vulnerability Archives

Winsage

June 18, 2025

It’s time to update Asus Armoury Crate, folks—the latest vulnerability could allow hackers to compromise your Windows OS

A newly discovered vulnerability in Asus Armoury Crate, identified as CVE-2025-3464, has a severity rating of 8.4 out of 10 and allows hackers to gain low-level privileges on Windows systems. The affected versions of Armoury Crate range from V5.9.9.0 to V6.1.18.0. Researcher Marcin "Icewall" Noga from Cisco Talos highlighted this issue, prompting Asus to issue a product security advisory. Users are advised to verify their version of Armoury Crate and update to the latest version if necessary. No incidents of this exploit being actively used have been reported thus far. This is the second vulnerability found in an Asus utility within two months, following a separate issue with DriverHub reported in May.

Winsage

June 18, 2025

XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users

A cyber espionage campaign attributed to the XDSpy threat actor has been discovered, exploiting a zero-day vulnerability in Windows shortcut files identified as “ZDI-CAN-25373.” This vulnerability allows attackers to conceal executed commands within specially crafted shortcut files. XDSpy has primarily targeted government entities in Eastern Europe and Russia since its activities became known in 2020. Researchers from HarfangLab found malicious LNK files exploiting this vulnerability in mid-March, revealing issues with how Windows parses LNK files. The infection begins with a ZIP archive containing a malicious LNK file, which triggers a complex Windows shell command to execute malicious components while displaying a decoy document. This command extracts and executes a first-stage malware called “ETDownloader,” which establishes persistence and downloads a second-stage payload known as “XDigo.” The XDigo implant, written in Go, collects sensitive information and employs encryption for data exfiltration. This campaign represents an evolution in XDSpy's tactics, combining zero-day exploitation with advanced multi-stage payloads.

Winsage

June 18, 2025

XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users

The XDSpy threat actor is exploiting a Windows LNK zero-day vulnerability (ZDI-CAN-25373) to target governmental entities in Eastern Europe and Russia since March 2025. This campaign involves a multi-stage infection chain deploying the XDigo implant, developed in Go. Attackers use spearphishing emails with ZIP archives containing crafted LNK files that exploit the vulnerability. Upon execution, these files sideload a malicious C# .NET DLL named ETDownloader, which establishes persistence and retrieves the XDigo payload from specific domains. XDigo is a data collection implant capable of file scanning, clipboard capture, and screenshot acquisition, communicating with command-and-control servers. The campaign targets Belarusian governmental entities and employs advanced tactics, including anti-analysis checks and encryption for data exfiltration. Indicators of compromise include specific SHA-256 hashes for ZIP archives, LNK files, the ETDownloader, and XDigo malware, along with associated distribution and command-and-control domains.

Winsage

June 17, 2025

Microsoft has broken Windows Hello facial recognition — it no longer works in the dark

Windows Hello now requires a color camera in addition to infrared sensors for user sign-ins, which reduces its effectiveness in low-light conditions. This change was made to address a spoofing vulnerability and was implemented after an initial announcement in April. The updated system struggles in dark environments, raising concerns for users with darker skin tones, as low-light conditions can hinder facial recognition. Users can disable the color webcam to revert to using only IR sensors, but this disables video capabilities. Alternatives for sign-in include PIN, password, or fingerprint authentication.

Winsage

June 17, 2025

Microsoft fixes Surface Hub boot issues with emergency update

Microsoft released an emergency update (KB5063159) to address startup failures in certain Surface Hub v1 devices running Windows 10, specifically those encountering Secure Boot Violation errors after installing the June 2025 Windows security update (KB5060533). The issue was limited to Surface Hub v1 systems on Windows 10, version 22H2, and did not affect Surface Hub 2S and 3 devices. Microsoft paused the rollout of the KB5060533 update on June 11, 2025, to prevent further complications. Additionally, the June 2025 Patch Tuesday updates included security patches for 66 vulnerabilities, including critical ones that allowed remote code execution and privilege escalation.

Winsage

June 17, 2025

Microsoft Quietly Disabled Windows Hello Facial Recognition in the Dark

Microsoft has made an adjustment to Windows Hello Facial Recognition that affects its functionality in dimly lit environments due to a security vulnerability. This change, introduced in the April 2025 Patch Tuesday updates for Windows 11 and Windows 10, requires color cameras to detect a visible face for sign-in. The update addresses a Windows Hello Spoofing vulnerability that was being exploited. Previously, the feature could identify users in low-light conditions using near-infrared imaging technology. Users have reported a workaround by disabling the webcam in Device Manager, allowing IR sensors to authenticate in low light.

Winsage

June 16, 2025

Microsoft has disabled a ‘key feature’ to enhance Windows security – The Times of India

Microsoft updated the Windows Hello face unlock functionality in April, which now fails to operate in low-light environments due to a strategic decision aimed at addressing a spoofing vulnerability. Users of Surface Laptops have reported frustrations as they can no longer access their devices using facial recognition in dark rooms. The update requires color cameras to see a visible face when signing in. Researchers from Nanyang Technological University identified a vulnerability in the system that allowed unauthorized access, although Microsoft categorized it as "important" and stated the likelihood of exploitation remains low. A temporary workaround for users is to disable the webcam through Windows 11's Device Manager, but this renders the camera unusable for other applications.

Winsage

June 16, 2025

Windows Hello webcams have stopped working in the dark. I don’t care

Microsoft has updated its Windows Hello biometric recognition system to use both the standard optical webcam and the infrared depth camera for user authentication, addressing a potential spoofing vulnerability. Testing on three laptops (Surface Laptop 7th Edition, Asus ZenBook S 14, and MSI Prestige 16 AI Evo) showed that all devices successfully recognized the user in dim lighting conditions. However, some colleagues reported issues with facial recognition in similar low-light environments, indicating inconsistency across devices. Microsoft has included a numeric PIN option as a backup login method. The update is said to enhance security by requiring visible light for recognition, but its practical impact on user experience appears minimal.

Tech Optimizer

June 16, 2025

Why cybersecurity awareness and insider risk management are essential for SMBs

Small and medium-sized businesses (SMBs) are increasingly exposed to cyber threats, with human error being the leading cause of data breaches. Employees may click on malicious links, use weak passwords, or fall for phishing scams, highlighting the need for ongoing cybersecurity awareness training and insider risk management. Comprehensive training programs can help employees identify and mitigate threats, while modern cybersecurity platforms offer monitoring for exposed credentials on the dark web and provide real-time alerts for compromised information. These platforms also feature automated reporting, allowing business owners to track training completion and identify areas of risk. Educated and supported employees can become a strong defense against cyber threats, making investment in human-focused cybersecurity tools essential for SMBs to protect their reputation and financial health.

Winsage

June 16, 2025

Update Windows Now — Microsoft Confirms System Takeover Danger

CVE-2025-33073 is a Windows authentication relay attack vulnerability with a CVSS score of 8.8, indicating high severity. It allows attackers to gain SYSTEM privileges on affected systems. Currently, there is no evidence of active exploitation, but the public disclosure raises concerns. Exploitation involves executing a malicious script that makes the victim's machine connect to the attacker's system using SMB. Security researchers have described it as an authenticated remote command execution on machines that do not enforce SMB signing. Microsoft has released a fix as part of the June Patch Tuesday security updates to address this vulnerability.