Ivanti fixes EPMM zero-days chained in code execution attacks

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. “Ivanti has released updates for Endpoint Manager Mobile (EPMM) which addresses one medium and one high severity vulnerability,” the company said. “When chained together, successful exploitation could lead to unauthenticated remote […]

Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws

Today is Microsoft’s May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also fixes six “Critical” vulnerabilities, five being remote code execution vulnerabilities and another an information disclosure bug. The number of bugs in each vulnerability category is listed below: […]

Windows 11 upgrade block lifted after Safe Exam Browser fix

Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues. Safe Exam Browser is an open-source software used by schools, professional certification bodies, and enterprises to transform computers into secure workstations during online exams, preventing cheating by restricting access to unauthorized […]

Hackers now testing ClickFix attacks against Linux targets

A new campaign employing ClickFix attacks has been spotted targeting both Windows and Linux systems using instructions that make infections on either operating system possible. ClickFix is a social engineering tactic where fake verification systems or application errors are used to trick website visitors into running console commands that install malware. These attacks have traditionally […]

Output Messenger flaw exploited as zero-day in espionage attacks

A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. Microsoft Threat Intelligence analysts who spotted these attacks also discovered the security flaw (CVE-2025-27920) in the LAN messaging application, a directory traversal vulnerability that can let authenticated attackers access sensitive files outside the intended directory […]

Moldova arrests suspect linked to DoppelPaymer ransomware attacks

Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. Police officers searched the suspect’s home and car on May 6, seizing an electronic wallet, €84,800, two laptops, a mobile phone, a tablet, six bank cards, and multiple data storage devices. The suspect remains in custody, while Moldovan […]

Bluetooth 6.1 enhances privacy with randomized RPA timing

The Bluetooth Special Interest Group (SIG) has announced Bluetooth Core Specification 6.1, bringing important improvements to the popular wireless communication protocol. One new feature highlighted in the latest release is the increased device privacy via randomized Resolvable Private Addresses (RPA) updates. “Randomizing the timing of address changes makes it much more difficult for third parties […]