Windows 10 KB5058379 update triggers BitLocker recovery on some devices

The Windows 10 KB5058379 cumulative update is triggering unexpected BitLocker recovery prompts on some devices afters it’s installed and the computer restarted. On May 13, Microsoft released the Windows 10 KB5058379 cumulative update as part of their May 2025 Patch Tuesday updates. This is a mandatory update as it contains security updates for vulnerabilities fixed by Microsoft, […]

Government webmail hacked via XSS bugs in global spy campaign

Hackers are running a worldwide cyberespionage campaign dubbed ‘RoundPress,’ leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. ESET researchers who uncovered the operation attribute it with medium confidence to the Russian state-sponsored hackers APT28 (aka “Fancy Bear” or “Sednit”). The campaign started in 2023 and continued with the […]

Google Chrome to block admin-level browser launches for better security

Google is rolling out a change to Chromium that “de-elevates” Google Chrome so it does not run as an administrator to increase security in Windows. Microsoft previously introduced a similar feature in 2019 to the Edge Browser. When users launched Edge with elevated permissions, a warning would appear, recommending that they relaunch the browser without administrative […]

Ransomware gangs join ongoing SAP NetWeaver attacks

Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. SAP released emergency patches on April 24 to address this NetWeaver Visual Composer unauthenticated file upload security flaw (CVE-2025-31324), days after it was first tagged by cybersecurity company ReliaQuest as targeted […]

Australian Human Rights Commission leaks docs to search engines

The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. Many of the hundreds of documents exposed online contained private, sensitive information, like names, contact information, health details, schooling, religion, employment info, and photographs. AHRC is an independent statutory body established by the […]

Microsoft fixes Linux boot issues on dual-boot Windows systems

Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. The list of affected systems includes those running client (Windows 10 and Windows 11) and server (Windows Server 2012 and later) OS versions. This issue is triggered by a Secure Boot Advanced Targeting (SBAT) […]

SAP patches second zero-day flaw exploited in recent attacks

SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. The company issued security updates for this security flaw (CVE-2025-42999) on Monday, May 12, saying it was discovered while investigating zero-day attacks involving another unauthenticated file upload flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual […]

North Korea ramps up cyberspying in Ukraine to assess war risk

The state-backed North Korean threat group Konni (Opal Sleet, TA406) was observed targeting Ukrainian government entities in intelligence collection operations. The attackers use phishing emails that impersonate think tanks, referencing important political events or military developments to lure their targets. Proofpoint researchers who discovered the activity in February 2025 suggest that it’s likely an effort […]