Microsoft’s July 2025 cumulative update KB5062553 for Windows 11 24H2 is breaking core shell features like the Start menu, taskbar, and Settings on some systems, especially in VDI and first-logon scenarios. This breakdown goes through what’s actually failing, why a XAML race condition sits at the center of it, and how admins can keep 24H2 from turning user desktops into black screens.
Between 2024 and 2025, China-linked APT31 conducted a stealthy espionage campaign targeting Russian IT contractors and government integrators. The group masked its command-and-control using legitimate cloud services such as Yandex Cloud and OneDrive, deployed loaders like CloudyLoader via DLL side-loading, and maintained long dwell times within compromised networks. This article decodes APT31’s tool-kit, tactics and persistence model, and offers detection and response guidance for defenders.
A WhatsApp API flaw allowed researchers to enumerate 3.5 billion accounts by abusing weak rate-limiting in the contact-discovery endpoint, exposing global phone-number mappings and public profile metadata that adversaries could weaponize for large-scale phishing, impersonation and SIM-swap attacks.
Two British teenagers have pleaded not guilty to serious Computer Misuse Act charges over a 2024 cyberattack on Transport for London, an intrusion that disrupted digital services, exposed customer data and allegedly cost the authority about £39 million. Their case now sits at the intersection of teen cybercrime, critical-infrastructure risk and the UK’s toughest penalties for hacking.
Set up Google Workspace the right way: one SPF with include:_spf.google.com, a 2048-bit DKIM key at google._domainkey, and a strict, report-ready DMARC policy with alignment. Start at p=none to discover stray senders, then ramp to quarantine and reject. Verification steps and copy-paste examples included.
Grafana Enterprise patched a critical CVSS 10.0 SCIM vulnerability, CVE-2025-41115, that allowed attackers to impersonate privileged users through numeric external IDs. Learn how the flaw worked, which versions were affected, and what steps security teams must take to secure Grafana deployments.
The Trump administration is reportedly considering licenses that would let Nvidia sell its H200 AI chips to China, reversing earlier restrictions that treated the GPU as too advanced for export. The debate pits Nvidia’s lost China revenue and a fragile tech truce against fresh smuggling indictments, the proposed CHIP Security Act and mounting fears that high-end AI hardware will accelerate China’s weapons and surveillance programmes.
A China-aligned threat group known as PlushDaemon runs a Chinese APT router hijacking campaign that implants EdgeStepper on vulnerable routers, reroutes software-update traffic for popular Chinese-language applications and delivers the SlowStepper espionage toolkit through trusted update channels, turning routine network gear into an adversary-in-the-middle platform.
CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager’s REST APIs that CISA now lists as actively exploited. By abusing a security filter bypass and a Groovy compilation endpoint, attackers can run arbitrary code on identity-tier servers over HTTP. This article explains the exploit chain, CISA’s KEV deadline and how Oracle shops should patch, monitor and lock down their Identity Manager deployments.
Salesforce has flagged a significant incident where applications published by Gainsight enabled unauthorized access to customer data via OAuth tokens. This article breaks down what happened, why third-party integrations are the new attack surface, and how defenders can respond immediately.