We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

exploiting

Fake Minecraft Installer Spreads NjRat Spyware to Steal Data
AppWizard
August 13, 2025

Fake Minecraft Installer Spreads NjRat Spyware to Steal Data

Point Wild’s Lat61 Threat Intelligence Team has identified a new cyber threat targeting Minecraft fans, involving malware disguised as a Minecraft installer that steals personal data. This threat is associated with an unofficial browser-based Minecraft clone called Eaglercraft 1.12 Offline, commonly used in schools. The malware, a Remote Access Trojan (RAT) named NjRat, can capture keystrokes, access webcams and microphones, and establish a backdoor in the system by adding a hidden program called WindowsServices.exe to startup files. It can crash the system to avoid detection by security tools. The attack begins with a malicious file that, when executed, distracts the user with a fake game while downloading harmful files in the background. The malware connects to a remote server in India, allowing attackers to control the infected computer and extract data. Users are advised to download Minecraft only from official sources and be cautious with third-party applications.
What Happened to the Messenger App Kik?
AppWizard
August 12, 2025

What Happened to the Messenger App Kik?

Kik was founded in 2009 by students from the University of Waterloo and launched in October 2010. The app gained popularity among teenagers, particularly for its anonymous registration process. At its peak, Kik had over 300 million users but became associated with issues like cyberbullying and grooming due to its anonymity. Attempts to implement age verification were largely ineffective. In 2016, Kik explored chatbots for business engagement but faced increasing competition. A blockchain-based cryptocurrency, Kin, was introduced in 2017 but did not revitalize the app. In October 2019, Kik's operations were announced to cease, and it has since existed as a “digital zombie,” with limited visibility and recent fluctuations in its availability on app stores. Kik is currently absent from Google’s Play Store, although the owner, Medialab, is working on a solution.
silver Android smartphone
Winsage
August 11, 2025

‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers

SafeBreach researchers have identified several vulnerabilities in Windows environments that could lead to denial of service (DoS) attacks. These include: 1. CVE-2025-26673: A flaw in the Netlogon service that allows remote crashes via crafted Remote Procedure Call (RPC) requests without authentication, potentially locking users out of domain resources until a reboot. 2. CVE-2025-49716: A vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) that enables remote attackers to destabilize the service through specially crafted Lightweight Directory Access Protocol (LDAP) queries, causing immediate DoS. 3. CVE-2025-49722: A DoS vulnerability in the Windows Print Spooler that can be triggered by malformed RPC requests, disrupting printing operations and system stability. Microsoft has addressed some vulnerabilities but has not yet resolved the three identified by SafeBreach, and there has been no response to inquiries about these issues. SafeBreach recommends organizations apply the latest patches, limit exposure of Domain Controller services, segment critical systems, and monitor for unusual LDAP or RPC traffic for early attack detection.
New 'Win-DoS' Zero-Click Vulnerabilities Turns Windows Servers/Endpoints, Domain Controllers Into DDoS Botnet
Winsage
August 11, 2025

New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Servers/Endpoints, Domain Controllers Into DDoS Botnet

Researchers Yair and Shahak Morag from SafeBreach Labs introduced a new category of denial-of-service (DoS) attacks called the “Win-DoS Epidemic” at DEF CON 33. They identified four new vulnerabilities in Windows DoS and one zero-click distributed denial-of-service (DDoS) flaw, classified as “uncontrolled resource consumption.” The vulnerabilities include: - CVE-2025-26673 (CVSS 7.5): High-severity DoS vulnerability in Windows LDAP. - CVE-2025-32724 (CVSS 7.5): High-severity DoS vulnerability in Windows LSASS. - CVE-2025-49716 (CVSS 7.5): High-severity DoS vulnerability in Windows Netlogon. - CVE-2025-49722 (CVSS 5.7): Medium-severity DoS vulnerability in Windows Print Spooler, requiring an authenticated attacker on an adjacent network. These vulnerabilities can incapacitate Windows endpoints or servers, including Domain Controllers (DCs), potentially allowing for the creation of a DDoS botnet. The researchers also discovered a DDoS technique called Win-DDoS that exploits a flaw in the Windows LDAP client’s referral process, enabling attackers to redirect DCs to a victim server for continuous redirection. This method can leverage public DCs globally, creating a large, untraceable DDoS botnet without specialized infrastructure. Additionally, the researchers examined the Remote Procedure Call (RPC) protocol and found three new zero-click, unauthenticated DoS vulnerabilities that can crash any Windows system. They also identified another DoS flaw exploitable by any authenticated user on the network. The researchers released tools named “Win-DoS Epidemic” to exploit these vulnerabilities, highlighting the need for organizations to reassess their security measures regarding internal systems and services like DCs.
Cyberattackers Leverage Trusted Drivers to Disable Antivirus Software and Bypass Security Protocols
Tech Optimizer
August 8, 2025

Cyberattackers Leverage Trusted Drivers to Disable Antivirus Software and Bypass Security Protocols

A cyberattack on a Brazilian enterprise involved the use of legitimate, digitally signed drivers to disable antivirus solutions and deploy MedusaLocker ransomware. The attackers executed a Bring Your Own Vulnerable Driver (BYOVD) attack by exploiting the ThrottleStop.sys driver, which has a critical vulnerability (CVE-2025-7771) allowing unauthorized memory access. They compromised an SMTP server using valid RDP credentials, extracted user credentials with Mimikatz, and moved laterally across the network. The attackers uploaded and executed an AV killer program and a renamed version of the driver, terminating antivirus processes to facilitate ransomware deployment. The malware targeted major antivirus vendors and employed kernel-level commands to eliminate security processes. Recommendations for defense include multi-factor authentication, hardening RDP access, and implementing layered security measures.
Hackers can bypass Microsoft Defender to install ransomware on PCs
Winsage
August 8, 2025

Hackers can bypass Microsoft Defender to install ransomware on PCs

A significant vulnerability in Microsoft Defender has been identified, allowing hackers to bypass the software and deploy Akira ransomware. This vulnerability exploits the legitimate driver rwdrv.sys, associated with the Intel CPU tuning tool ThrottleStop, granting cybercriminals kernel-level access to a target PC. Once access is obtained, hackers can introduce the driver hlpdrv.sys to manipulate the Windows Registry, disabling Microsoft Defender's protective measures. GuidePoint Security has noted that this method has been increasingly used in Akira ransomware attacks since July of this year. Users are advised to use reputable antivirus software and keep it updated to protect against such threats.
Hackers are abusing this Intel tool to disable Windows 11's built-in antivirus — don't fall for this
Tech Optimizer
August 7, 2025

Hackers are abusing this Intel tool to disable Windows 11’s built-in antivirus — don’t fall for this

The Akira ransomware has been using a legitimate Intel CPU tuning driver to disable Microsoft Defender, allowing hackers to gain kernel-level access to systems. This method, known as BYOVD (Bring Your Own Vulnerable Driver), involves exploiting signed drivers with known vulnerabilities for privilege escalation. Researchers found that the execution of the driver modifies Microsoft Defender's DisableAntiSpyware settings in the Windows Registry using regedit.exe. Guidepoint Security has responded by providing a YARA rule and indicators of compromise to help organizations defend against these attacks, emphasizing the need for vigilance and caution when downloading software.
Search