with minimal manual intervention. Key features include automated workflows that reduce processing time, enhanced data management through a familiar relational database experience, and the ability to extract actionable insights using advanced AI capabilities.

Winsage

June 12, 2025

Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges

A critical security vulnerability, designated as CVE-2025-33067, has been identified in the Windows Task Scheduler, allowing attackers to escalate privileges to SYSTEM level access without prior administrative rights. This vulnerability is rated as "Important" with a CVSS score of 8.4 and is due to improper privilege management within the Windows Kernel’s task scheduling component. It affects multiple Windows versions, including Windows 10 (Versions 1607, 1809, 21H2, 22H2), Windows 11 (22H2, 23H2, 24H2), and Windows Server 2016-2025. Microsoft released security updates on June 10, 2025, to address this flaw across 27 different Windows configurations. The vulnerability requires local system access, no prior privileges, and no user interaction, making it particularly dangerous. Security researcher Alexander Pudwill discovered and disclosed the vulnerability.

Winsage

June 12, 2025

Microsoft Patched Windows Server 2025 Restart Bug that Disconnects AD Domain Controller

Microsoft has released a patch, KB5060842, on June 10, 2025, to address a vulnerability in Windows Server 2025 that affected Active Directory Domain Controllers' ability to manage network traffic after system restarts. This issue stemmed from the improper initialization of domain firewall profiles during startup, leading to service interruptions and authentication failures. The patch corrects the initialization sequence of these profiles, ensuring proper network traffic management post-restart. Organizations using Windows Server 2025 are advised to implement this update to maintain the reliability of their Active Directory services.

Winsage

June 11, 2025

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

On June 2025 Patch Tuesday, Microsoft released security updates for 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day vulnerability. The updates addressed ten "Critical" vulnerabilities, with eight being remote code execution vulnerabilities and two related to elevation of privileges. The breakdown of vulnerabilities includes 13 Elevation of Privilege, 3 Security Feature Bypass, 25 Remote Code Execution, 17 Information Disclosure, 6 Denial of Service, and 2 Spoofing vulnerabilities. The actively exploited zero-day vulnerability is CVE-2025-33053, a WebDAV Remote Code Execution vulnerability, while the publicly disclosed zero-day is CVE-2025-33073, a Windows SMB Client Elevation of Privilege vulnerability. Other companies also released updates in June 2025, including Adobe, Cisco, Fortinet, Google, HPE, Ivanti, Qualcomm, Roundcube, and SAP, addressing various vulnerabilities across their products.

Winsage

June 11, 2025

Microsoft warns of 66 flaws to fix for this Patch Tuesday

Microsoft has announced a significant update addressing 66 vulnerabilities, including a zero-day vulnerability disclosed on the same day. Ten critical patches have been identified, with two currently being exploited. Microsoft is also patching older platforms like Windows Server 2008 and Internet Explorer. One critical vulnerability, CVE-2025-33053, has been exploited by the Stealth Falcon hacking group since March, allowing remote code execution via the WebDAV extension. Another critical vulnerability, CVE-2025-5419, affects the Chromium V8 JavaScript engine in Microsoft Edge. CVE-2025-33073 is an escalation of privilege vulnerability in the Windows SMB Client, with a CVSS score of 8.8. Four critical vulnerabilities in Microsoft Office include CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953. Four critical remote code execution vulnerabilities include CVE-2025-47172, CVE-2025-29828, CVE-2025-32710, and CVE-2025-33071. Two elevation-of-privilege flaws are CVE-2025-47966 and CVE-2025-33070. Adobe has prioritized fixes for Adobe Commerce and Adobe's Experience Manager, addressing 254 CVEs. Adobe Acrobat users will receive ten fixes, including four critical ones. Fortinet has patched CVE-2023-42788 in FortiAnalyzer 7.4. SAP resolved 14 issues, with CVE-2025-42989 being the only critical patch, associated with the NetWeaver Application Server and a CVSS score of 9.6.

AppWizard

June 11, 2025

5 Minecraft Farms to Build Early

Players in Minecraft face challenges such as food shortages and resource scarcity during the early stages of survival. Early-game farms are essential for providing resources and improving gameplay. 1. A basic crop farm can be established by planting wheat, carrots, or potatoes on well-tilled soil with a water source and sunlight. Fencing can protect crops from mobs, and villagers can help automate the process. 2. An animal breeding pen can be created by attracting cows, sheep, and chickens using wheat or seeds. Each animal provides unique resources, and a breeding cycle of about five minutes allows for a steady food supply. 3. A sugar cane farm is important for crafting paper and trading with villagers. It can be set up along a riverbank or with irrigation ditches, and can be automated with observers and pistons. 4. An XP and mob drop farm can be built around a dungeon with a skeleton or zombie spawner. A funnel system using water flows and trap doors can direct mobs for XP farming and valuable drops. 5. An iron farm can be established near a village using three villagers, beds, workstations, and a zombie to spawn Iron Golems. A kill chamber can provide a consistent source of iron ingots.

Winsage

June 10, 2025

Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day

Microsoft addressed 66 vulnerabilities in a recent Patch Tuesday update, including a critical zero-day exploit, CVE-2025-33053, which has been exploited by the espionage group Stealth Falcon against a defense contractor in Turkey. Stealth Falcon has targeted high-profile government and defense entities in the Middle East and Africa since 2012. CISA has added CVE-2025-33053 to its catalog of known exploited vulnerabilities. The group employs innovative infection methods, including WebDAV and multi-stage loaders. Many organizations may be at risk due to inadequate security measures for WebDAV, with estimates suggesting up to 80% of organizations could be vulnerable. The update also includes another critical vulnerability, CVE-2025-47966, allowing unauthorized access to sensitive information in Power Automate, as well as 17 vulnerabilities affecting Microsoft Office products, with three likely to be exploited.

Winsage

June 10, 2025

APT Hackers Exploited WebDAV 0-Day RCE Vulnerability in the Wild to Deploy Malware

A cyberattack campaign by the advanced persistent threat group Stealth Falcon targeted a prominent Turkish defense company using a zero-day vulnerability identified as CVE-2025-33053. This vulnerability allowed attackers to manipulate the working directory of legitimate Windows tools to execute malware from their WebDAV servers. The attack was initiated through a spear-phishing email containing a malicious .url file that directed the system to a legitimate Internet Explorer utility, which was then exploited to execute malicious files. The attackers employed process hollowing to bypass traditional defenses. Stealth Falcon, also known as FruityArmor, has been conducting cyber espionage since at least 2012, targeting government and defense sectors in Turkey, Qatar, Egypt, and Yemen. The attack involved a multi-stage infection chain leading to the deployment of "Horus Agent," a custom implant designed for advanced reconnaissance and equipped with anti-analysis techniques. Researchers identified additional custom tools used by Stealth Falcon, including a DC Credential Dumper and a custom keylogger. The group utilizes repurposed legitimate domains to blend their infrastructure with legitimate traffic, complicating detection efforts.