We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Exploited Vulnerabilities

Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day
Winsage
June 10, 2025

Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day

Microsoft addressed 66 vulnerabilities in a recent Patch Tuesday update, including a critical zero-day exploit, CVE-2025-33053, which has been exploited by the espionage group Stealth Falcon against a defense contractor in Turkey. Stealth Falcon has targeted high-profile government and defense entities in the Middle East and Africa since 2012. CISA has added CVE-2025-33053 to its catalog of known exploited vulnerabilities. The group employs innovative infection methods, including WebDAV and multi-stage loaders. Many organizations may be at risk due to inadequate security measures for WebDAV, with estimates suggesting up to 80% of organizations could be vulnerable. The update also includes another critical vulnerability, CVE-2025-47966, allowing unauthorized access to sensitive information in Power Automate, as well as 17 vulnerabilities affecting Microsoft Office products, with three likely to be exploited.
silver Android smartphone
Winsage
May 14, 2025

Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days

Microsoft has addressed 72 vulnerabilities in a recent update, including five classified as zero-days. This is the eighth consecutive month that Microsoft has tackled zero-day vulnerabilities without any being categorized as critical at the time of disclosure. The identified zero-days include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709, with CVSS scores ranging from 7.5 to 7.8. Two of these vulnerabilities are related to the Windows Common Log File Driver System (CLFS), which has been frequently targeted for exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) has added all five zero-days to its Known Exploited Vulnerabilities (KEV) list. Experts suggest that some zero-day exploits may be linked to targeted espionage or financially motivated activities, including ransomware deployment. Additionally, Microsoft's update includes five critical vulnerabilities and 50 high-severity defects, with 18 vulnerabilities impacting Microsoft Office and three deemed “more likely” to be exploited. Eight vulnerabilities patched this month are considered “more likely” to be exploited, including two high-severity defects in Microsoft SharePoint Server.
Play ransomware affiliate leveraged zero-day to deploy malware
Winsage
May 7, 2025

Play ransomware affiliate leveraged zero-day to deploy malware

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, which has a CVSS score of 7.8 and is categorized as a "Use after free" vulnerability. This flaw allows an authorized attacker to elevate privileges locally and has been confirmed to be exploited in real-world attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities catalog in April. Microsoft addressed this vulnerability during its April Patch Tuesday security updates, acknowledging its exploitation in limited attacks targeting various sectors in the U.S. and Saudi Arabia. Researchers from Symantec reported that the Play ransomware gang used the CVE-2025-29824 exploit in an attack against a U.S. organization before the public disclosure and patching of the vulnerability. The attackers utilized the Grixba infostealer tool and initially exploited a public-facing Cisco ASA firewall to gain entry. They deployed tools to gather information, escalated privileges using the CVE-2025-29824 exploit, and executed malicious scripts to steal credentials. The exploit took advantage of race conditions in driver memory handling, allowing kernel access and manipulation of files. Before the patch was released, the exploit was reportedly used by multiple threat actors, and Microsoft linked it to other malware.
Microsoft’s Free Upgrade Offer For 500 Million Windows Users
Winsage
April 10, 2025

Microsoft’s Free Upgrade Offer For 500 Million Windows Users

Microsoft has announced that Windows 10 will reach its end-of-life date on October 14, leaving approximately 750 million users vulnerable without critical security updates unless they opt for paid support. Currently, 53% of users, or around 240 million, are still on Windows 10 and may lack the hardware for a free upgrade to Windows 11. A critical zero-day vulnerability, CVE-2025-29824, poses risks to Windows 10 users, and Microsoft has indicated that outdated versions will not receive necessary security patches. Recent updates to Windows 10 have caused issues, including the removal of certain features and bugs affecting Outlook Calendar and Office 2016 applications.
Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code
Winsage
March 26, 2025

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

Russian threat actors are exploiting a zero-day vulnerability in the Microsoft Management Console (MMC), identified as CVE-2025-26633, allowing them to bypass security features and execute harmful code. The hacking group Water Gamayun, also known as EncryptHub and Larva-208, is behind this campaign, using a weaponized version of the vulnerability called “MSC EvilTwin” to deploy various malicious payloads, including information stealers and backdoors. The vulnerability affects multiple Windows versions, particularly older systems like Windows Server 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-26633 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by April 1, 2025. Microsoft included this vulnerability in its March 2025 Patch Tuesday update. Recommended mitigations include applying security patches, restricting network access to MMC ports, and monitoring for unusual MMC activity.
Signal event: Why US and European officials rely on the messaging app
AppWizard
March 25, 2025

Signal event: Why US and European officials rely on the messaging app

A recent incident involved The Atlantic's editor-in-chief in a Signal chat among senior officials from the Trump administration discussing military actions in Yemen. Signal was chosen for its robust security features, including end-to-end encryption that prevents interception by intermediaries. Signal operates as an independent non-profit, unlike WhatsApp, which is owned by Meta. Its popularity is growing in political circles, with recommendations from both the European Commission and Parliament for secure communications. The guidelines noted an increase in threats to telecommunications infrastructure and recommended Signal when corporate tools are unavailable. A recent leak of U.S. national defense plans was due to human error, not Signal's encryption flaws.
Windows Shortcut Zero-Day Under Active Attack
Winsage
March 22, 2025

Windows Shortcut Zero-Day Under Active Attack

A zero-day vulnerability in Windows shortcut (.lnk) files has been exploited by state-sponsored hacking groups since 2017, allowing attackers to execute arbitrary code on compromised systems. Microsoft has classified this vulnerability as “not meeting the bar servicing,” meaning no security updates will be issued. Trend Micro tracks it as ZDI-CAN-25373 and has linked it to cyber-espionage campaigns involving 11 nation-state actors from countries like North Korea, Iran, Russia, and China. Nearly 1,000 malicious .lnk samples exploiting this flaw have been identified, with many more potentially undetected. Attackers often use phishing emails to deliver these malicious files, which can download additional malware, granting full control over the compromised machine. Organizations are advised to scan their systems and implement security measures against this vulnerability.
China, Russia, North Korea Hackers Exploit Windows Security Flaw
Winsage
March 20, 2025

China, Russia, North Korea Hackers Exploit Windows Security Flaw

Almost a dozen state-sponsored threat groups from nations including China, Russia, Iran, and North Korea are exploiting a security vulnerability in Microsoft Windows, identified as ZDI-CAN-25373, to conduct espionage and gather sensitive information. This vulnerability affects how Windows handles .lnk files, allowing attackers to execute hidden malicious commands. Since 2017, these groups have targeted government, military, and critical infrastructure organizations globally, with 11 state-sponsored groups identified, primarily focusing on espionage (70%) and financial motives (20%). North Korea accounts for 45.5% of the exploitation, with Iran and Russia at 18.2% each, and China at 18.1%. The United States has experienced the most attacks (343 incidents), followed by Canada (39), Russia (25), and South Korea (23). Despite being notified, Microsoft does not plan to issue a patch for this vulnerability, categorizing it as "low severity."
240 million Windows 10 users are vulnerable to six different hacker exploits
Winsage
March 14, 2025

240 million Windows 10 users are vulnerable to six different hacker exploits

Windows 10 users are urged to download the latest update due to critical fixes for six actively exploited vulnerabilities affecting up to 240 million individuals. The U.S. Cyber Defense Agency advises updating systems before April 1st or turning off computers as a precaution. The vulnerabilities include: - CVE-2025-24993: Buffer overflow exploit. - CVE-2025-24991: Access to data from a malicious virtual hard disk. - CVE-2025-24984: Exploit requiring physical access to log sensitive information. - CVE-2025-26633: Bypass flaw in Microsoft Management Console. - CVE-2025-24985: Privilege escalation flaw after mounting a VHD. - CVE-2025-24983: System-level exploit for gaining top privileges on the Windows Kernel Subsystem. Over 600 organizations have been affected by these vulnerabilities. Microsoft will cease security updates for Windows 10 on October 14th, 2025, and users are encouraged to transition to Windows 11. Currently, there is a 60/40 split between Windows 10 and 11 users, with only 2% switching monthly. Approximately 240 million users have PCs incompatible with Windows 11, potentially leading to 1.1 billion pounds of computing equipment being discarded. The slow migration poses risks to user data security.
CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild
Winsage
March 12, 2025

CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild

CISA has identified a critical vulnerability in Microsoft Windows Management Console (MMC), designated as CVE-2025-26633, which allows remote attackers to execute arbitrary code due to improper input sanitization. This vulnerability is included in CISA's Known Exploited Vulnerabilities catalog, and federal agencies must address it by April 2, 2025, as per Binding Operational Directive 22-01. Microsoft has released an out-of-band patch on March 10, 2025, to improve input validation in mmc.exe. Organizations are advised to prioritize patching, restrict MMC access, and monitor for exploitation.
Search