bypass Archives

AppWizard

April 9, 2025

Horrifying rape and incest game on Steam faces calls to be taken down

A game titled No Mercy, released by Zerat Games in March on Steam, has faced backlash for its disturbing content, which includes themes of sexual violence and misogyny. Although designated for users aged 18 and older, minors can easily bypass this restriction. The game was not submitted for review to any age rating frameworks, and its graphic content includes elements such as incest and non-consensual sexual encounters, with promotional materials featuring pornographic imagery. Technology Secretary Peter Kyle has condemned the game, urging tech companies to remove harmful content promptly. The situation has sparked calls for stricter regulations and oversight on platforms like Steam.

Winsage

April 9, 2025

Patch Tuesday fixes an exploited bug, but not for Windows 10

Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.

Winsage

April 9, 2025

Windows Common Log File System 0-Day Vulnerability Exploited in the Wild

A critical zero-day vulnerability in the Windows Common Log File System (CLFS) driver, identified as CVE-2025-29824, is actively exploited, allowing attackers to elevate privileges to SYSTEM level and compromise system integrity. This flaw arises from a use-after-free issue within the CLFS driver, enabling local attackers to execute malicious code. Microsoft is aware of the exploitation and is working on a security update, but no immediate patch is available. The vulnerability affects multiple versions of Windows 10, including x64-based and 32-bit systems, and can lead to privilege escalation, data breaches, operational disruption, and malware deployment. Microsoft has classified this vulnerability as "Important" and urges organizations to apply patches promptly once available.

Winsage

April 8, 2025

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

April 2025 Patch Tuesday introduced fixes for over 120 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS), allowing privilege escalation to SYSTEM on compromised Windows machines. Microsoft has patched 32 CLFS vulnerabilities since 2022, with six exploited in the wild. Updates for Windows 10 are not yet available. Other notable vulnerabilities include CVE-2025-26663 and CVE-2025-26670, both unauthenticated user-after-free vulnerabilities in Windows LDAP, and CVE-2025-27480 and CVE-2025-27482 in Windows Remote Desktop Services. None of these vulnerabilities have been patched for Windows 10 systems, but updates are forthcoming. Microsoft reversed its decision to discontinue driver update synchronization to WSUS servers, confirming that WSUS will continue to synchronize driver updates.

Winsage

April 8, 2025

Report: EncryptHub moonlighting in vulnerability research

A new threat actor named EncryptHub, or SkorikARI, has been recognized by Microsoft for identifying two significant security vulnerabilities in Windows: a high-severity bypass of the Windows Mark of the Web security feature (CVE-2025-24061) and a medium-severity spoofing issue in Windows File Explorer (CVE-2025-24071). EncryptHub, based in Romania and of Ukrainian origin, has a background in vishing and ransomware attacks and shifted to vulnerability research due to financial difficulties and the threat of imprisonment. The KrakenLabs report notes EncryptHub's skill in identifying vulnerabilities but warns that his creations are not foolproof, and users following basic security protocols are likely to remain safe.

Winsage

April 8, 2025

EncryptHub plays dual role as cybercriminal and Windows researcher

EncryptHub, a threat actor linked to intrusions at 618 organizations, reported two Windows zero-day vulnerabilities, CVE-2025-24061 and CVE-2025-24071, to Microsoft, which were resolved in March 2025. The vulnerabilities were reported by an individual named SkorikARI, who has been connected to EncryptHub after the threat actor exposed its login credentials. Researchers at Outpost24 identified this link through multiple pieces of evidence, including exfiltrated password files and a GitHub login associated with SkorikARI. EncryptHub has a history of selling zero-days on hacking forums and has been involved in both freelance development and cybercriminal activities. Despite his expertise, the hacker fell victim to poor security practices, leading to the exposure of personal information and interactions with ChatGPT regarding malware development and self-assessment as a hacker.

Winsage

April 7, 2025

EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher

EncryptHub has been linked to breaches affecting 618 organizations and is associated with the disclosure of two Windows zero-day vulnerabilities, CVE-2025-24061 and CVE-2025-24071, to Microsoft. The vulnerabilities were addressed during the March 2025 Patch Tuesday updates, and the reporter was acknowledged as 'SkorikARI with SkorikARI.' Investigations revealed a connection between EncryptHub and SkorikARI, following an incident where EncryptHub exposed their credentials. SkorikARI's accounts were used to report the vulnerabilities, contributing to Windows security. Evidence linking SkorikARI to EncryptHub includes password files exfiltrated from EncryptHub's system and a GitHub account associated with SkorikARI. EncryptHub has previously attempted to market zero-day vulnerabilities on underground forums and is believed to have affiliations with ransomware groups. The threat actor has executed social engineering campaigns, phishing attacks, and developed a custom infostealer known as Fickle Stealer. They created fictitious social media profiles and websites, such as a fake project management application called GartoriSpace, which installed malicious files on unsuspecting users. EncryptHub has also been implicated in exploiting a Microsoft Management Console vulnerability, CVE-2025-26633.

Tech Optimizer

April 7, 2025

Sakura RAT Released on GitHub Can Bypass Antivirus and EDR Tools

Sakura RAT is a newly developed remote administration tool available on GitHub, designed for use by malware analysts and security researchers. It features capabilities such as hidden browsing, hidden virtual network computing (HVNC), fileless execution, multi-session control, and anti-detection mechanisms to evade antivirus and endpoint detection systems. While marketed for research purposes, its open availability raises concerns about potential misuse by cybercriminals for activities like data exfiltration and ransomware deployment. Cybersecurity experts are advocating for the removal of the repository from GitHub and calling for improved detection systems to combat the risks posed by such advanced tools.

Winsage

April 4, 2025

4 reasons you should embrace virtual machines instead of jumping straight to dual-booting

Operating multiple systems on a single machine, particularly Windows and Linux, can be achieved through dual-booting or using a virtual machine (VM). Dual-booting can lead to complications, such as Windows obstructing access to Linux and overwriting Linux's boot manager. In contrast, VMs allow users to run multiple operating systems concurrently without rebooting, making them more flexible and user-friendly. VMs facilitate the management of separate environments for different tasks and can be easily deleted and recreated if needed. They also provide enhanced security by operating in a sandboxed environment, reducing the risk of damage to the primary system. VMs are portable, encapsulated in a single file for easy transfer between computers, and support snapshots for quick rollbacks.

Winsage

April 2, 2025

6 reasons why I think Microsoft should keep the ‘local account’ option in Windows 11

Microsoft has updated Windows 11 to make it more difficult for users to bypass internet and Microsoft account requirements during installation, specifically in builds 26120.3653 and 26200.5516. The "BypassNRO.cmd" script, which allowed the creation of local accounts without an internet connection, has been removed. Local accounts provide enhanced privacy by storing data locally, simplify the setup process without needing an internet connection, and allow unrestricted access to systems in offline environments. Users can choose meaningful folder names with local accounts, and they facilitate smoother Remote Desktop connections compared to Microsoft accounts. Although local accounts can still be created post-installation, there are concerns about their availability in future updates, especially for the Home edition.