NewApp Digest
search bot

cyber threat

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
Winsage
January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Winsage
January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
Winsage
December 18, 2025

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A newly identified cyber threat cluster called LongNosedGoblin has been linked to cyber espionage attacks targeting governmental entities in Southeast Asia and Japan, with activities traced back to at least September 2023. The group uses Group Policy to spread malware and employs cloud services like Microsoft OneDrive and Google Drive for command and control. Key tools include NosyHistorian, NosyDoor, NosyStealer, NosyDownloader, and NosyLogger, which perform functions such as collecting browser history, executing commands, and logging keystrokes. ESET first detected LongNosedGoblin's activities in February 2024, identifying malware on a governmental system. The attacks showed a targeted approach, with specific tools affecting select victims. Additionally, a variant of NosyDoor was found targeting an organization in an EU country, indicating a possible connection to other China-aligned threat groups.
Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages
AppWizard
November 26, 2025

Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages

CISA has issued a warning about spyware targeting users of instant messaging applications, particularly highlighting the Sturnus trojan, which poses significant risks to Android smartphone users. Sturnus, identified as a banking trojan, can bypass encrypted messaging by capturing messages after they are decrypted on the smartphone screen, rather than cracking the encryption itself. Security expert Aditya Sood noted that Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication, complicating detection efforts. The trojan can read everything displayed on the smartphone screen in real time, including sensitive messages and contacts. CISA also identified tactics used by cyber threat actors, such as phishing, zero-click exploits, and impersonation to gain unauthorized access to messaging apps. Users are advised to keep Google’s Play Protect activated, avoid unauthorized app stores, and be cautious with accessibility permissions to protect against these threats.
maCERT Warns of Rapidly Spreading Spyware “Acreed”
Tech Optimizer
November 1, 2025

maCERT Warns of Rapidly Spreading Spyware “Acreed”

maCERT, the Moroccan national cybersecurity agency, has issued an alert about a new spyware toolkit called Acreed, which emerged in February 2025. Acreed has become one of the most prevalent information stealers on the dark web, accounting for approximately 17% of underground cyber activity. Its primary function is to infiltrate computers and extract sensitive information, which is then sold or exploited by hackers. Acreed spreads through deceptive emails, infected advertisements, and pirated software downloads. It collects data such as usernames, passwords, browser information, cryptocurrency wallet details, and session tokens for cloud services. The data is transmitted to remote servers controlled by cybercriminals. The risks associated with Acreed affect both individuals and business networks. Recommendations to mitigate the threat include keeping antivirus software updated, monitoring for suspicious activity, avoiding unofficial software downloads, and being cautious with unsolicited emails. Users who suspect infection are encouraged to report it to maCERT for assistance.
PC Matic Pricing and Review 2025
Tech Optimizer
October 31, 2025

PC Matic Pricing and Review 2025

PC Matic features a whitelisting security model and robust protection against fileless malware, which embeds in legitimate programs to evade detection. It offers various scanning options: full scan, quick scan, selective scan, and scheduled scans, with competitive scan durations. The software is compatible with multiple operating systems, including Windows, Mac, iOS, and Android, although the free version is limited to Windows. Automated updates monitor and install updates for all applications and drivers to enhance security. PC Matic includes a VPN service with AES-256 encryption and a no-logs policy, supporting up to 10 devices. Dark web monitoring alerts users to potential identity theft by scanning for personally identifiable information. It features ad blocking to filter intrusive ads and includes optimization tools like registry cleaning, junk file removal, and performance benchmarks, though these tools are only available for Windows devices.
MacPaw’s Moonlock app promises clutter-free security for your Mac
Tech Optimizer
October 28, 2025

MacPaw’s Moonlock app promises clutter-free security for your Mac

MacPaw has launched a new security application for macOS users called Moonlock, which includes real-time malware protection, a built-in VPN, and various security features designed to align with the macOS aesthetic. Moonlock operates quietly in the background, continuously scanning for malware and suspicious downloads, and offers a Smart Scan to identify system vulnerabilities. It also includes a Network Inspector to monitor data transmission and a Security Advisor for enhancing user security. Recent findings indicate that 66% of Mac users faced a cyber threat last year, with malware detections increasing by 20% in 2024. Moonlock is available for a competitive annual price with a seven-day free trial for new users.
Russian tech firm attacked by Chinese state hackers in allied attack
Tech Optimizer
October 17, 2025

Russian tech firm attacked by Chinese state hackers in allied attack

The Chinese APT group Jewelbug infiltrated a Russian IT provider undetected for five months. They have increased their activity, targeting Russian entities as well as interests in South America, South Asia, and Taiwan. Jewelbug used a disguised version of the Microsoft Console Debugger (CDB) to bypass security measures and exfiltrate data. They cleared Windows Event Logs to avoid detection and used Yandex Cloud for data exfiltration. Symantec's report indicates that Russian organizations are vulnerable to attacks from Chinese state-sponsored groups.
Pixnapping revives a 12-year-old browser trick to steal Android pixels
AppWizard
October 14, 2025

Pixnapping revives a 12-year-old browser trick to steal Android pixels

Security researchers have revived a 12-year-old browser attack, now adapted for Android devices, called "Pixnapping," which allows malicious applications to extract pixel data from other apps or websites. The attack involves a malicious app opening a target application, such as Google Authenticator, and using timing tricks to infer displayed content by measuring rendering times based on specific pixels. This attack has been successfully demonstrated on devices including Google Pixel 6, 7, 8, and 9, and Samsung Galaxy S25, all running Android versions 13 to 16. Pixnapping does not require special manifest permissions, complicating detection. It can extract sensitive information from apps like Google Maps, Signal, and Venmo, and capture two-factor authentication codes from Google Authenticator. The mechanism enabling this attack is likely present across a broader range of devices, but the research does not provide specific defenses against it.
Search