Windows PowerShell now warns when running Invoke-WebRequest scripts

Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. As Microsoft explains, this mitigates a high-severity PowerShell remote code execution vulnerability (CVE-2025-54100), which primarily affects enterprise or IT-managed environments that use PowerShell scripts for automation, since PowerShell scripts are […]

Microsoft releases Windows 10 KB5071546 extended security update

Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’ Windows 10 KB5071546 updateSource: BleepingComputer As […]

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Today is Microsoft’s December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three “Critical” remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 28 Elevation of Privilege Vulnerabilities 19 Remote Code Execution Vulnerabilities 4 Information Disclosure Vulnerabilities […]

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. Threat actors can exploit the two security flaws tracked as CVE-2025-59718 (FortiOS, FortiProxy, FortiSwitchManager) and CVE-2025-59719 (FortiWeb) by abusing improper verification of cryptographic signature weaknesses in vulnerable products via a […]

Ransomware gangs turn to Shanya EXE packer to hide EDR killers

Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems. Packer services provide cybercriminals with specialized tools to package their payloads in a way that obfuscates malicious code to evade detection by most known security tools and antivirus engines. The Shanya packer […]

Malicious VSCode extensions on Microsoft’s registry drop infostealers

Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions. The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options. The two malicious extensions, called Bitcoin Black and Codo […]

FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024

A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. From thousands of Bank Secrecy Act filings, the report documents 4,194 ransomware incidents between January 2022 and December 2024. These reports […]