Collaborate Disseminate
Trend Micro researchers flagging problems with Nvidia’s patch for a critical, code execution vulnerability in the Nvidia Container Toolkit.
The post Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed appeared first on SecurityW… Continue reading Trend Micro Flags Incomplete Nvidia Patch That Leaves AI Containers Exposed
April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common… Continue reading Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub)
The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek.
Continue reading Russian Ransomware Gang Exploited Windows Zero-Day Before Patch
Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.
The post Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day appeared first on CyberScoop.
Continue reading Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative … Continue reading APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)
China-linked cyberespionage toolkits are popping up in ransomware attacks, forcing defenders to rethink how they combat state-backed hackers.
The post Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines appeared first on Security… Continue reading Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and backdoor-injecting malware targeting Mac users. It… Continue reading The XCSSET info-stealing malware is back, targeting macOS users and devs
February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vu… Continue reading Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-… Continue reading Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The expl… Continue reading Microsoft fixes actively exploited Windows Hyper-V zero-day flaws