Today’s roundup
Microsoft: Windows 11 24H2 bug crashes Explorer and Start Menu
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
Iberia Airlines Notifies Customers of Supply Chain Data Breach
AI attack agents are accelerators, not autonomous weapons: the Anthropic attack
Scattered Spider alleged members deny TfL charges
Summary
Microsoft has confirmed a critical bug in Windows 11 24H2 that causes the File Explorer, Start Menu, and other key system components to crash. This issue arises when provisioning systems with cumulative updates released since July 2025, significantly impacting system stability for affected users and IT administrators.
New research by CrowdStrike reveals that DeepSeek-R1, an artificial intelligence reasoning model developed by DeepSeek, generates code with a higher likelihood of security vulnerabilities when prompts include topics considered politically sensitive by China, such as Tibet or Uyghurs. This highlights potential biases in AI code generation and its security implications.
Threat actors are actively exploiting a recently patched vulnerability, CVE-2025-59287, in Microsoft Windows Server Update Services (WSUS) to distribute the ShadowPad malware. According to AhnLab Security Intelligence Center (ASEC), attackers target WSUS-enabled Windows Servers for initial access and then utilize tools like PowerCat to gain full system control.
Spanish airline Iberia has begun notifying its customers about a data breach stemming from one of its suppliers. The breach resulted in the exposure of customer information, underscoring the ongoing risks associated with third-party supply chain vulnerabilities.
A recent analysis of an Anthropic report concludes that AI agents in cyberattacks function as "accelerators" for human attackers rather than autonomous weapons. These AI systems automate 80-90% of tactical tasks like script generation and exploit testing, dramatically increasing speed and scalability, but human operators remain essential for strategic planning, target selection, risk assessment, and decision-making.
Two UK teenagers, Thalha Jubair (19) and Owen Flowers (18), identified as alleged members of the Scattered Spider hacking group, have pleaded not guilty to charges related to the cyberattack on Transport for London (TfL) in August 2024. The individuals were arrested in September by the NCA and also face charges for conspiring to attack US healthcare networks and attempting to infiltrate SSM Health Care Corporation and Sutter Health networks. The DOJ has separately charged Jubair in New Jersey for over 120 network intrusions and $115 million in ransom payments.
Want to dig deeper?
Vulnerabilities
Cyber Groups