Microsoft’s July 2025 Patch Tuesday update resolves 130 vulnerabilities, including critical RCE and SQL Server flaws.

Some of the other tools downloaded onto the systems include an ELF binary named atm from an external server (“195.123.240[.]233:443”) and a Golang port scanner called TXPortMap to map out the internal network and identify potential exploitation targets.
“TGR-CRI-0045 uses a simplistic approach to ViewState exploitation, loading a single, stateless assembly directly,” the researchers noted. “Each command execution requires re-exploitation and re-uploading the assembly (e.g., running the file upload assembly multiple times).”
“Exploiting ASP.NET View State deserialization vulnerabilities via exposed Machine Keys allows minimal on-disk presence and enables long-term access. The group’s opportunistic targeting and ongoing tool development highlight the need for organizations to prioritize identifying and remediating compromised Machine Keys.”
Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names.
Previously, the Microsoft Authenticator app required iOS users to sign in with a personal Microsoft Account to enable backups, regardless of whether they were using the app for personal or enterprise credentials.
This created problems in enterprise environments where organizations often like to keep personal and corporate data separated.
Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates.
Windows Server Update Services (WSUS) is a Microsoft product that allows businesses to manage and distribute Windows updates to computers within their network.
By default, WSUS synchronizes with Microsoft Update servers once a day, when it downloads the latest metadata on available Windows updates. Admins can change the frequency if they wish in the settings.
Google is sharing more information on how Chrome operates when Android mobile users enable Advanced Protection, highlighting strong security improvements.
The tech giant recently extended its Advanced Protection Program to the device level with the release of Android 16, aimed at offering a robust, holistic security posture for high-risk individuals likely to be targeted by sophisticated spyware attacks.
Starting Android 16, Advanced Protection can be activated from the settings, strengthening security measures across the board, including on Google apps such as Chrome, Messages, and Phone.
For the first time ever, researchers succeeded in keeping a qubit coherent for more than 1 millisecond.
IN A NUTSHELL 🌌 Astronomers discovered a massive filament of hot gas stretching 23 million light-years, containing much of the universe’s “missing matter.” 🔭 Advanced telescopes like XMM-Newton and Suzaku played a crucial role in identifying and analyzing this elusive cosmic structure. 🕸️ The filament is part of the Cosmic Web, a network that has