APT 'Bronze Butler' Exploits Zero-Day to Root Japan Orgs
A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses.
Endpoint security protects laptops, phones, servers, and other connected devices from malware, unauthorized access, and breaches.
Search across headline titles and summaries.
Background for this topic.
Endpoint security protects laptops, desktops, servers, mobile devices, and other systems that connect to an organization’s networks or services. It combines secure configuration, timely patching, encryption, access controls, application restrictions, and monitoring. Endpoint detection and response (EDR) tools record activity such as process execution, persistence, and configuration changes so analysts can investigate suspicious behavior.
Endpoints are common entry points for exploiting vulnerable software, stealing credentials, or installing unauthorized code. Effective programs maintain an accurate device and software inventory, prioritize vulnerabilities that are exposed or actively exploited, and apply least privilege to limit what a compromised device or account can do. They also need tested procedures to contain or isolate devices, investigate them without unnecessarily destroying evidence, and govern endpoint telemetry and administrator access to protect privacy and support applicable data-handling obligations.
A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses.
Attackers Exploit Cloud Credential Exposure and 'Over-Permissioning,' Experts WarnAttackers keep hammering cloud-based identities to help them bypass endpoint and network defenses, logging in using inadvertently exposed credentials - or ones harvested through infostealers - then escalating access thanks to over-permissioned accounts, experts warn.
Curly COMrades strike again Russia's Curly COMrades is abusing Microsoft's Hyper-V hypervisor in compromised Windows machines to create a hidden Alpine Linux-based virtual machine that bypasses endpoint security tools, giving the spies long-term network access to snoop and deploy malware.…
The Russian hacker group Curly COMrades is abusing Microsoft Hyper-V in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine to run malware. [...]