![]() |
Description: Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China.
According to QiAnXin's RedDrip Team, the threat actor has been active since 2023 and has switched network
July 4th, 2025 (2 days ago)
|
![]() |
July 3rd, 2025 (3 days ago)
|
![]() |
Description: Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. [...]
July 3rd, 2025 (3 days ago)
|
![]() |
Description: Microsoft said it has spent years monitoring North Korea’s campaign to get its citizens hired in IT roles at U.S. companies and recently saw changes in how the campaign operates.
July 3rd, 2025 (3 days ago)
|
![]() |
Description: Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
July 3rd, 2025 (3 days ago)
|
![]() |
Description: Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. [...]
July 3rd, 2025 (3 days ago)
|
![]() |
Description: Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...]
July 3rd, 2025 (4 days ago)
|
![]() |
Description: Several Call of Duty: WWII players on PC are reporting being hacked mid-game via a Remote Code Execution (RCE) exploit, just days after the title was added to Microsoft’s Game Pass lineup. The reports suggest that attackers are able to remotely run code on victims’ machines during gameplay, raising serious concerns about the security of …
The post Call of Duty: WWII Game Pass Launch Stained by Reports of RCE Attacks appeared first on CyberInsider.
July 3rd, 2025 (4 days ago)
|
CVE-2025-34091 |
Description: A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the Chrome elevation service and distinguish between padding and MAC errors, enabling a padding oracle attack. This allows partial decryption of the SYSTEM-DPAPI layer and eventual recovery of the user-DPAPI encrypted cookie key, which is trivially decrypted by the attacker’s own context. This issue undermines the core purpose of AppBound Encryption by enabling low-privileged cookie theft through cryptographic misuse and verbose error feedback.
Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.
This behavior arises from a combination of Chrome’s AppBound implementation and the way Microsoft Windows DPAPI reports decryption failures via Event Logs. As such, the vulnerability relies on cryptographic behavior and error visibility in all supported versions of Windows.
CVSS: HIGH (8.8) EPSS Score: 0.0% SSVC Exploitation: poc
July 2nd, 2025 (4 days ago)
|
CVE-2025-49713 |
Description: Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.8) EPSS Score: 0.18%
July 2nd, 2025 (4 days ago)
|