We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

zero-day

How Often Should You Update Your Antivirus Software?
Tech Optimizer
July 21, 2025

How Often Should You Update Your Antivirus Software?

Antivirus software protects devices from various digital threats, including viruses, Trojans, ransomware, and spyware. According to the 2025 Antivirus Statistics and Consumer Report, 75% of users believe their antivirus software effectively safeguards their devices. The effectiveness of antivirus software depends on the last update, as neglecting updates leaves devices vulnerable to emerging threats. Frequent updates are necessary because hackers continuously develop new malware. Failing to update antivirus software increases the risk of hacking and can degrade device performance. It is recommended to check for updates daily, perform manual checks weekly, and expect major updates every 3 to 6 months. Free antivirus software may offer limited protection and fewer updates, requiring users to be proactive in checking for updates.
Google fixes another Chrome security flaw being actively exploited
Tech Optimizer
July 11, 2025

Google fixes another Chrome security flaw being actively exploited

Google has addressed a critical vulnerability in its Chrome browser, identified as CVE-2025-6554, which is the fourth zero-day exploit uncovered this year. This high-severity flaw originates from a type confusion bug within Chrome's V8 JavaScript engine, allowing attackers to execute malicious code or access sensitive areas of a system. Google has rolled out an emergency update for Chrome users across Windows, Mac, and Linux platforms. The latest stable versions addressing this exploit are 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for Mac, and 138.0.7204.96 for Linux. Users are urged to update their browsers and verify they are running the most recent version. Additionally, it is recommended to install reliable antivirus software for enhanced protection against cyber threats.
Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws
Winsage
July 9, 2025

Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws

A series of vulnerabilities have been identified affecting AMD and Microsoft products, with several classified as critical. For AMD: - CVE-2025-36357: A critical transient scheduler attack in the L1 Data Queue. - CVE-2025-36350: A critical transient scheduler attack in the Store Queue. For Microsoft Office: - CVE-2025-49697: A critical remote code execution vulnerability. - CVE-2025-49695: A critical remote code execution vulnerability. - CVE-2025-49696: A critical remote code execution vulnerability. - CVE-2025-49702: A critical vulnerability requiring urgent remediation. Additional important vulnerabilities in Microsoft components include: - CVE-2025-47988: A remote code execution vulnerability in the Azure Monitor Agent. - CVE-2025-49690: An elevation of privilege vulnerability in the Capability Access Management Service. - CVE-2025-48816: An elevation of privilege vulnerability in the HID Class Driver. - CVE-2025-47178: A remote code execution vulnerability in Microsoft Configuration Manager. In the Windows ecosystem: - CVE-2025-49685: An elevation of privilege vulnerability in the Windows Search Component. - CVE-2025-49666: A remote code execution vulnerability in the Windows Kernel. - CVE-2025-49688: A remote code execution vulnerability in the Windows Routing and Remote Access Service.
Windows 10 KB5062554 cumulative update released with 13 changes, fixes
Winsage
July 9, 2025

Windows 10 KB5062554 cumulative update released with 13 changes, fixes

Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and 21H2, which includes thirteen new fixes and enhancements. This mandatory update addresses one critical zero-day vulnerability and 136 other flaws, and users can install it by checking for updates in the Windows Update settings. After installation, Windows 10 22H2 will be updated to build 19045.6093 and Windows 10 21H2 to build 19044.6093. The update features various fixes, including issues with the Start Menu, file server responsiveness, and USB-connected printers. A known issue with the update is that NOTO fonts may appear blurry at 96 DPI, particularly affecting CJK text in Chromium-based browsers, with a suggested workaround of adjusting display scaling to 125% or 150%.
Microsoft Confirms Windows 11 Update Causes Security Firewall Error
Winsage
July 6, 2025

Microsoft Confirms Windows 11 Update Causes Security Firewall Error

Microsoft Windows updates are essential for system security but can cause user challenges. A recent high-severity vulnerability, CVE-2025-33073, emphasizes the need for timely updates. Windows 11 users are experiencing a Firewall configuration error linked to the June 26 KB5060829 update, which has raised security concerns despite being a non-security update. Microsoft confirmed the error appears in the Event Viewer as "Config Read Failed" and occurs after each device restart, but it can be safely ignored and does not indicate a problem with Windows Firewall. The error is related to a feature under development, and Microsoft is working on a resolution for a future update.
Why Every File Demands Sanitization
Tech Optimizer
June 24, 2025

Why Every File Demands Sanitization

Zero Trust addresses the issue of misplaced trust in cybersecurity, particularly the assumption that files from known senders are safe. This assumption can lead to security breaches, as malware can be hidden in documents from internal employees, vendors, or customers. Familiar interactions often bypass essential security checks, creating vulnerabilities. Security tools may fail to detect modern threats, which can evade traditional defenses. Compromised accounts and infected devices can introduce risks regardless of the sender's identity. To mitigate these risks, Votiro's solution cleanses every file using Content Disarm and Reconstruction (CDR) technology, removing harmful elements while maintaining functionality. Votiro's approach ensures that file security does not disrupt business operations, providing a seamless and efficient solution for organizations.
silver Android smartphone
Winsage
June 18, 2025

XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users

A cyber espionage campaign attributed to the XDSpy threat actor has been discovered, exploiting a zero-day vulnerability in Windows shortcut files identified as “ZDI-CAN-25373.” This vulnerability allows attackers to conceal executed commands within specially crafted shortcut files. XDSpy has primarily targeted government entities in Eastern Europe and Russia since its activities became known in 2020. Researchers from HarfangLab found malicious LNK files exploiting this vulnerability in mid-March, revealing issues with how Windows parses LNK files. The infection begins with a ZIP archive containing a malicious LNK file, which triggers a complex Windows shell command to execute malicious components while displaying a decoy document. This command extracts and executes a first-stage malware called “ETDownloader,” which establishes persistence and downloads a second-stage payload known as “XDigo.” The XDigo implant, written in Go, collects sensitive information and employs encryption for data exfiltration. This campaign represents an evolution in XDSpy's tactics, combining zero-day exploitation with advanced multi-stage payloads.
XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users
Winsage
June 18, 2025

XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users

The XDSpy threat actor is exploiting a Windows LNK zero-day vulnerability (ZDI-CAN-25373) to target governmental entities in Eastern Europe and Russia since March 2025. This campaign involves a multi-stage infection chain deploying the XDigo implant, developed in Go. Attackers use spearphishing emails with ZIP archives containing crafted LNK files that exploit the vulnerability. Upon execution, these files sideload a malicious C# .NET DLL named ETDownloader, which establishes persistence and retrieves the XDigo payload from specific domains. XDigo is a data collection implant capable of file scanning, clipboard capture, and screenshot acquisition, communicating with command-and-control servers. The campaign targets Belarusian governmental entities and employs advanced tactics, including anti-analysis checks and encryption for data exfiltration. Indicators of compromise include specific SHA-256 hashes for ZIP archives, LNK files, the ETDownloader, and XDigo malware, along with associated distribution and command-and-control domains.
Microsoft fixes Surface Hub boot issues with emergency update
Winsage
June 17, 2025

Microsoft fixes Surface Hub boot issues with emergency update

Microsoft released an emergency update (KB5063159) to address startup failures in certain Surface Hub v1 devices running Windows 10, specifically those encountering Secure Boot Violation errors after installing the June 2025 Windows security update (KB5060533). The issue was limited to Surface Hub v1 systems on Windows 10, version 22H2, and did not affect Surface Hub 2S and 3 devices. Microsoft paused the rollout of the KB5060533 update on June 11, 2025, to prevent further complications. Additionally, the June 2025 Patch Tuesday updates included security patches for 66 vulnerabilities, including critical ones that allowed remote code execution and privilege escalation.
Search