Neowin: New finding says custom Windows 10 themes can be used to steal users’ credentials

Neowin: New finding says custom Windows 10 themes can be used to steal users’ credentials. “A new finding shared on Twitter by security researcher Jimmy Bayne points towards a loophole in Windows 10’s themes settings that can let bad actors steal users’ credentials by creating a specific theme to carry out a ‘Pass-the-Hash’ attack. The ability to install separate themes from other sources lets attackers create malicious themes files that when opened, redirect users to a page that prompts users to enter their credentials.”