Microsoft at present launched updates to repair at the very least 137 safety vulnerabilities in its Home windows working methods and supported software program. Not one of the weaknesses addressed this month are recognized to be actively exploited, however 14 of the failings earned Microsoft’s most-dire “crucial” ranking, that means they could possibly be exploited to grab management over weak Home windows PCs with little or no assist from customers.

Whereas not listed as crucial, CVE-2025-49719 is a publicly disclosed data disclosure vulnerability, with all variations way back to SQL Server 2016 receiving patches. Microsoft charges CVE-2025-49719 as much less prone to be exploited, however the availability of proof-of-concept code for this flaw means its patch ought to in all probability be a precedence for affected enterprises.

Mike Walters, co-founder of Action1, stated CVE-2025-49719 may be exploited with out authentication, and that many third-party purposes depend upon SQL server and the affected drivers — doubtlessly introducing a supply-chain danger that extends past direct SQL Server customers.

“The potential publicity of delicate data makes this a high-priority concern for organizations dealing with worthwhile or regulated knowledge,” Walters stated. “The excellent nature of the affected variations, spanning a number of SQL Server releases from 2016 via 2022, signifies a elementary situation in how SQL Server handles reminiscence administration and enter validation.”

Adam Barnett at Rapid7 notes that at present is the tip of the street for SQL Server 2012, that means there might be no future safety patches even for crucial vulnerabilities, even should you’re keen to pay Microsoft for the privilege.

Barnett additionally known as consideration to CVE-2025-47981, a vulnerability with a CVSS rating of 9.8 (10 being the worst), a distant code execution bug in the best way Home windows servers and shoppers negotiate to find mutually supported authentication mechanisms. This pre-authentication vulnerability impacts any Home windows consumer machine working Home windows 10 1607 or above, and all present variations of Home windows Server. Microsoft considers it extra seemingly that attackers will exploit this flaw.

Microsoft additionally patched at the very least 4 crucial, distant code execution flaws in Workplace (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702). The primary two are each rated by Microsoft as having the next probability of exploitation, don’t require person interplay, and may be triggered via the Preview Pane.

Two extra excessive severity bugs embody CVE-2025-49740 (CVSS 8.8) and CVE-2025-47178 (CVSS 8.0); the previous is a weak spot that would enable malicious information to bypass screening by Microsoft Defender SmartScreen, a built-in characteristic of Home windows that tries to dam untrusted downloads and malicious websites.

CVE-2025-47178 entails a distant code execution flaw in Microsoft Configuration Supervisor, an enterprise instrument for managing, deploying, and securing computer systems, servers, and units throughout a community. Ben Hopkins at Immersive Labs stated this bug requires very low privileges to take advantage of, and that it’s attainable for a person or attacker with a read-only entry position to take advantage of it.

“Exploiting this vulnerability permits an attacker to execute arbitrary SQL queries because the privileged SMS service account in Microsoft Configuration Supervisor,” Hopkins stated. “This entry can be utilized to control deployments, push malicious software program or scripts to all managed units, alter configurations, steal delicate knowledge, and doubtlessly escalate to full working system code execution throughout the enterprise, giving the attacker broad management over the complete IT setting.”

Individually, Adobe has launched safety updates for a broad vary of software program, together with After Results, Adobe Audition, Illustrator, FrameMaker, and ColdFusion.

The SANS Web Storm Heart has a breakdown of every particular person patch, listed by severity. If you happen to’re liable for administering a lot of Home windows methods, it could be price maintaining a tally of AskWoody for the lowdown on any doubtlessly wonky updates (contemplating the big variety of vulnerabilities and Home windows parts addressed this month).

If you happen to’re a Home windows dwelling person, please contemplate backing up your knowledge and/or drive earlier than putting in any patches, and drop a be aware within the feedback should you encounter any issues with these updates.

Let’s dive in earlier this month to make up for final month’s barely late version. A brand new month and season is upon us, and I’m prepared that will help you out with some deck-building recommendation to maintain you aggressive in Marvel Snap (Free). Fact be advised, I really feel like the sport obtained right into a decently balanced zone over the course of the final month. A brand new season means new playing cards although, so it’s all about to go topsy-turvy once more. Let’s do our greatest to determine the place issues are going, lets? Keep in mind as ever: as we speak’s successful deck may very well be tomorrow’s crunchy brown leaves. These guides are one approach to maintain your finger on the heartbeat of the scene, however they aren’t the one methodology you need to be utilizing.

Notice that almost all of those decks are the most effective of the most effective at this time limit. They assume you might have entry to a full vary of playing cards. I’ll as soon as once more be together with the 5 strongest Marvel Snap decks of the second, and I’ll throw in a pair extra decks that don’t want issues which can be too onerous to get and are simply type of enjoyable to play with. , somewhat selection and all of that.

I might go so far as to say that a lot of the Younger Avengers playing cards didn’t actually make an enormous splash. Kate Bishop hit her mark, as she is wont to, and Marvel Boy positively made a distinction for followers of 1-Value Kazoo decks, however the remainder have been type of in all places. You’ll see them right here and there, however they haven’t shaken issues up but. I can’t say the identical for the freshly launched Superb Spider-Season, because it appears prefer it and the brand new Activate skill are coming in like a wrecking ball. Subsequent month goes to look very, very totally different, I’m sure.

Kazar and Gilgamesh

Included Playing cards: Ant-Man, Nebula, Squirrel Lady, Dazzler, Kate Bishop, Marvel Boy, Caeira, Shanna, Kazar, Blue Marvel, Gilgamesh, Mockingbird

So it has come to this, eh? By no means thought I might see the day when Kazoo was among the many prime decks, however the Younger Avengers have made it occur. At its coronary heart, this can be a very acquainted deck. Get a bunch of low price playing cards on the market after which buff them with Kazar and Blue Marvel. The brand new methods listed below are Marvel Boy including extra buffs and Gilgamesh benefiting big-time from all of that. Kate Bishop and her arrows might help fill areas for Dazzler if wanted, and her arrows will assist carry down the price of your different heavy hitter, Mockingbird. A really good deck with sturdy efficiency. We’ll see if it could possibly cling in there.

Silver Surfer Nonetheless By no means Dies, Half II

Included Playing cards: Nova, Forge, Cassandra Nova, Brood, Silver Surfer, Killmonger, Hope Summers, Nocturne, Sebastian Shaw, Copycat, Absorbing Man, Gwenpool

Silver Surfer continues to be flying excessive, with a number of tweaks to react to steadiness modifications and new playing cards. For those who’ve been enjoying some time, you know the way this goes. You’ve obtained the traditional Nova/Killmonger pair for enhancing your playing cards a bit upon getting some on the market. Forge ideally boosts Brood in order that its clones will probably be stronger. Gwenpool boosts playing cards in your hand, Shaw will get beefier as he will get buffed, Hope enables you to get extra Power, Cassandra Nova grabs energy out of your opponent, and the Surfer/Absorbing Man combo is there end issues off in type. Copycat steals Purple Guardian’s spot, as she has confirmed an especially helpful general-purpose software.

Spectrum and Man-Factor Ongoing

Included Playing cards: Wasp, Ant-Man, Howard the Duck, Armor, US Agent, Lizard, Captain America, Cosmo, Luke Cage, Ms. Marvel, Man-Factor, Spectrum

Even the Ongoing archetype is up right here on the prime, which is one other attention-grabbing end result. You’ve obtained some usually helpful playing cards right here, all with Ongoing talents. Which means Spectrum will give them a pleasant ultimate flip buff. The Luke Cage/Man-Factor combo can be a really good one, and Luke will even shield your playing cards from US Agent’s highly effective impact. The opposite good level of this deck is that it’s fairly simple to play, and I’ve a sense Cosmo goes to turn into much more helpful than he already was with issues going the best way they’re.

Discard Dracula

Included Playing cards: Blade, Morbius, The Collector, Swarm, Colleen Wing, Moon Knight, Corvus Glaive, Girl Sif, Dracula, Proxima Midnight, MODOK, Apocalypse

The classics are the order of the day proper now, is the theme. Right here’s the very dependable Apocalypse-flavor Discard deck, with the one actual change from the usual being the presence of Moon Knight. He obtained higher after his buff. Anyway, your huge playing cards listed below are Morbius and Dracula, and if every thing goes properly you’ll find yourself with nothing extra in your hand than Apocalypse on that final spherical. Dracula will eat him, you’ll get a Mega-Drac, and Morbius ought to be morbing in all places with all that discarding you’ve been doing. Collector may even be a bit cheeky when you go to city on Swarms sufficient.

Destroy

Included Playing cards: Deadpool, Niko Minoru, X-23, Carnage, Wolverine, Killmonger, Deathlok, Attuma, Nimrod, Knull, Dying

Sure, it’s the Destroy deck. Very, very near the standard one even. Attuma has grabbed a spot right here due to his current change. A really profitable buff, that one. Destroy Deadpool and Wolverine as a lot as attainable, get additional vitality with X-23, end up with a pleasant Nimrod swarm or drop Knull when you’re feeling cute. Bizarre to see this type of deck with out Arnim Zola, however counter-measures are getting too widespread today I suppose.

And now, a few enjoyable decks for these nonetheless climbing up the gathering ladder or who merely wish to attempt one thing totally different.

Darkhawk Is Again (Did He Ever Go away?)

Included Playing cards: The Hood, Spider-Ham, Korg, Niko Minoru, Cassandra Nova, Moon Knight, Rockslide, Viper, Proxima Midnight, Darkhawk, Blackbolt, Stature

I’ve at all times preferred Darkhawk, regardless of him being unspeakably goofy from just about his first look. So I’m glad he’s a aggressive card in Marvel Snap, to the purpose that I prefer to tinker round with decks utilizing him. This one has the traditional combos, with Korg and Rockslide including playing cards to your opponent’s deck. It additionally has some spoiler playing cards like Spider-Ham and Cassandra Nova, plus a few playing cards that may trigger your opponent to discard and make Stature low cost to play. Yay, Dorkhawk!

Price range Kazar

Included Playing cards: Ant-Man, Elektra, Ice Man, Nightcrawler, Armor, Mister Unbelievable, Cosmo, Kazar, Namor, Blue Marvel, Klaw, Onslaught

If that Kazar deck up there appears good however you’re simply beginning out, you may as properly apply with this beginner-friendly variant. No, it in all probability received’t win as reliably as the flamboyant model. However it would train you ways this type of combo works, and that’s helpful expertise. You continue to get that good Kazar and Blue Marvel combine, with a flavorful Onslaught on prime to spike the soccer.

And that’s it for this month’s deck information. With the most recent season and no matter steadiness modifications Second Dinner opts to make in the course of the course of the month, I’m certain issues will look fairly totally different come October. That Activate skill actually modifications up the circulate of video games, and Symbiote Spider-Man is seeking to be an entire beast. As ever, it’s additionally going to be attention-grabbing to see what playing cards and decks Second Dinner seems like addressing with steadiness modifications. It’s attention-grabbing to see the classics on prime once more, however I can’t think about it would keep that approach. For now… completely satisfied snapping!

From Australia’s new ransomware cost disclosure guidelines to a different record-breaking DDoS assault, June 2025 noticed no scarcity of fascinating cybersecurity information

28 Jun 2025

It is that point of month when ESET Chief Safety Evangelist Tony Anscombe seems to be on the most impactful cybersecurity information of the previous 30 or so days. This is a few of what caught his eye in June 2025:

• new laws in Australia that mandates that sure organizations report ransomware funds inside 72 hours from making them or else face potential penalties,
• North Korea-aligned menace actor BlueNoroff leveraging deepfakes of firm executives to trick workers into putting in customized malware on their macOS gadgets throughout Zoom calls,
• Scattered Spider hackers, who lately focused retail organizations within the UK earlier than setting their sights on the identical sector within the US, are actually going after US insurance coverage corporations,
• a record-breaking (distributed denial-of-service) DDoS assault that peaked at 7.3 terabits per second (Tbps), delivering the equal of 9,000 HD films in simply 45 seconds,
• ESET researchers have simply revealed the newest situation of their Menace Report, so be sure to dive deep into it for the newest developments on the menace panorama.

Do not forget to take a look at the Could 2025 version of Tony’s month-to-month safety information roundup for extra insights.

Join with us on Fb, X, LinkedIn and Instagram.

From an exploited vulnerability in a third-party ChatGPT software to a weird twist on ransomware calls for, it is a wrap on one other month crammed with impactful cybersecurity information

31 Mar 2025

As you may anticipate, the world of cybersecurity does not sleep, a lot in order that maintaining with new threats and different impactful information truly seems like a full-time job. That is the place our roundup of the month’s most impactful cybersecurity tales is available in. Within the March 2025 version, ESET Chief Safety Evangelist Tony Anscombe seems to be at:

• how cybercriminals exploited a year-old vulnerability in a third-party ChatGPT software to assault US authorities organizations,
• a weird twist on ransomware calls for, as a rip-off is making the rounds that entails letters delivered within the mail to company executives and claiming to come back from a ransomware group,
• this month’s Patch Tuesday included patches for as many as six zero-day vulnerabilities in Microsoft merchandise that attackers are actively exploiting within the wild,
• a US Federal Commerce Fee (FTC) report in keeping with which People misplaced US$12.5 billion to on-line fraud in 2024, which represents a 25-percent enhance from the yr earlier than,
• a warning by the UK Nationwide Cyber Safety Centre for companies and governments to organize for quantum pc hacking by 2035

Be sure that to additionally watch the February 2025 version of the roundup. 

Join with us on Fb, X, LinkedIn and Instagram.

Streaming companies have revolutionized content material supply, sending linear media corporations right into a panic as they watch conventional cable companies decay. “Reducing the twine” is a standard apply lately, however the streaming panorama is not good. We’re a decade into streaming so I needed to share my ideas on the state of recent media: first impressions, second ideas, and the third diploma!

• Netflix is king due to having first mover benefit, and making good monetary strikes over the previous six months, however Netflix’s content material is unremarkable. Their current wins are USA’s Fits and content material licensed from Max…they should do higher…
• The most important loser within the present streaming panorama is the sports activities fan. Wish to watch American Soccer? You want YouTubeTV, Peacock, and Amazon Prime. Soccer fan? You want Peacock, ESPN Plus, Paramount Plus, after which AppleTV Plus in the event you care about MLS. Being a reside sports activities fan is basically, actually costly.
• The guardian corporations of HBO and Showtime killed their manufacturers with “Max” and “Paramount Plus”. HBO’s model identify and fuzzy fade in are iconic; “Max” means nothing. A part of me died with this silly model change.
• Streaming companies lured us in with no ads however they’ve discovered that the advert tiers generate extra income. Now they’re making an attempt to cost us out to get us to decide on the cheaper, ad-driven tier. Good enterprise however I am going to pay extra to keep away from the adverts.
• Apple has all of the sources on this planet however they deal with their streaming service like every part else they do: supply an unremarkable product and skate off of identify. Ted Lasso was good, as was Shrinking, however every part else is filler…
• …and charging for Killers of the Flower Moon in the course of the holidays, then offering it without cost as soon as persons are again to work, is an embarrassing cash seize.
• Amazon does not supply almost sufficient in unique content material. These tech corporations are half in, half out.
• Warner Brothers Discovery licensing their content material, particularly the Marvel Comedian Universe IP, to Netflix as a result of they want fast money seems like a self-own. How do you develop Max by giving your greatest content material to a higher service?
• AppleTV’s {hardware} is insanely elegant to make use of, although I am aggravated they did not decide to their gaming providing. Roku nonetheless seems like a Tremendous Nintendo in a N64 world.
• The free streaming choices lately are superior in the event you do not wish to spend cash. YouTube, RokuTV, and Tubi present a great deal of nice content material at no expense.
• Disney Plus supply a great deal of nice previous motion pictures however my children hardly ever watch it — they’re busy watching cringe exhibits on Netflix…
• One large frustration is the shortage of a “earlier” button that cable remotes had. Navigating between channels in YouTubeTV is painful…
• …and to additional enhance the expertise, it could be nice if AppleTV and Roku would permit customers to have two apps facet by facet; allow us to construct our personal multi-view.
• A part of me needs to bin off all of my sports activities streaming companies and easily use StreamEast…however the comfort is simply too good.

Agree or disagree? What did I miss? Let me know within the feedback under!

From a flurry of assaults concentrating on UK retailers to campaigns corralling end-of-life routers into botnets, it is a wrap on one other month full of impactful cybersecurity information

30 Might 2025

It is that point of month once more when ESET Chief Safety Evangelist Tony Anscombe presents his tackle a number of the most impactful cybersecurity information of the previous 30 or so days. Here is a number of what stood out to him in Might 2025:

• a warning from Google that Scattered Spider, the hacking gang that orchestrated latest assaults at high-street UK retailers, is now turning their sights to US firms,
• earlier in Might, Marks & Spencer confirmed that some buyer knowledge was stolen within the flurry of assaults on UK retailers, which had brought about M&S to cease taking on-line orders,
• cyber-insurance supplier Coalition introduced that enterprise electronic mail compromise (BEC) assaults and fund switch fraud (FTF) accounted for 60% of the claims final 12 months whereas ransomware remained “the costliest and disruptive sort of cyberattack”,
• the FBI warning about malware that targets end-of-life routers in a bid to corral them right into a botnet,
• Coinbase expects the invoice from a latest cyberattack to succeed in as much as US$400 million.

Remember to take a look at the April 2025 version of Tony’s month-to-month safety information roundup for extra insights.

Join with us on Fb, X, LinkedIn and Instagram.

On the lookout for the most up-to-date common Connections solutions? Click on right here for right now’s Connections hints, in addition to our each day solutions and hints for The New York Instances Mini Crossword, Wordle and Strands puzzles.

---

The purple class in Connections: Sports activities Version right now is concerning the largest sports activities occasion of the day. You most likely know what it’s. Trace: Get behind the wheel within the Hoosier State. Learn on for hints and the solutions.

Connections: Sports activities Version is out of beta now, making its debut on Tremendous Bowl Sunday, Feb. 9. That is an indication that the sport has earned sufficient loyal gamers that The Athletic, the subscription-based sports activities journalism website owned by the Instances, will proceed to publish it. It would not present up within the NYT Video games app however now seems in The Athletic’s personal app. Or you may proceed to play it free on-line.  

Learn extra: NYT Connections: Sports activities Version Puzzle Comes Out of Beta

Hints for right now’s Connections: Sports activities Version teams

Listed here are 4 hints for the groupings in right now’s Connections: Sports activities Version puzzle, ranked from the best yellow group to the powerful (and generally weird) purple group.

Yellow group trace: Get your racket.

Inexperienced group trace: Pac Northwest participant.

Blue group trace: Blow that fastball previous the hitter.

Purple group trace: Gents, begin your engines.

Solutions for right now’s Connections: Sports activities Version teams

Yellow group: Tennis grand slams.

Inexperienced group: An Oregon athlete

Blue group: Pitchers to strike out 20 in a single sport.

Purple group: Related to the Indy 500.

Learn extra: Wordle Cheat Sheet: Right here Are the Most Widespread Letters Utilized in English Phrases

What are right now’s Connections: Sports activities Version solutions?

The yellow phrases in right now’s Connections

The theme is tennis grand slams. The 4 solutions are Australian, French, US, Wimbledon.

The inexperienced phrases in right now’s Connections

The theme is an Oregon athlete. The 4 solutions are Duck, Thorn, Timber and Path Blazer.

The blue phrases in right now’s Connections

The theme is pitchers to strike out 20 in a single sport. The 4 solutions are Clemens, Johnson, Scherzer and Wooden.

The purple phrases in right now’s Connections

The theme is related to the Indy 500. The 4 solutions are bricks, automobiles, Memorial Day weekend and milk.

Microsoft on Tuesday launched software program updates to repair a minimum of 70 vulnerabilities in Home windows and associated merchandise, together with 5 zero-day flaws which might be already seeing energetic exploitation. Including to the sense of urgency with this month’s patch batch from Redmond are fixes for 2 different weaknesses that now have public proof-of-concept exploits obtainable.

Microsoft and a number of other safety companies have disclosed that attackers are exploiting a pair of bugs within the Home windows Widespread Log File System (CLFS) driver that enable attackers to raise their privileges on a weak machine. The Home windows CLFS is a important Home windows part liable for logging providers, and is broadly utilized by Home windows system providers and third-party functions for logging. Tracked as CVE-2025-32701 & CVE-2025-32706, these flaws are current in all supported variations of Home windows 10 and 11, in addition to their server variations.

Kev Breen, senior director of risk analysis at Immersive Labs, mentioned privilege escalation bugs assume an attacker already has preliminary entry to a compromised host, usually by a phishing assault or through the use of stolen credentials. But when that entry already exists, Breen mentioned, attackers can achieve entry to the rather more highly effective Home windows SYSTEM account, which may disable safety tooling and even achieve area administration stage permissions utilizing credential harvesting instruments.

“The patch notes don’t present technical particulars on how that is being exploited, and no Indicators of Compromise (IOCs) are shared, which means the one mitigation safety groups have is to use these patches instantly,” he mentioned. “The common time from public disclosure to exploitation at scale is lower than 5 days, with risk actors, ransomware teams, and associates fast to leverage these vulnerabilities.”

Two different zero-days patched by Microsoft right this moment additionally have been elevation of privilege flaws: CVE-2025-32709, which issues afd.sys, the Home windows Ancillary Operate Driver that allows Home windows functions to connect with the Web; and CVE-2025-30400, a weak spot within the Desktop Window Supervisor (DWM) library for Home windows. As Adam Barnett at Rapid7 notes, tomorrow marks the one-year anniversary of CVE-2024-30051, a earlier zero-day elevation of privilege vulnerability on this similar DWM part.

The fifth zero-day patched right this moment is CVE-2025-30397, a flaw within the Microsoft Scripting Engine, a key part utilized by Web Explorer and Web Explorer mode in Microsoft Edge.

Chris Goettl at Ivanti factors out that the Home windows 11 and Server 2025 updates embrace some new AI options that carry quite a lot of baggage and weigh in at round 4 gigabytes. Mentioned baggage consists of new synthetic intelligence (AI) capabilities, together with the controversial Recall function, which continuously takes screenshots of what customers are doing on Home windows CoPilot-enabled computer systems.

Microsoft went again to the drafting board on Recall after a fountain of detrimental suggestions from safety consultants, who warned it might current a pretty goal and a possible gold mine for attackers. Microsoft seems to have made some efforts to stop Recall from scooping up delicate monetary info, however privateness and safety issues nonetheless linger. Former Microsoftie Kevin Beaumont has a great teardown on Microsoft’s updates to Recall.

In any case, windowslatest.com studies that Home windows 11 model 24H2 reveals up prepared for downloads, even for those who don’t need it.

“It can now present up for ‘obtain and set up’ robotically for those who go to Settings > Home windows Replace and click on Examine for updates, however solely when your machine doesn’t have a compatibility maintain,” the publication reported. “Even for those who don’t verify for updates, Home windows 11 24H2 will robotically obtain sooner or later.”

Apple customers seemingly have their very own patching to do. On Could 12 Apple launched safety updates to repair a minimum of 30 vulnerabilities in iOS and iPadOS (the up to date model is eighteen.5). TechCrunch writes that iOS 18.5 additionally expands emergency satellite tv for pc capabilities to iPhone 13 homeowners for the primary time (beforehand it was solely obtainable on iPhone 14 or later).

Apple additionally launched updates for macOS Sequoia, macOS Sonoma, macOS Ventura, WatchOS, tvOS and visionOS. Apple mentioned there is no such thing as a indication of energetic exploitation for any of the vulnerabilities fastened this month.

As all the time, please again up your machine and/or essential knowledge earlier than trying any updates. And please be happy to hold forth within the feedback for those who run into any issues making use of any of those fixes.