Satya says NO: Redmond blames Windows users, rather than solve 30-year-old bug—exploited since 2017. The post Microsoft Won’t Fix This Bad Zero Day (Despite Wide Abuse) appeared first on Security Boulevard.
Category: Windows
APT37, APT43, china, Cybercrime, Cybersecurity, Evil Corp, Exploits, Global Security News, Government, India, Iran, Microsoft, microsoft windows, nation state threats, nation-state hackers, North Korea, pakistan, Ransomware, Research, Russia, Stanford University, Threats, trend micro, vulnerability, Windows, Zero Day Initiative, zero days
Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…
Blog, CVE-2025-24071, Emergency Response, Global Security News, Security Bloggers Network, Windows, Windows vulnerability
Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)
Overview Recently, NSFOCUS CERT detected that Microsoft released a security announcement and fixed the spoofing vulnerability of Windows File Explorer (CVE-2025-24071), with a CVSS score of 7.5. Due to the implicit trust and automatic file parsing behavior of .library-ms files by Windows Explorer, unauthenticated attackers can save files by constructing RAR/ZIP with an embedded malicious…
Blog, CVE-2025-21391, CVE-2025-21418, Emergency Response, Global Security News, Microsoft, Microsoft vulnerabilities, SBN News, Security Bloggers Network, Windows, Windows vulnerability
Microsoft Security Update Notification in February of High-Risk Vulnerabilities in Multiple Products
Overview On February 12, NSFOCUS CERT detected that Microsoft released a security update patch for February, which fixed 63 security issues involving widely used products such as Windows, Microsoft Office, Azure, Apps, and Microsoft Visual Studio, including high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed in Microsoft’s monthly update…
Apple, Automattic, Chrome, Cybersecurity, Global IT News, Global Security News, macOS, malware, Security, Windows, wordpress
Hackers are hijacking WordPress sites to push Windows and Mac malware
A cybersecurity company says hackers are pushing Mac and Windows malware through sites that are using outdated versions of WordPress. © 2024 TechCrunch. All rights reserved. For personal use only.
Apps, EDGE, Global IT News, Global Security News, Microsoft, scareware, Security, Windows
Microsoft tests ‘scareware blocker’ for Edge that uses computer vision to detect scams
Microsoft is rolling out a new tool dubbed “scareware blocker,” which uses machine learning and computer vision to identify a very pervasive type of online scam. “Scareware” has blighted the web almost since its inception, often in the form of fake antivirus software that claims to have detected a non-existent threat on a user’s machine.…
Android, browser extension, Global Security News, honey, iOS, Kagi, macOS, PayPal, Podcast, privacy, Smashing Security, Web Browsers, Windows
Smashing Security podcast #399: Honey in hot water, and reset your devices
Ever wonder how those “free” browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets. Plus, we take a look at…