zero-day vulnerability Archives

AppWizard

August 24, 2025

Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day

A study by Arizona State University and Citizen Lab found that three families of Android VPN apps, with over 700 million downloads, have significant security vulnerabilities. Apple has released a fix for a zero-day vulnerability (CVE-2025-43300) that was being exploited in targeted attacks. Researchers from the University of Melbourne and Imperial College London developed a method using lightweight large language models to improve incident response planning. The FBI and Cisco warned about a Russian threat group exploiting an old Cisco vulnerability (CVE-2018-0171) to compromise critical infrastructure. Fog Security researchers discovered a flaw in AWS’s Trusted Advisor tool that could mislead users about the security of their data. AI is now being used in security operations centers to reduce alert noise and assist analysts. U.S. federal prosecutors charged an individual linked to the Rapper Bot DDoS botnet. Nikoloz Kokhreidze discussed the strategic choice between hiring a fractional or full-time Chief Information Security Officer for B2B companies. Commvault patched four vulnerabilities that risked remote code execution. Jacob Ideskog highlighted security risks posed by AI agents. VX Underground released an exploit for two SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999). Healthcare organizations are preparing for new password security risks in 2025 that may threaten HIPAA compliance. Researchers identified a spear-phishing campaign using the Noodlophile infostealer. Financial institutions are increasingly using open-source intelligence tools to combat money laundering. Greg Bak discussed security risks for DevOps teams in the cloud. NIST released guidelines for detecting morph attacks. Organizations face six challenges in implementing machine learning and AI security. Recep Ozdag discussed vulnerabilities in airport and airline systems. Google introduced new AI and cloud security capabilities at the Cloud Security Summit 2025. Cybersecurity myths continue to complicate the security landscape. LudusHound is an open-source tool that replicates an Active Directory environment for testing. Buttercup is an AI-powered platform for automated vulnerability management in open-source software. The book "Data Engineering for Cybersecurity" addresses challenges in managing logs and telemetry data. A selection of current cybersecurity job openings has been compiled. A forthcoming webinar will discuss AI and SaaS security risks. The iStorage datAshur PRO+C is a USB-C flash drive with AES-XTS 256-bit hardware encryption. New infosec products were released by companies such as Doppel, Druva, LastPass, and StackHawk.

Winsage

August 19, 2025

Ransomware gang masking PipeMagic backdoor as ChatGPT desktop app: Microsoft

Microsoft has identified a sophisticated malware called PipeMagic, disguised as a ChatGPT desktop application, linked to the threat actor Storm-2460, who is preparing for ransomware attacks. This malware exploits a zero-day vulnerability (CVE-2025-29824) affecting the Windows Common Log File System Driver (CFLS), first disclosed in April. PipeMagic has targeted sectors such as information technology, financial, and real estate across the U.S., Europe, South America, and the Middle East. It emerged in 2022 during attacks on Asian entities and resurfaced in September 2024. Victims see a blank screen upon opening the malicious application, complicating detection. Hackers modified an open-source ChatGPT project to embed malicious code that activates the malware, allowing privilege escalation and ransomware deployment. Kaspersky reported that PipeMagic was used in a RansomExx ransomware campaign, and Symantec noted its exploitation by the Play ransomware group.

Winsage

August 15, 2025

Microsoft patches more than 100 Windows security flaws – update your PC now

Microsoft's August Patch Tuesday update addresses 107 vulnerabilities in Windows, including 13 critical ones. It affects all current versions of Windows, including Windows 10, Windows 11, and Windows Server. The update fixes security issues in components like File Explorer, Remote Desktop, and Hyper-V, as well as bugs in Microsoft Office, Edge, and Teams. Nine critical vulnerabilities involve remote code execution. One vulnerability, CVE-2025-53779, is a zero-day flaw in the Windows Kerberos authentication system that could grant domain administrator privileges if exploited. The update also introduces new features, including a revamped error screen called the Black Screen of Death and Quick Machine Recovery for troubleshooting boot failures. Users can check for the update in the Windows Update section of Settings.

Winsage

August 13, 2025

Microsoft Teams RCE Vulnerability Let Attackers Read, Write and Delete Messages

Microsoft has identified a critical remote code execution (RCE) vulnerability in its Teams software, designated as CVE-2025-53783, during the August 2025 Patch Tuesday updates. This heap-based buffer overflow vulnerability allows unauthorized attackers to manipulate user messages and data through network code execution. It has a CVSS 3.1 score of 7.5, categorized as “Important.” Exploitation requires user interaction, such as clicking a malicious link or opening a specially crafted file. Microsoft has issued a fix and recommends users implement the latest security updates. There have been no public disclosures or active exploitation of this vulnerability, and its likelihood of exploitation is assessed as “Less Likely.” The vulnerability is part of a broader update addressing 107 flaws, including a zero-day vulnerability in Windows Kerberos. Security experts advise organizations using Microsoft Teams to prioritize the August 2025 security updates due to the serious risk of data compromise.

Winsage

August 12, 2025

Windows 10 KB5063709 update fixes extended security updates enrollment

Microsoft has released the KB5063709 cumulative update for Windows 10 versions 22H2 and 21H2, addressing a critical bug that prevented users from enrolling in extended security updates. This mandatory update includes Microsoft's July 2025 Patch Tuesday security updates, resolving one zero-day vulnerability and 136 other flaws. After installation, Windows 10 version 22H2 will be upgraded to build 19045.6216, and version 21H2 will transition to build 19044.6216. Users can manually check for updates in Settings under Windows Update, and they can also download the update from the Microsoft Update Catalog. Key changes and fixes in the KB5063709 update include: - Fixed an issue affecting the Windows 10 Extended Security Updates enrollment wizard. - Updated enhancements to Country and Operator Settings Asset profiles. - Introduced the capability to deploy SKUSiPolicy VBS Anti-rollback protections via Secure Boot. - Fixed stability issues on certain devices following the May 2025 security update. - Fixed issues with the Microsoft Changjie Input Method, emoji panel search functionality, and phonetic input methods for Hindi and Marathi keyboards. Microsoft has confirmed there are no known issues associated with this update.

Tech Optimizer

August 4, 2025

Zero-Day Flaw in PostgreSQL Exploited to Target BeyondTrust Systems

A significant PostgreSQL vulnerability, CVE-2025–1094, was identified during the investigation of another vulnerability, CVE-2024–12356, which was exploited in the BeyondTrust breach in December 2024. The breach involved unauthorized access to BeyondTrust's systems and was linked to the state-sponsored hacking group Silk Typhoon from China. The U.S. Treasury Department confirmed its network was compromised through a stolen BeyondTrust API key. CVE-2025–1094 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands due to improper handling of invalid UTF-8 byte sequences. Rapid7 found that CVE-2024–12356's exploitation relied on CVE-2025–1094, and that CVE-2025–1094 could be exploited independently. BeyondTrust issued patches for these vulnerabilities, but the patch for CVE-2024–12356 did not directly address the underlying cause of CVE-2025–1094. The exploitation of these vulnerabilities underscores the need for timely patching and proactive security measures in organizations using PostgreSQL.

Winsage

July 9, 2025

Windows 10 KB5062554 cumulative update released with 13 changes, fixes

Microsoft has released the KB5062554 cumulative update for Windows 10 22H2 and 21H2, which includes thirteen new fixes and enhancements. This mandatory update addresses one critical zero-day vulnerability and 136 other flaws, and users can install it by checking for updates in the Windows Update settings. After installation, Windows 10 22H2 will be updated to build 19045.6093 and Windows 10 21H2 to build 19044.6093. The update features various fixes, including issues with the Start Menu, file server responsiveness, and USB-connected printers. A known issue with the update is that NOTO fonts may appear blurry at 96 DPI, particularly affecting CJK text in Chromium-based browsers, with a suggested workaround of adjusting display scaling to 125% or 150%.

Winsage

June 18, 2025

XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users

A cyber espionage campaign attributed to the XDSpy threat actor has been discovered, exploiting a zero-day vulnerability in Windows shortcut files identified as “ZDI-CAN-25373.” This vulnerability allows attackers to conceal executed commands within specially crafted shortcut files. XDSpy has primarily targeted government entities in Eastern Europe and Russia since its activities became known in 2020. Researchers from HarfangLab found malicious LNK files exploiting this vulnerability in mid-March, revealing issues with how Windows parses LNK files. The infection begins with a ZIP archive containing a malicious LNK file, which triggers a complex Windows shell command to execute malicious components while displaying a decoy document. This command extracts and executes a first-stage malware called “ETDownloader,” which establishes persistence and downloads a second-stage payload known as “XDigo.” The XDigo implant, written in Go, collects sensitive information and employs encryption for data exfiltration. This campaign represents an evolution in XDSpy's tactics, combining zero-day exploitation with advanced multi-stage payloads.

Winsage

June 18, 2025

XDSpy Threat Actors Exploit Windows LNK Zero-Day Vulnerability to Target Windows System Users

The XDSpy threat actor is exploiting a Windows LNK zero-day vulnerability (ZDI-CAN-25373) to target governmental entities in Eastern Europe and Russia since March 2025. This campaign involves a multi-stage infection chain deploying the XDigo implant, developed in Go. Attackers use spearphishing emails with ZIP archives containing crafted LNK files that exploit the vulnerability. Upon execution, these files sideload a malicious C# .NET DLL named ETDownloader, which establishes persistence and retrieves the XDigo payload from specific domains. XDigo is a data collection implant capable of file scanning, clipboard capture, and screenshot acquisition, communicating with command-and-control servers. The campaign targets Belarusian governmental entities and employs advanced tactics, including anti-analysis checks and encryption for data exfiltration. Indicators of compromise include specific SHA-256 hashes for ZIP archives, LNK files, the ETDownloader, and XDigo malware, along with associated distribution and command-and-control domains.

Winsage

June 12, 2025

Windows 11 24H2 emergency update fixes Easy Anti-Cheat BSOD issue

Microsoft released an emergency update, KB5063060, to address a compatibility issue causing unexpected restarts and blue screen of death (BSOD) errors on Windows 11 systems using Easy Anti-Cheat. This update follows the earlier cumulative update, KB5060842, which led to reports of system reboots linked to IRQLNOTLESSOREQUAL BSODs. The issues were confirmed to affect devices running Easy Anti-Cheat, which is used in popular games like Fortnite and Apex Legends. The update will install automatically for devices with Easy Anti-Cheat, and manual installation options are available for x64 and arm64 systems. Additionally, Microsoft implemented a compatibility hold for Windows 24H2 upgrades on Intel Alder Lake+ and vPro systems due to related blue screen issues. On the same day, Microsoft also released security updates addressing 66 vulnerabilities in Windows 11, including critical flaws in Windows SMB and WebDAV.