Microsoft Rings in 2025 With Record Security Update

Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.

Follow Dark Reading:

January 15, 2025

LATEST SECURITY NEWS & COMMENTARY Microsoft Rings in 2025 With Record Security Update Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting. Apple Bug Allows Root Protections Bypass Without Physical Access Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels. Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication. As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms. FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malware Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups. New Startups Focus on Deepfakes, Data-in-Motion & Model Security In times of unprecedented change, innovative mindsets and attentiveness of startup culture make for a community everyone can leverage to understand the world and guard against its dangers. MORE NEWS / MORE COMMENTARY HOT TOPICS Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. The Shifting Landscape of Open Source Security By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security. Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar. The Path Toward Championing Diversity in Cybersecurity Education To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention. MORE PRODUCTS & RELEASES Grupo Bimbo Ventures Announces Investment in NanoLock Security CISA Releases the Cybersecurity Performance Goals Adoption Report K2 Secures Navy SeaPort Next Generation Contract MORE PRODUCTS & RELEASES EDITORS' CHOICE Microsoft Cracks Down on Malicious Copilot AI Use According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services. LATEST FROM THE EDGE New Docuseries Spotlights Hackers Who Shaped Cybersecurity "Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map. LATEST FROM DR TECHNOLOGY 1Password's Trelica Buy Part of Broader Shadow IT Play The acquisition accelerates 1Password's ongoing efforts to expand the role of the password manager with secure SaaS management. LATEST FROM DR GLOBAL India Readies Overhauled National Data Privacy Rules The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data — and recognizes a right to personal privacy. WEBINARS Tips on Managing Cloud Security in a Hybrid Environment Preventing Attackers From Wandering Through Your Enterprise Infrastructure View More Dark Reading Webinars >> WHITE PAPERS 4 Best Practices for Hybrid Security Policy Management Understanding Social Engineering Attacks and What To Do About Them From security alert to action: Accelerating incident response with automated investigations The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures Top 10 CI/CD Security Risks: The Technical Guide Frost Radar: Cloud Security Posture Management, 2024 6 Key Requirements of Multicloud Security View More White Papers >> FEATURED REPORTS Threat Hunting's Evolution: From On-Premises to the Cloud Building Blocks for Next-Gen Security Operations How Enterprises Assess Their Cyber-Risk View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2025 | TechTarget, Inc. | Privacy Statement | Terms & Conditions | Contact Us