Fake CAPTCHAs Deliver Lumma Stealer Malware in Global Attack
A global malware campaign uses fake CAPTCHAs to deliver the Lumma Stealer, stealing passwords and sensitive data from various industries in countries including Argentina, Colombia, the U.S., and the Philippines, exploiting the Windows Run command to bypass browser defenses.
Fake CAPTCHAs Deliver Lumma Stealer Malware in Global Attack
A global malware campaign uses fake CAPTCHAs to deliver the Lumma Stealer, stealing passwords and sensitive data from various industries in countries including Argentina, Colombia, the U.S., and the Philippines, exploiting the Windows Run command to bypass browser defenses.
Progress
56% Bias Score
Critical Windows and Outlook Zero-Day Vulnerabilities Actively Exploited
Microsoft confirmed three actively exploited zero-day Windows vulnerabilities and a critical Outlook vulnerability (CVE-2025-21298), rated 9.8/10, exploitable via malicious RTF documents delivered through phishing emails; patches are available, with workarounds for those unable to patch immediately.
Critical Windows and Outlook Zero-Day Vulnerabilities Actively Exploited
Microsoft confirmed three actively exploited zero-day Windows vulnerabilities and a critical Outlook vulnerability (CVE-2025-21298), rated 9.8/10, exploitable via malicious RTF documents delivered through phishing emails; patches are available, with workarounds for those unable to patch immediately.
Progress
28% Bias Score
Earth Minotaur Threat Group Uses Novel Browser Downgrade Technique
The Earth Minotaur threat group uses the Moonshine exploit kit and DarkNimbus backdoor to target Android and Windows users, primarily impacting the Tibetan and Uyghur communities; the exploit kit downgrades web browsers to older, vulnerable versions.
Earth Minotaur Threat Group Uses Novel Browser Downgrade Technique
The Earth Minotaur threat group uses the Moonshine exploit kit and DarkNimbus backdoor to target Android and Windows users, primarily impacting the Tibetan and Uyghur communities; the exploit kit downgrades web browsers to older, vulnerable versions.
Progress
24% Bias Score
Windows Server 2025 Update Causes Blue Screen of Death
Microsoft's new Windows Server 2025 update is causing a blue screen of death for some users due to bugs in the software. Microsoft is working on a fix.
Windows Server 2025 Update Causes Blue Screen of Death
Microsoft's new Windows Server 2025 update is causing a blue screen of death for some users due to bugs in the software. Microsoft is working on a fix.
Progress
0% Bias Score
Critical BitLocker Vulnerability Exposes Unencrypted Data
A critical vulnerability (CVE-2025-21210) in Microsoft's BitLocker system allows attackers with physical access to recover unencrypted hibernation images containing sensitive data, such as passwords and credentials, from Windows devices; security experts advise immediate patching, especially for tho...
Critical BitLocker Vulnerability Exposes Unencrypted Data
A critical vulnerability (CVE-2025-21210) in Microsoft's BitLocker system allows attackers with physical access to recover unencrypted hibernation images containing sensitive data, such as passwords and credentials, from Windows devices; security experts advise immediate patching, especially for tho...
Progress
40% Bias Score
Critical Windows Kernel Vulnerability CVE-2024-35250 Requires Urgent Patching
CISA mandates remediation of the critical Windows Kernel vulnerability CVE-2024-35250 by January 6, 2025, impacting Windows 10 and Server 2008+, due to active exploitation despite a June 2024 Microsoft patch.
Critical Windows Kernel Vulnerability CVE-2024-35250 Requires Urgent Patching
CISA mandates remediation of the critical Windows Kernel vulnerability CVE-2024-35250 by January 6, 2025, impacting Windows 10 and Server 2008+, due to active exploitation despite a June 2024 Microsoft patch.
Progress
36% Bias Score
RomCom Zero-Click Exploit Targets Firefox and Windows
A Russia-aligned threat group, RomCom (Storm-0978), exploited two zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Firefox and Windows to install backdoors on systems primarily in Europe and North America, prompting immediate patching by vendors.
RomCom Zero-Click Exploit Targets Firefox and Windows
A Russia-aligned threat group, RomCom (Storm-0978), exploited two zero-day vulnerabilities (CVE-2024-9680 and CVE-2024-49039) in Firefox and Windows to install backdoors on systems primarily in Europe and North America, prompting immediate patching by vendors.
Progress
32% Bias Score