VulnHub

Real-time Cybersecurity News

Articles tagged "Windows"

Found 6 articles

Microsoft: Security keys may prompt for PIN after recent updates

BleepingComputer

Microsoft has alerted users that FIDO2 security keys may require a PIN for sign-in following recent Windows updates since September 2025. This change could affect user experience and security practices, particularly for those relying on these security keys for authentication.

Impact: FIDO2 security keys, Windows operating system (updates since September 2025)
Remediation: Users should check for the latest Windows updates and follow any guidance provided by Microsoft regarding the use of FIDO2 security keys.
WindowsMicrosoftUpdate
Read Original
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

The Hacker News

Actively Exploited

A new cybersecurity campaign is utilizing fake Windows update pop-ups on adult websites to trick users into executing malicious commands. This method combines ClickFix lures with phishing tactics, posing a significant risk to users who visit these sites.

Impact: N/A
Remediation: Users should avoid clicking on suspicious pop-ups and ensure their antivirus software is up to date. Regularly updating the operating system and using ad blockers may also help mitigate the risk.
WindowsPhishingUpdateCriticalMalware
Read Original
Opto 22 groov View

All CISA Advisories

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

Impact: Affected products include: groov View Server for Windows (Versions R1.0a to R4.5d), GRV-EPIC-PR1 Firmware (Versions prior to 4.0.3), GRV-EPIC-PR2 Firmware (Versions prior to 4.0.3). Vendor: Opto 22.
Remediation: Opto 22 recommends upgrading to groov View Server for Windows Version R4.5e and GRV-EPIC Firmware Version 4.0.3. Additionally, CISA advises minimizing network exposure for control system devices, using firewalls, securing remote access with VPNs, and performing impact analysis and risk assessment before deploying defensive measures.
WindowsCVEVulnerabilityPatchUpdatePrivilege Escalation+1 more
Read Original
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

The Hacker News

Actively Exploited

The ShadowPad malware is exploiting a recently patched vulnerability in Microsoft Windows Server Update Services (WSUS), identified as CVE-2025-59287, allowing attackers to gain full system access. This exploitation highlights the critical need for organizations to promptly apply security updates to vulnerable systems to prevent unauthorized access.

Impact: Microsoft Windows Server Update Services (WSUS) on Windows Servers.
Remediation: Organizations should apply the latest security patches provided by Microsoft for CVE-2025-59287 to mitigate the vulnerability. Additionally, it is recommended to review and secure WSUS configurations and monitor for any unauthorized access attempts.
WindowsCVEMicrosoftVulnerabilityUpdateMalware+1 more
Read Original
IT threat evolution in Q3 2025. Non-mobile statistics

Securelist

The report highlights the evolving landscape of IT threats in Q3 2025, focusing on malware targeting Windows and macOS personal computers, as well as IoT devices. This indicates a growing severity of cyber threats that could have significant implications for users and organizations relying on these systems.

Impact: Windows personal computers, macOS personal computers, Internet of Things (IoT) devices
Remediation: N/A
WindowsmacOSMalware
Read Original