Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit
A pair of Microsoft bugs allow cyberattackers to bypass native Windows Internet download security, says former CERT CC researcher who…
Exploited Windows zero-day lets JavaScript files bypass security warnings
A new Windows zero-day allows threat actors to use malicious JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are…
Windows Mark of the Web bypass zero-day gets unofficial patch
A free unofficial patch has been released through the 0patch platform to address an actively exploited zero-day flaw in the…
New PsExec spinoff lets hackers bypass network security defenses
Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a…
CISA adds 7 vulnerabilities to list of bugs exploited by hackers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of bugs actively exploited by…
Windows 11 Smart App Control blocks files used to push malware
Smart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for…
Microsoft patches actively exploited Follina Windows zero-day
Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known…
New Windows Search zero-day added to Microsoft protocol nightmare
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by…
When Your Smart ID Card Reader Comes With Malware
Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to…