We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

exploits

Microsoft Confirms Windows Is Under Attack — You Must Act Now
Winsage
May 14, 2025

Microsoft Confirms Windows Is Under Attack — You Must Act Now

Microsoft has confirmed multiple zero-day vulnerabilities being actively targeted by malicious actors. One significant vulnerability is CVE-2025-30397, a memory corruption flaw in the Windows scripting engine that affects all versions of Windows and allows code execution over the network. It has a CVSS score of 7.8 and is considered critical. Successful exploitation requires the target to use Edge in Internet Explorer Mode and for the user to click a malicious link. Other vulnerabilities include: - CVE-2025-32709: An elevation of privilege vulnerability in the Windows ancillary function driver for WinSock, affecting Windows Server 12 and later. - CVE-2025-32701 and CVE-2025-32706: Vulnerabilities in the Windows Common Log File Driver System that could allow local attackers to gain system privileges, affecting all versions of Windows. - CVE-2025-30400: An elevation of privilege vulnerability in the Windows desktop window manager, affecting Windows 10, Server 2016, and later OS versions. Windows users are urged to update their systems with the latest security patches immediately.
Best Antivirus Software (2025): ESET Recognized as Top Cybersecurity Solution by Software Experts
Tech Optimizer
May 14, 2025

Best Antivirus Software (2025): ESET Recognized as Top Cybersecurity Solution by Software Experts

ESET is recognized as a leading antivirus provider in 2025, known for its robust security solutions that effectively combat rising cyber threats such as phishing, ransomware, and zero-day exploits. The company's offerings include heuristic and behavioral detection, ransomware and phishing protection, exploit blocker technology, and low resource usage, ensuring minimal impact on system performance. ESET provides various products for home users, including ESET HOME Security Essential, Premium, and Ultimate, as well as a Small Business Security package for up to 25 devices and scalable solutions for larger organizations. Pricing for home products starts at .99/year, with multi-device and multi-year discounts available. ESET operates in over 200 countries, utilizing a global network for real-time threat intelligence and maintaining a commitment to effective digital security since its establishment in 1992.
Marbled Dust leverages zero-day in Output Messenger for regional espionage
AppWizard
May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.
silver Android smartphone
Winsage
May 14, 2025

Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days

Microsoft has addressed 72 vulnerabilities in a recent update, including five classified as zero-days. This is the eighth consecutive month that Microsoft has tackled zero-day vulnerabilities without any being categorized as critical at the time of disclosure. The identified zero-days include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709, with CVSS scores ranging from 7.5 to 7.8. Two of these vulnerabilities are related to the Windows Common Log File Driver System (CLFS), which has been frequently targeted for exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) has added all five zero-days to its Known Exploited Vulnerabilities (KEV) list. Experts suggest that some zero-day exploits may be linked to targeted espionage or financially motivated activities, including ransomware deployment. Additionally, Microsoft's update includes five critical vulnerabilities and 50 high-severity defects, with 18 vulnerabilities impacting Microsoft Office and three deemed “more likely” to be exploited. Eight vulnerabilities patched this month are considered “more likely” to be exploited, including two high-severity defects in Microsoft SharePoint Server.
These dangerous Android apps are installed 2.5 million times each month
AppWizard
May 9, 2025

These dangerous Android apps are installed 2.5 million times each month

Kaleidoscope is an ad-fraud attack targeting Android users by exploiting legitimate applications on the Google Play Store and offering malicious duplicates through third-party app stores. Approximately 2.5 million devices are affected monthly, with 20% of incidents occurring in India, and other impacted regions include Indonesia, the Philippines, and Brazil. Users unknowingly download legitimate-looking apps while malicious versions circulate elsewhere, leading to intrusive advertisements that disrupt user experience and generate revenue for cybercriminals. Google has removed flagged titles from the Play Store and is enhancing protections, but ad resellers often fail to properly vet their inventory. The adware causes device overheating, rapid battery drain, and sluggish performance, highlighting the need for user vigilance.
Windows 0-Day Vulnerability Exploited in Wild to Deploy Play ransomware
Winsage
May 8, 2025

Windows 0-Day Vulnerability Exploited in Wild to Deploy Play ransomware

Threat actors associated with the Play ransomware operation exploited a zero-day vulnerability in Microsoft Windows, identified as CVE-2025-29824, before a patch was released on April 8, 2025. This vulnerability affects the Windows Common Log File System (CLFS) driver, allowing attackers to elevate their privileges to full system access. The Play ransomware group targeted an unnamed organization in the United States, likely gaining initial access through a public-facing Cisco Adaptive Security Appliance (ASA). During this intrusion, no ransomware payload was deployed; instead, the attackers used a custom information-stealing tool named Grixba. Microsoft attributed this activity to the threat group Storm-2460, known for deploying PipeMagic malware. The exploitation affected various sectors, including IT, real estate in the U.S., finance in Venezuela, software in Spain, and retail in Saudi Arabia. The vulnerability received a CVSS score of 7.8 and was addressed in Microsoft's April 2025 Patch Tuesday updates. The attack involved creating files in the path C:ProgramDataSkyPDF, injecting a DLL into the winlogon.exe process, extracting credentials from LSASS memory, creating new administrator users, and establishing persistence. The Play ransomware group has been active since June 2022 and employs double-extortion tactics. Organizations are urged to apply the security updates released on April 8, 2025, especially for vulnerable Windows versions, while Windows 11 version 24H2 is not affected due to existing security mitigations.
Do Not Open This PDF On A Microsoft Windows PC
Winsage
May 4, 2025

Do Not Open This PDF On A Microsoft Windows PC

Microsoft has warned about the increasing use of PDF attachments in cyberattacks, particularly during the U.S. tax season. Attackers have been using PDFs with embedded links that redirect users to counterfeit pages, such as a fake DocuSign site. TrustWave SpiderLabs has identified a new campaign involving a fake payment SWIFT copy that leads to a malicious PDF containing obfuscated JavaScript, which downloads a script that conceals the RemcosRAT payload using steganography. This technique involves hiding links within images, making them difficult to detect. The latest attacks begin with phishing emails containing malicious PDFs that direct victims to harmful webpages, facilitating the delivery of RemcosRAT, a trojan that allows remote control of compromised systems. Users are advised to be cautious of emails labeled “SWIFT Copy” and to delete suspicious emails immediately.
Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code
Winsage
April 30, 2025

Unpatched Windows Shortcut Vulnerability Let Attackers Execute Remote Code

Security researcher Nafiez has discovered a vulnerability in Windows LNK files that allows remote code execution without user interaction. Microsoft has chosen not to address this issue, stating it does not meet their security servicing criteria. The vulnerability exploits specific components of LNK files, enabling attackers to create malicious shortcuts that initiate silent network connections when a user accesses a folder containing them. The exploit involves manipulating the HasArguments flag, EnvironmentVariableDataBlock, and embedding UNC paths. Microsoft defends its inaction by citing the Mark of the Web (MOTW) feature as adequate protection, despite concerns from security experts about its effectiveness. Previous vulnerabilities in LNK files have been addressed by Microsoft, and the availability of proof-of-concept code raises fears of potential exploitation by malicious actors.
Search