Fake Voicemail Emails Installs UpCrypter Malware on Windows
FortiGuard Labs warns of a global phishing campaign that delivers UpCrypter malware, giving hackers complete control of infected…
Windows
Threat Actors Exploit Windows Scheduled Tasks for Stealthy Persistence Without Additional Tools
Threat actors continue to use Scheduled Tasks and other built-in Windows features to create persistence in the ever-changing world of cybersecurity threats, frequently avoiding the need of external tools or complex zero-day exploits. As of 2025, despit…
Microsoft Confirms August 2025 Patch Slows Down Windows 11 24H2 and Windows 10
Microsoft has acknowledged that the August 2025 security update—KB5063878—can cause significant performance degradation on both Windows 11, version 24H2, and supported Windows 10 releases. The company’s Windows release health dashboard confirms reports…
Hackers Steal Windows Secrets and Credentials Undetected by EDR Detection
A cybersecurity researcher has unveiled a sophisticated new method for extracting Windows credentials and secrets that successfully evades detection by most Endpoint Detection and Response (EDR) solutions currently deployed in enterprise environments. …
Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity
I successfully captured both user and root flags by exploiting a file upload vulnerability to gain a web shell, extracting database credentials from config.php, and cracking the user hash to reveal the password Jenni_Luvs_Magic23. Using these credentials, I accessed the web application, discovered an SSH migration hint, and leveraged a Kerberos ticket (f.frizzle.ccache) to gain SSH access and retrieve the user flag with type user.txt. For the root flag, I escalated privileges using M.SchoolBus and SharpGPOAbuse to manipulate SleepGPO, applied changes with gpupdate.exe /force, extracted credentials with secretdump, and used wmiexec to secure a root-level shell, ultimately reading the root flag with type root.txt.
#Cybersecurity #CTF #EthicalHacking #PenetrationTesting
The post Hack The Box: TheFrizz Machine Walkthrough – Medium Difficulity appeared first on Threatninja.net.
ClickFix Exploit Emerges: Microsoft Flags Cross-Platform Attacks Targeting Windows and macOS
Microsoft Threat Intelligence has spotlighted the escalating adoption of the ClickFix social engineering technique, a sophisticated method that manipulates users into executing malicious commands on their devices, bypassing traditional automated securi…
Windows Docker Desktop Vulnerability Allows Full Host Compromise
A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in D…
How to Fix Javascript Void 0 Error in Windows 11 Chrome, Firefox, IE
Key TakeawaysJavascript: void(0) error occurs when there is a problem with Javascript on your PC, making browsing difficult.To fix the error in Windows 11 browsers (Chrome, Firefox, IE), enable Javascript, reload webpages without cache, clear cookies a…
Microsoft Issues Emergency Patch for Windows Reset and Recovery Bug
Microsoft has released an emergency out-of-band security update to address a critical issue affecting Windows reset and recovery operations across multiple versions of the operating system. The patch, released on August 19, 2025, resolves problems that…
PipeMagic Malware Imitates ChatGPT App to Exploit Windows Vulnerability and Deploy Ransomware
The PipeMagic malware, which is credited to the financially motivated threat actor Storm-2460, is a remarkable illustration of how cyber dangers are always changing. It poses as the genuine open-source ChatGPT Desktop Application from GitHub. This soph…