A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. “Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device,” Kaspersky said […]
GitGuardian’s State of Secrets Sprawl report for 2025 reveals the alarming scale of secrets exposure in modern software environments. Driving this is the rapid growth of non-human identities (NHIs), which have been outnumbering human users for years. We need to get ahead of it and prepare security measures and governance for these machine identities as […]
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. “The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve […]
Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in severity. Forty-nine of these vulnerabilities are classified […]
Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity – CVE-2025-24446 (CVSS score: 9.1) – An improper input […]
Chris Goettl, CLFS, Common Log File System, CVE-2025-26671, CVE-2025-27480, CVE-2025-27482, CVE-2025-29824, Ivanti, Krebs, Latest Warnings, Microsoft, News, Satnam Narang, Security, Security Tools, The Coming Storm, Time to Patch, Windows, Windows Remote Desktop Services
Patch Tuesday, April 2025 Edition
08
Apr
Apr
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users. The zero-day […]
08
Apr
Apr
Learn how Google DeepMind and Google Cloud are helping to bring a cinema classic to larger-than-life in Las Vegas.
Threat actors are abusing SourceForge to distribute fake Microsoft add-ins that install malware on victims’ computers to both mine and steal cryptocurrency. […]
08
Apr
Apr
Hello Windows Insiders, we are beginning to roll out an update for the Microsoft Copilot app on Windows via the Microsoft Store which introduces the following changes and improvements: File search: You can now find, open and ask questions about the contents of a file on your device from the Copilot on Windows app. You […]