We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

zero-day

Microsoft’s New Update Deadline—550 Million Windows Users Must Act
Winsage
November 24, 2025

Microsoft’s New Update Deadline—550 Million Windows Users Must Act

Microsoft has phased out Windows 10, with a deadline of October 14 now passed, leaving approximately 550 million users navigating the transition to Windows 11 amidst rising cyber threats. Windows 10 usage has declined from 880 million in January. Microsoft offers an Extended Security Update (ESU) option for users needing more time to migrate, which provides security updates until October 13, 2026, for enrolled users. Business users have a three-year extended support period, while consumers have a 12-month grace period post-October if enrolled in ESU. The November update addressing zero-day threats is only available to ESU enrollees. There are no contingency plans for users who remain on Windows 10, and uncertainty exists regarding how many users have enrolled in ESU or have eligible devices for Windows 11 upgrades. Users must act before next October to purchase new PCs if needed.
Ditching Antivirus: Why One Tech Writer’s PC Got Safer Without It
Tech Optimizer
November 24, 2025

Ditching Antivirus: Why One Tech Writer’s PC Got Safer Without It

A writer from MakeUseOf uninstalled all third-party antivirus programs from his Windows PC and found that the system performed better and appeared more secure with Microsoft’s built-in Windows Defender. The experiment highlighted Defender's effectiveness, showing fewer false positives, improved performance, and no noticeable decline in protection. Independent tests ranked Defender highly in real-world protection, and it achieved perfect scores in recent AV-TEST evaluations. The removal of third-party antivirus software led to a significant decrease in CPU and RAM usage, with idle consumption dropping from 15-20% to under 5%. Despite 121 million Americans still using third-party tools, there is growing consideration for Defender due to its free and efficient nature. While Defender excels in many areas, experts caution that it may not fully protect against zero-day vulnerabilities, and layered defenses are still recommended. The antivirus market may face disruption as integrated protection becomes more common, and user feedback indicates a preference for free alternatives that match or exceed the performance of paid solutions.
Fortinet admits it found another worrying zero-day being exploited in attacks
Tech Optimizer
November 20, 2025

Fortinet admits it found another worrying zero-day being exploited in attacks

Fortinet has released a critical patch for a high-severity vulnerability, CVE-2025-58034, in its FortiWeb web application firewall (WAF), which is actively being exploited with around 2,000 recorded attack attempts. The vulnerable FortiWeb versions include 7.0.0 to 7.0.11, 7.2.0 to 7.2.11, 7.4.0 to 7.4.10, 7.6.0 to 7.6.5, and 8.0.0 to 8.0.1. This vulnerability enables OS command injection attacks, posing significant risks to organizations. FortiWeb is designed to filter malicious traffic for websites and APIs. Historical exploitation of similar vulnerabilities has been linked to cyber-espionage and ransomware incidents, including an attack by the Chinese state-sponsored group Volt Typhoon against a Dutch Ministry of Defence network in February 2025.
Bad News For Microsoft Windows 10 Users — Another Security Update Fail
Winsage
November 16, 2025

Bad News For Microsoft Windows 10 Users — Another Security Update Fail

Users of Windows 10 are facing challenges due to a bot attack threat and a critical zero-day vulnerability, necessitating immediate updates for Windows 10, 11, and Server users. Microsoft has confirmed that some users enrolled in the Extended Security Updates (ESU) program are experiencing difficulties installing the November 2025 security update, KB5068781, resulting in the error code “0x800f0922 (CBSEINSTALLERS_FAILED).” This issue primarily affects business users with corporate licenses activated via Windows subscription activation through the Microsoft 365 Admin Center. There are currently no known workarounds, and Microsoft is investigating the problem.
All Microsoft Windows Users Warned As New Bot Attacks Confirmed
Winsage
November 14, 2025

All Microsoft Windows Users Warned As New Bot Attacks Confirmed

A t-shirt states, "It gets worse before it gets worse," reflecting the current situation for Microsoft users facing a zero-day vulnerability in Windows. Cybersecurity researchers report a resurgence of DanaBot, a trojan previously thought diminished after Operation Endgame, which resulted in the arrest of 16 individuals and the seizure of millions in stolen cryptocurrency. DanaBot is now operating under version 669, utilizing a new infrastructure and employing malicious emails and malvertising campaigns for attacks. Experts advise Microsoft Windows users to enhance security measures with advanced monitoring and detection systems while remaining vigilant against phishing and malvertising threats.
Be thankful: November’s Patch Tuesday has just one zero-day
Winsage
November 14, 2025

Be thankful: November’s Patch Tuesday has just one zero-day

The Readiness team analyzes updates monthly, providing testing guidance based on Microsoft patches. The November release includes updates for network infrastructure, remote connectivity, and wireless components, requiring careful testing despite no high-risk flags. Key areas for testing remote connections include validating packet transmission over IPv4 and IPv6, transferring large files over IPv6, testing web browsing and workflows with Microsoft Teams and Skype, and verifying Remote Desktop connections. The updates significantly impact application communication capabilities, necessitating dedicated validation for IPv6 alongside IPv4 operations.
Hackers hijacked antivirus features to install malware - here's what we know
Tech Optimizer
November 12, 2025

Hackers hijacked antivirus features to install malware – here’s what we know

A critical vulnerability identified as CVE-2025-12480 was found in the remote file sharing platform Triofox, characterized by improper access control that allowed zero-day exploitation. Security experts from Google’s Mandiant revealed that Triofox's antivirus feature was compromised, enabling unauthorized access to setup pages post-installation. The UNC6485 threat group exploited this vulnerability using tools like Zoho Assist, AnyDesk, and SSH tunneling for remote access. A patch was released on July 26, and a newer version of Triofox was made available on October 14 to mitigate the risks, with users advised to update their systems.
New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway
Winsage
November 12, 2025

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway

Google has released an emergency update for Chrome users to address a critical security vulnerability. Microsoft has issued a warning about a zero-day vulnerability in the Windows Kernel, identified as CVE-2025-62215, which is actively exploited by attackers to gain system privileges. This vulnerability is a privilege escalation flaw that requires an attacker to exploit a race condition. It affects nearly all assets running Microsoft software and can potentially allow remote code execution without needing an existing foothold. The root causes are linked to improper synchronization and double free issues, leading to kernel heap corruption and the ability for attackers to hijack system execution flow. Users are advised to update their systems immediately.
Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack
Winsage
November 12, 2025

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

On November 12, 2025, Microsoft released patches for 63 vulnerabilities, including four classified as Critical and 59 as Important. Notably, CVE-2025-62215, a privilege escalation flaw in the Windows Kernel with a CVSS score of 7.0, is actively exploited. This vulnerability allows an authorized attacker to elevate privileges locally through a race condition. Additionally, Microsoft patched two heap-based buffer overflow vulnerabilities (CVE-2025-60724 and CVE-2025-62220) with CVSS scores of 9.8 and 8.8, respectively, which could lead to remote code execution. Another significant vulnerability is CVE-2025-60704, a privilege escalation flaw in Windows Kerberos with a CVSS score of 7.5, enabling attackers to impersonate users and control a domain. Other vendors, including Adobe, Amazon Web Services, and Apple, also released security updates addressing various vulnerabilities.
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws
Winsage
November 12, 2025

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws

Microsoft's November 2025 Patch Tuesday addresses a total of 63 vulnerabilities, including one actively exploited zero-day flaw (CVE-2025-62215) related to Windows Kernel Elevation of Privilege. The updates include four vulnerabilities classified as "Critical," with two for remote code execution, one for elevation of privileges, and one for information disclosure. The breakdown of vulnerabilities is as follows: - 29 Elevation of Privilege Vulnerabilities - 2 Security Feature Bypass Vulnerabilities - 16 Remote Code Execution Vulnerabilities - 11 Information Disclosure Vulnerabilities - 3 Denial of Service Vulnerabilities - 2 Spoofing Vulnerabilities This Patch Tuesday marks the first extended security update (ESU) for Windows 10, and users are encouraged to upgrade to Windows 11 or enroll in the ESU program. Microsoft has also released an out-of-band update to assist with enrollment issues. Other companies, including Adobe, Cisco, and Google, have also issued security updates in November 2025.
Search