-
A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A targeted cyber-espionage campaign exploiting Windows Scheduled Tasks and DLL side-loading to deploy the sophisticated ValleyRAT backdoor. The operation pivots on tailored spear-phishing emails, weaponized Windows shortcuts, and a persistent task sche…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has added a critical Microsoft Windows vulnerability to its Known Exploited Vulnerabilities catalog, warning organizations that threat actors are actively exploiting it in real-world attacks. Identified as CVE-2025-59230, the flaw stems from improper access control in the Windows Remote Access Connection Manager service. This local privilege escalation vulnerability allows an authorized user, such as […] The post CISA Warns Of Windows Improper Access Control Vulnerability Exploited In Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Two newly disclosed vulnerabilities in Microsoft’s BitLocker drive encryption feature could allow attackers to bypass encryption safeguards on Windows systems. Tracked as CVE-2025-55333 and CVE-2025-55338, these flaws involve incomplete comparison logi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to bypass security protections and access encrypted data. Released on October 14, 2025, as part of the latest Patch Tuesday updates, these flaws, tracked as CVE-2025-55338 and CVE-2025-55333, pose a significant risk to users relying on BitLocker for […] The post Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s latest security updates have triggered synchronization failures in Active Directory environments running on Windows Server 2025. The issue, confirmed on October 14, 2025, affects directory synchronization for large security groups, potentially halting critical identity management processes across enterprise networks. The problem stems from the September 2025 Windows security update, KB5065426, which targets OS Build […] The post Microsoft October 2025 Security Update Causes Active Directory Sync Issues on Windows Server 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered zero-day vulnerability in the Windows Agere Modem driver has been actively exploited by threat actors to elevate privileges on affected systems. Tracked as CVE-2025-24052 and CVE-2025-24990, these flaws allow a low-privileged user to…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity threats are rapidly evolving; even advanced operating systems like Windows 11 and Windows Server 2025 can have vulnerabilities due to legacy configurations. Horizon Secure highlighted a concerning feature: WDigest authentication, which can be enabled to cache plaintext passwords in memory, potentially exposing users to credential theft. Disabled by default since Windows 10 version 1703, […] The post Windows 11 And Server 2025 Will Start Caching Plaintext Credentials By Enabling WDigest Authentication appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to gain full administrator access. These issues were patched in the October 2025 cumulative update, but […] The post Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft officially ended support for Windows 10 on October 14, 2025, leaving millions of users worldwide facing critical security concerns. The decision marks the end of regular technical assistance, feature updates, and security patches for one of t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
