Microsoft

European Windows 10 users get an additional year of free security updates

European Windows 10 users get an additional year of free security updates 2025-09-25 at 21:26 By Zeljka Zorz Windows 10 users in the European Economic Area (EEA) will be able to receive extended security updates until October 14, 2026, without having to pay for them or to back up their settings, apps, or credentials to […]

React to this headline:

Loading spinner

European Windows 10 users get an additional year of free security updates Read More »

Microsoft spots LLM-obfuscated phishing attack

Microsoft spots LLM-obfuscated phishing attack 2025-09-25 at 19:00 By Zeljka Zorz Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code (along with Kali Linux)

React to this headline:

Loading spinner

Microsoft spots LLM-obfuscated phishing attack Read More »

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher 2025-09-23 at 16:05 By Kevin Townsend The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor. The post All Microsoft Entra

React to this headline:

Loading spinner

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher Read More »

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader 2025-09-17 at 15:23 By Zeljka Zorz Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting

React to this headline:

Loading spinner

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader Read More »

Senator Urges FTC Probe of Microsoft Over Security Failures

Senator Urges FTC Probe of Microsoft Over Security Failures 2025-09-11 at 14:30 By Ionut Arghire Senator Ron Wyden’s complaints focus on Windows security and the Kerberoasting attack technique.  The post Senator Urges FTC Probe of Microsoft Over Security Failures appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Senator Urges FTC Probe of Microsoft Over Security Failures Read More »

Microsoft Patches 86 Vulnerabilities

Microsoft Patches 86 Vulnerabilities 2025-09-09 at 21:57 By Eduard Kovacs Microsoft has released patches for dozens of flaws in Windows and other products, including ones with ‘exploitation more likely’ rating. The post Microsoft Patches 86 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Microsoft Patches 86 Vulnerabilities Read More »

September 2025 Patch Tuesday forecast: The CVE matrix

September 2025 Patch Tuesday forecast: The CVE matrix 2025-09-05 at 10:18 By Help Net Security We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator

React to this headline:

Loading spinner

September 2025 Patch Tuesday forecast: The CVE matrix Read More »

Fake macOS help sites push Shamos infostealer via ClickFix technique

Fake macOS help sites push Shamos infostealer via ClickFix technique 2025-08-25 at 15:23 By Zeljka Zorz Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers have warned. To prevent macOS security features from blocking the installation, the malware peddlers

React to this headline:

Loading spinner

Fake macOS help sites push Shamos infostealer via ClickFix technique Read More »

Free courses: Master AI tools from Microsoft, AWS, and Google

Free courses: Master AI tools from Microsoft, AWS, and Google 2025-08-14 at 07:32 By Anamarija Pogorelec Learn how AI technologies can be applied to enhance security, create safe and responsible applications, develop intelligent agents, and improve information discovery. You’ll gain practical skills, explore new tools, and work on projects that help you apply what you

React to this headline:

Loading spinner

Free courses: Master AI tools from Microsoft, AWS, and Google Read More »

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779) 2025-08-13 at 15:20 By Zeljka Zorz For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (CVE-2025-53779) that allows an authorized attacker to elevate privileges over a network as part of a

React to this headline:

Loading spinner

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779) Read More »

Microsoft Patches Over 100 Vulnerabilities

Microsoft Patches Over 100 Vulnerabilities 2025-08-13 at 07:02 By Eduard Kovacs Microsoft’s August 2025 Patch Tuesday updates address critical vulnerabilities in Windows, Office, and Hyper-V. The post Microsoft Patches Over 100 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Microsoft Patches Over 100 Vulnerabilities Read More »

August 2025 Patch Tuesday forecast: Try, try, again

August 2025 Patch Tuesday forecast: Try, try, again 2025-08-08 at 09:30 By Help Net Security July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly

React to this headline:

Loading spinner

August 2025 Patch Tuesday forecast: Try, try, again Read More »

Microsoft Paid Out $17 Million in Bug Bounties in Past Year

Microsoft Paid Out $17 Million in Bug Bounties in Past Year 2025-08-06 at 17:34 By Ionut Arghire Microsoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year. The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Microsoft Paid Out $17 Million in Bug Bounties in Past Year Read More »

Project Ire: Microsoft’s autonomous malware detection AI agent

Project Ire: Microsoft’s autonomous malware detection AI agent 2025-08-05 at 19:45 By Zeljka Zorz Microsoft is working on a AI agent whose main goal is autonomous malware detection and the prototype – dubbed Project Ire – is showing great potential, the company has announced on Tuesday. Tested on a dataset of known malicious and benign

React to this headline:

Loading spinner

Project Ire: Microsoft’s autonomous malware detection AI agent Read More »

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware 2025-08-05 at 19:12 By Eduard Kovacs Microsoft has unveiled Project Ire, a prototype autonomous AI agent that can analyze any software file to determine if it’s malicious. The post Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft’s Project Ire Autonomously Reverse Engineers Software to Find Malware Read More »

Microsoft Offers $5 Million at Zero Day Quest Hacking Contest

Microsoft Offers $5 Million at Zero Day Quest Hacking Contest 2025-08-05 at 11:38 By Ionut Arghire Research demonstrating high-impact cloud and AI security flaws will be rewarded at Microsoft’s Zero Day Quest competition in spring 2026. The post Microsoft Offers $5 Million at Zero Day Quest Hacking Contest appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Microsoft Offers $5 Million at Zero Day Quest Hacking Contest Read More »

Microsoft Boosts .NET Bounty Program Rewards to $40,000

Microsoft Boosts .NET Bounty Program Rewards to $40,000 2025-08-01 at 16:01 By Ionut Arghire Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards. The post Microsoft Boosts .NET Bounty Program Rewards to $40,000 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Microsoft Boosts .NET Bounty Program Rewards to $40,000 Read More »

Storm-2603 spotted deploying ransomware on exploited SharePoint servers

Storm-2603 spotted deploying ransomware on exploited SharePoint servers 2025-07-24 at 19:03 By Zeljka Zorz One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft announced that attackers have

React to this headline:

Loading spinner

Storm-2603 spotted deploying ransomware on exploited SharePoint servers Read More »

ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named

ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named 2025-07-24 at 12:35 By Eduard Kovacs More information has emerged on the ToolShell SharePoint zero-day attacks, including impact, victims, and threat actors. The post ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

ToolShell Attacks Hit 400+ SharePoint Servers, US Government Victims Named Read More »

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch 2025-07-22 at 20:47 By Eduard Kovacs Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days. The post Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch Read More »

Scroll to Top