ALL POSTS

Key Findings Cybersecurity researchers at Microsoft Threat Intelligence have found that attackers are circulating fake gaming tools that install a remote access trojan (RAT) when users run the files. The campaign relies on trojanized executables distributed through browsers and chat platforms, convincing victims to download software such as Xeno.exe or RobloxPlayerBeta.exe, which appear legitimate at first glance. The initial file acts as a downloader that prepares the system

Key Findings Microsoft has disclosed details of a new version of the ClickFix social engineering tactic that uses DNS lookups to retrieve malware payloads. The attack tricks users into running commands through the Windows Run dialog that perform a DNS lookup to an external server controlled by the attackers. The DNS response is then executed as the second-stage payload, allowing the threat actors to reach infrastructure under their control and establish a new validation layer

Key Findings Microsoft released security updates to address 58 new vulnerabilities across Windows, Office, Azure, Edge, Exchange, Hyper-V, and other components. The update includes fixes for 6 zero-day vulnerabilities that are being actively exploited in the wild. 5 of the vulnerabilities were rated as "Critical" by Microsoft. Several vulnerabilities affect high-profile targets like GitHub Copilot, IDEs, and Azure cloud services. Background This month's Patch Tuesday from Mic

Key Findings: Microsoft warns that info-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments. Attackers are leveraging cross-platform languages like Python and abusing trusted platforms to distribute infostealer malware at scale. Background Since late 2025, Microsoft has observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix-style prompts and malicious DMG installers. These campaigns deploy macO

Key Findings Microsoft released its first security update for 2026, addressing 114 security flaws 8 vulnerabilities were rated Critical, and 106 were rated Important in severity The update includes 58 privilege escalation, 22 information disclosure, 21 remote code execution, and 5 spoofing flaws The update marks the third-largest January Patch Tuesday after January 2025 and January 2022 2 previously disclosed zero-day vulnerabilities were also addressed Background Microsoft r

Key Findings: A newly discovered vulnerability in the Windows Kernel, tracked as CVE-2025-62215, allows local privilege escalation. The flaw, present in all supported versions of Windows, enables a low-privileged user or process to elevate their permissions to gain SYSTEM-level access. Proof-of-concept (PoC) exploits have been publicly released, demonstrating the ability to achieve arbitrary code execution with SYSTEM privileges. The vulnerability is considered high-severity,