Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication

CVE-2025-22230 is described as an “authentication bypass vulnerability” by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials. Continue reading Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication

Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.

The post Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day appeared first on CyberScoop.

Continue reading Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day

ClickFix: How to Infect Your PC in Three Easy Steps

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Continue reading ClickFix: How to Infect Your PC in Three Easy Steps

Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days

Microsoft’s March 2025 Patch Tuesday includes six actively exploited zero-day vulnerabilities. Learn about the critical vulnerabilities and why immediate updates are essential. Continue reading Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days

Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days

Microsoft’s March 2025 Patch Tuesday includes six actively exploited zero-day vulnerabilities. Learn about the critical vulnerabilities and why immediate updates are essential. Continue reading Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Kaspersky experts have discovered campaigns distributing stealers, malicious PowerShell scripts, and backdoors through web pages mimicking the DeepSeek and Grok websites. Continue reading Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool

Attackers blackmail YouTubers with complaints and account blocking threats, forcing them to distribute a miner disguised as a bypass tool. Continue reading Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool