Six newly identified Windows vulnerabilities put Microsoft users at serious risk
Six newly discovered Windows vulnerabilities, including one rated as critical, could crash systems, allow attackers to run malicious code, or expose sensitive data. The flaws were uncovered by Check Point Research and privately reported to Microsoft under a responsible disclosure process.
One of the most notable discoveries involves what is likely the first publicly disclosed bug in a Rust-based Windows kernel component. Rust is often chosen for its ability to prevent memory errors that have historically led to security flaws
Microsoft-owned GitHub is haunted by ghost accounts spreading malware
Check Point Research has uncovered a network of GitHub accounts, dubbed the "Stargazers Ghost Network," that distributes malware via phishing repositories. This sophisticated operation, tracked under the name "Stargazer Goblin," acts as a Distribution as a Service (DaaS) model, allowing threat actors to share malicious links and software.
The network consists of over 3,000 active accounts that perform activities such as starring, forking, and subscribing to malicious repositories to make them appear legitimate. This tactic helps lure victims into downloading malware. The types of malware distributed include Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine.
Electron Bot malware is running rampant in the Microsoft Store, opening backdoors on victims' computers
Fake versions of popular games such as Temple Run and Subway Surfers are being used to distribute dangerous malware through the Microsoft Store to users of Windows 10 and Windows 11.
Security firm Check Point Research found that malicious versions of the titles were riddled with Electron Bot malware and have already infected thousands of computers in countries incuding Sweden, Bulgaria and Russia. The malware gives an attacker a backdoor into a victim's computer allowing for complete system control, as well as control of social media accounts.