-
SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms. By polling world-writable directories such as %TEMP%, %APPDATA%, and %USERPROFILE%\Downloads, the tool intercepts installer‐dropped payloads before they execute with elevated privileges, enabling full SYSTEM […] The post SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Hacker House have released SetupHijack, a proof-of-concept tool that exploits race conditions and insecure file handling in Windows installers and updaters. The utility demonstrates how attackers can hijack privileged setup proc…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a recently observed campaign emerging from Israel, threat actors have revived the use of Windows shortcut (.LNK) files to deliver a potent Remote Access Trojan (RAT). These seemingly innocuous shortcut files exploit Living-off-the-Land Binaries (LOL…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are leveraging the legacy Windows error‐reporting utility WerFaultSecure.exe to extract the memory region of the Local Security Authority Subsystem Service (LSASS.EXE) and harvest cached credentials from fully patched Windows 11 24H2 systems. After gaining initial access to a host, adversaries frequently seek to dump LSASS memory to escalate privileges and move laterally across […] The post Hackers Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From LSASS on Windows 11 24H2 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s latest Windows 11 update is causing significant problems for users trying to play protected video content. The KB5064081 update, released on August 29, 2025, has disrupted video playback functionality across multiple applications, lea…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recent optional update for Windows 11 version 24H2 is causing significant video playback issues for users with certain media applications. Microsoft has confirmed that the update, released in late August, can prevent protected content from playing correctly on Blu-Ray, DVD, and some Digital TV software. The issue stems from the non-security preview update KB5064081, […] The post Windows 11 24H2 Update KB5064081 Breaks Video Content Playback appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
BlackLock, a rebranded ransomware group formerly known as El Dorado, has emerged as a formidable threat to organizations worldwide. First identified in June 2024 when its Dedicated Leak Site (DLS) began exposing victim data, the gang is believed to hav…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated attack technique called LNK Stomping is enabling cybercriminals to bypass Windows security protections designed to block malicious files downloaded from the internet. The technique exploits a vulnerability in Windows shortcuts…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security researcher has released a new tool that can temporarily disable endpoint detection and response (EDR) systems and antivirus software without requiring vulnerable drivers, marking a significant evolution in attack techniques targeting securit…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new proof-of-concept tool named EDR-Freeze has been developed, capable of placing Endpoint Detection and Response (EDR) and antivirus solutions into a suspended “coma” state. According to Zero Salarium, the technique leverages a built-in Windows function, offering a stealthier alternative to the increasingly popular Bring Your Own Vulnerable Driver (BYOVD) attacks used by threat actors […] The post New EDR-Freeze Tool That Puts EDRs and Antivirus Into A Coma State appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
