Microsoft Patch Tuesday for October 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for October 2025, addressing 175 Microsoft CVEs and 21 non-Microsoft CVEs. Among these, 17 vulnerabilities are considered critical and 11 are flagged as important and considered more likely to be exploited.
Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.”
Threat actor believed to be spreading new MedusaLocker variant since 2022
The malware, called "BabyLockerKZ," has primarily affected users in Europe and South America.
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities.
First Microsoft Patch Tuesday zero-day of 2024 disclosed as part of group of 75 vulnerabilities
Although considered of moderate risk, one of the vulnerabilities is being actively exploited in the wild — CVE-2024-21351, a security feature bypass vulnerability in Windows SmartScreen.
Attackers use JavaScript URLs, API forms and more to scam users in popular online game “Roblox”
Knowing the common scams is an important step in using the platform safely. The following recommendations help players not fall into scams.
Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild
Four of the disclosed vulnerabilities — albeit “important” ones — have been detected being exploited in the wild: CVE-2023-32046, CVE-2023-32049, CVE-2023-35311 and CVE-2023-36874.
New phishing-as-a-service tool “Greatness” already seen in the wild
Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.
Breaking the silence - Recent Truebot activity
Since August 2022, we have seen an increase in infections of Truebot (aka Silence.Downloader) malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial insti