Tag Microsoft

⚡ Weekly Summary: Windows 0-Day, VPN Vulnerabilities, AI Weaponization, Hijacked Antivirus, and More

 
April 14, 2025
Threat Intelligence / Cybersecurity

Attackers are no longer waiting for patches; they are infiltrating systems before defenses are in place. Trusted security tools are being compromised to spread malware. Even after breaches are detected and addressed, some attackers remain undetected. This week’s incidents highlight a stark reality: reactive measures are insufficient. You must operate under the assumption that any system you trust today could fail tomorrow. In a landscape where AI can be weaponized against you and ransomware strikes faster than ever, effective protection requires proactive planning and maintaining control amidst chaos.

Dive into this week’s update for crucial threat developments, insightful webinars, practical tools, and immediate tips to enhance your cybersecurity posture.

Threat of the Week
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…

Weekly Cybersecurity Recap: Notable Threats and Developments April 14, 2025 In an alarming trend within the cybersecurity landscape, attackers are increasingly beating organizations to the punch, exploiting vulnerabilities before patches can be implemented. This week has underscored a crucial reality: the need for a proactive security posture is more critical…

Read More

⚡ Weekly Summary: Windows 0-Day, VPN Vulnerabilities, AI Weaponization, Hijacked Antivirus, and More

 
April 14, 2025
Threat Intelligence / Cybersecurity

Attackers are no longer waiting for patches; they are infiltrating systems before defenses are in place. Trusted security tools are being compromised to spread malware. Even after breaches are detected and addressed, some attackers remain undetected. This week’s incidents highlight a stark reality: reactive measures are insufficient. You must operate under the assumption that any system you trust today could fail tomorrow. In a landscape where AI can be weaponized against you and ransomware strikes faster than ever, effective protection requires proactive planning and maintaining control amidst chaos.

Dive into this week’s update for crucial threat developments, insightful webinars, practical tools, and immediate tips to enhance your cybersecurity posture.

Threat of the Week
Windows 0-Day Exploited for Ransomware Attacks — A security vulnerability concerning the Windows Common Log File System (CLFS) has been exploited as a zero-day in targeted ransomware attacks, as revealed by Microsoft. The flaw, identified as CVE-2025-29824, is a privilege escalation vulnerability…

Iranian Hackers Disguised as Ransomware Operators Executing Destructive Attacks

April 8, 2023
Cyber Warfare / Cyber Threats

The Iranian nation-state group MuddyWater has been implicated in conducting destructive operations on hybrid environments while masquerading as a ransomware campaign. According to new insights from the Microsoft Threat Intelligence team, these threat actors are targeting both on-premises and cloud infrastructures, often collaborating with a recently identified cluster known as DEV-1084. “Despite efforts to present their activities as a typical ransomware operation, the irreversible damage they inflict indicates that destruction and disruption were their primary objectives,” the company reported on Friday. MuddyWater is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been active at least since 2017, also recognized by various names in the cybersecurity field, including Boggy Serpens.

Iranian Hackers Launch Destructive Attacks Disguised as Ransomware Operations April 8, 2023 — Cyber Threats A notable development in the realm of cybersecurity has emerged, as the Iranian cyber group known as MuddyWater has been detected executing destructive attacks in hybrid environments while masquerading as a ransomware operation. Recent investigations…

Read More

Iranian Hackers Disguised as Ransomware Operators Executing Destructive Attacks

April 8, 2023
Cyber Warfare / Cyber Threats

The Iranian nation-state group MuddyWater has been implicated in conducting destructive operations on hybrid environments while masquerading as a ransomware campaign. According to new insights from the Microsoft Threat Intelligence team, these threat actors are targeting both on-premises and cloud infrastructures, often collaborating with a recently identified cluster known as DEV-1084. “Despite efforts to present their activities as a typical ransomware operation, the irreversible damage they inflict indicates that destruction and disruption were their primary objectives,” the company reported on Friday. MuddyWater is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been active at least since 2017, also recognized by various names in the cybersecurity field, including Boggy Serpens.

Virtru Resolves Patent Dispute with Microsoft over Encryption Technology

Data Security, Encryption & Key Management, Litigation Settlement Reached in Virtru’s Patent Infringement Case Against Microsoft’s Message Encryption Tool Michael Novinson (MichaelNovinson) • August 27, 2025 In a significant development, Virtru has settled a lawsuit against Microsoft that contested the alleged infringement of its patents related to data protection in…

Read MoreVirtru Resolves Patent Dispute with Microsoft over Encryption Technology

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

Microsoft Releases Critical Patches for 97 Vulnerabilities, Addressing Active Ransomware Threat On April 12, 2023, Microsoft introduced a substantial set of security updates aimed at rectifying a total of 97 vulnerabilities across its software ecosystem. Among these, one particular flaw is currently being exploited actively in ransomware operations. This month’s…

Read More

Urgent: Microsoft Releases Security Patches for 97 Vulnerabilities, Including Active Ransomware Threat

April 12, 2023
Patch Tuesday / Software Updates

On the second Tuesday of the month, Microsoft has issued security updates addressing a total of 97 vulnerabilities within its software. Notably, one of these flaws is currently being exploited in active ransomware attacks. Of the 97 issues, seven are classified as Critical and 90 as Important. The updates notably include 45 remote code execution flaws and 20 elevation of privilege vulnerabilities. This release follows previous fixes for 26 vulnerabilities found in the Edge browser over the past month. The actively exploited flaw is CVE-2023-28252 (CVSS score: 7.8), a privilege escalation vulnerability within the Windows Common Log File System (CLFS) Driver. According to Microsoft’s advisory, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” with credit given to researchers Boris Larin, Genwei Jiang, and Quan Jin for their discovery. CVE-2023-28252 represents the fourth privilege escalation flaw recently identified…

⚡ Weekly Update: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

📅 April 21, 2025
Cybersecurity / Hacking News

Can a seemingly harmless click trigger a major cyberattack? Surprisingly, yes. Last week’s events highlighted how hackers are adept at blending in with routine actions—whether it’s opening a file, initiating a project, or logging in normally. There are no loud alerts or glaring red flags; instead, attackers slip through unnoticed, exploiting minor weaknesses like misconfigured systems, trusted browser features, or recycled login credentials. These are not merely technical glitches—they reflect habits that are being exploited. Join us as we review the most significant developments from the week and their implications for your security.

⚡ Threat of the Week

Active Exploitation of Newly Patched Windows Vulnerability — A recently addressed security flaw affecting Windows NTLM has come under active attack, allowing malicious actors to leak NTLM hashes or user passwords since March 19, 2025. This vulnerability, identified as CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing issue that Microsoft corrected last month during its Patch Tuesday updates.

Weekly Cybersecurity Recap: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, and More April 21, 2025 Cybersecurity Updates Recent events in the cybersecurity landscape have underscored the fragility of digital safety, revealing that seemingly innocuous actions, such as clicking a link or opening a file, can precipitate serious cyberattacks. These incidents highlight…

Read More

⚡ Weekly Update: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More

📅 April 21, 2025
Cybersecurity / Hacking News

Can a seemingly harmless click trigger a major cyberattack? Surprisingly, yes. Last week’s events highlighted how hackers are adept at blending in with routine actions—whether it’s opening a file, initiating a project, or logging in normally. There are no loud alerts or glaring red flags; instead, attackers slip through unnoticed, exploiting minor weaknesses like misconfigured systems, trusted browser features, or recycled login credentials. These are not merely technical glitches—they reflect habits that are being exploited. Join us as we review the most significant developments from the week and their implications for your security.

⚡ Threat of the Week

Active Exploitation of Newly Patched Windows Vulnerability — A recently addressed security flaw affecting Windows NTLM has come under active attack, allowing malicious actors to leak NTLM hashes or user passwords since March 19, 2025. This vulnerability, identified as CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing issue that Microsoft corrected last month during its Patch Tuesday updates.

Microsoft Enhances MSA Signing Security with Azure Confidential VMs Post-Storm-0558 Breach

Apr 22, 2025
Identity Management / Cloud Security

Microsoft announced on Monday the migration of its Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and is currently in the process of transitioning the Entra ID signing service. This move follows updates made about seven months ago to Microsoft Entra ID and MS for both public and U.S. government clouds, enabling the generation, storage, and automatic rotation of access token signing keys using the Azure Managed Hardware Security Module (HSM) service. “These enhancements aim to mitigate the vulnerabilities we believe were exploited in the 2023 Storm-0558 attack,” stated Charlie Bell, Executive Vice President for Microsoft Security, in a pre-publication post shared with The Hacker News. Microsoft also highlighted that 90% of identity tokens from Microsoft Entra ID for its applications are validated by a robust identity Software Development Kit (SDK), with 92% of employee…

Microsoft Enhances MSA Signing Security with Azure Confidential VMs Post Storm-0558 Breach On April 22, 2025, Microsoft announced a significant upgrade to its Microsoft Account (MSA) signing service, relocating it to Azure confidential virtual machines (VMs). This move comes as part of a broader effort to enhance security measures following…

Read More

Microsoft Enhances MSA Signing Security with Azure Confidential VMs Post-Storm-0558 Breach

Apr 22, 2025
Identity Management / Cloud Security

Microsoft announced on Monday the migration of its Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and is currently in the process of transitioning the Entra ID signing service. This move follows updates made about seven months ago to Microsoft Entra ID and MS for both public and U.S. government clouds, enabling the generation, storage, and automatic rotation of access token signing keys using the Azure Managed Hardware Security Module (HSM) service. “These enhancements aim to mitigate the vulnerabilities we believe were exploited in the 2023 Storm-0558 attack,” stated Charlie Bell, Executive Vice President for Microsoft Security, in a pre-publication post shared with The Hacker News. Microsoft also highlighted that 90% of identity tokens from Microsoft Entra ID for its applications are validated by a robust identity Software Development Kit (SDK), with 92% of employee…

Microsoft OneDrive File Picker Vulnerability Allows Full Access to Cloud Storage When Uploading a Single File

May 28, 2025
Data Privacy / Vulnerability

Cybersecurity researchers have identified a serious security flaw in Microsoft’s OneDrive File Picker. If exploited, this vulnerability could enable websites to gain access to a user’s entire cloud storage, rather than just the files intended for upload. According to the Oasis Research Team’s report to The Hacker News, the issue arises from overly broad OAuth scopes and unclear consent screens that do not adequately communicate the level of access being granted. This flaw poses significant risks, including potential customer data leaks and violations of compliance regulations. Affected applications may include ChatGPT, Slack, Trello, and ClickUp, all of which integrate with Microsoft’s cloud service. The core of the problem lies in the excessive permissions required by the OneDrive File Picker, which requests read access to the entire drive, even when only a single file is selected for upload, due to a lack of fine-grained permission controls.

Security Flaw in Microsoft OneDrive File Picker Exposes Users to Potential Data Breaches May 28, 2025 Recent findings from cybersecurity researchers at the Oasis Research Team have unveiled a serious vulnerability within Microsoft’s OneDrive File Picker. This flaw enables websites to gain unrestricted access to users’ entire cloud storage, even…

Read More

Microsoft OneDrive File Picker Vulnerability Allows Full Access to Cloud Storage When Uploading a Single File

May 28, 2025
Data Privacy / Vulnerability

Cybersecurity researchers have identified a serious security flaw in Microsoft’s OneDrive File Picker. If exploited, this vulnerability could enable websites to gain access to a user’s entire cloud storage, rather than just the files intended for upload. According to the Oasis Research Team’s report to The Hacker News, the issue arises from overly broad OAuth scopes and unclear consent screens that do not adequately communicate the level of access being granted. This flaw poses significant risks, including potential customer data leaks and violations of compliance regulations. Affected applications may include ChatGPT, Slack, Trello, and ClickUp, all of which integrate with Microsoft’s cloud service. The core of the problem lies in the excessive permissions required by the OneDrive File Picker, which requests read access to the entire drive, even when only a single file is selected for upload, due to a lack of fine-grained permission controls.

Tonto Team Exploits Anti-Malware File to Attack South Korean Institutions

April 28, 2023
Malware / Cyber Threat

Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.

Emerging Cyber Attacks: Tonto Team Targets South Korean Institutions with Unusual Tactics April 28, 2023 In a notable escalation of cyber threats, South Korean institutions across several critical sectors—namely education, construction, diplomacy, and politics—are facing fresh attacks attributed to a China-aligned threat group known as the Tonto Team. A report…

Read More

Tonto Team Exploits Anti-Malware File to Attack South Korean Institutions

April 28, 2023
Malware / Cyber Threat

Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.