Microsoft

Critical Windows Server WSUS Vulnerability Exploited in the Wild 

CVE-2025-59287, exploited, Featured, Microsoft, Vulnerabilities, Windows, Windows Server, Wsus /

Critical Windows Server WSUS Vulnerability Exploited in the Wild  2025-10-24 at 17:56 By Eduard Kovacs CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

React to this headline:

Loading spinner

Critical Windows Server WSUS Vulnerability Exploited in the Wild  Read More »

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

BSI, Don't miss, enterprise, Hawktrace, Hot stuff, Microsoft, NCSC-NL, News, security update, SMBs, vulnerability, Windows Server /

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) 2025-10-24 at 15:38 By Zeljka Zorz Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps

React to this headline:

Loading spinner

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) Read More »

Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks

Endpoint Security, File Explorer, Microsoft, NTLM, preview, Security Feature, Windows /

Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks 2025-10-24 at 15:38 By Ionut Arghire In files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews. The post Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks Read More »

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense

Artificial Intelligence, cloud security, cybersecurity, identity management, Microsoft, News, Ransomware, report, threats /

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense 2025-10-24 at 10:42 By Anamarija Pogorelec Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in which criminal and state-backed actors blurred the lines between cybercrime, espionage, and

React to this headline:

Loading spinner

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense Read More »

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US

Microsoft, Threat Intelligence /

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US 2025-10-17 at 20:17 By Associated Press The U.S. is the top target for cyberattacks, with criminals and foreign adversaries targeting companies, governments and organizations. The post Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US Read More »

Microsoft revokes 200 certs used to sign malicious Teams installers

certificates, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, Ransomware /

Microsoft revokes 200 certs used to sign malicious Teams installers 2025-10-17 at 15:59 By Zeljka Zorz By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on

React to this headline:

Loading spinner

Microsoft revokes 200 certs used to sign malicious Teams installers Read More »

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

ASP.NET, Microsoft, patch, Vulnerabilities, vulnerability /

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability 2025-10-17 at 15:59 By Ionut Arghire CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability Read More »

Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign

certificates, disrupted, Microsoft, Ransomware, Rhysida, Vanilla Tempest, Vice Society /

Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign 2025-10-16 at 17:45 By Eduard Kovacs The tech giant attributed the attacks to Vanilla Tempest, also known as Vice Spider and Vice Society. The post Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign Read More »

Microsoft patches three zero-days actively exploited by attackers

0patch, Don't miss, drivers, Hot stuff, Immersive, Microsoft, Microsoft Exchange, MS Office, News, Patch Tuesday, Tenable, Trend Micro, Windows /

Microsoft patches three zero-days actively exploited by attackers 2025-10-15 at 13:18 By Zeljka Zorz On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. The actively exploited vulnerabilities are an unusual mix CVE-2025-24990 is in the third-party driver (ltmdm64.sys) for the software-based Agere Modem,

React to this headline:

Loading spinner

Microsoft patches three zero-days actively exploited by attackers Read More »

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws

Endpoint Security, Featured, Microsoft, patch, Patch Tuesday, vulnerability /

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws 2025-10-15 at 07:40 By Ionut Arghire The tech giant has rolled out fixes for 173 CVEs, including five critical-severity security defects. The post Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws Read More »

CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?

CISO, CISO Conversations, CISO Strategy, Featured, Microsoft /

CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? 2025-10-14 at 14:08 By Kevin Townsend SecurityWeek talks to Microsoft Deputy CISOs Ann Johnson and Mark Russinovich. The post CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future? Read More »

Windows 10 Still on Over 40% of Devices as It Reaches End of Support

Endpoint Security, Featured, Microsoft, Windows, Windows 10, Windows 10 EOS /

Windows 10 Still on Over 40% of Devices as It Reaches End of Support 2025-10-14 at 13:03 By Eduard Kovacs Users can continue receiving important security updates for Windows 10 by enrolling in the ESU program. The post Windows 10 Still on Over 40% of Devices as It Reaches End of Support appeared first on

React to this headline:

Loading spinner

Windows 10 Still on Over 40% of Devices as It Reaches End of Support Read More »

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft 2025-10-10 at 09:33 By Help Net Security A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes

React to this headline:

Loading spinner

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft Read More »

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk

Microsoft, Steam, Unity, Valve, Vulnerabilities, vulnerability /

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk 2025-10-06 at 17:12 By Ionut Arghire The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Read More »

Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza

Artificial Intelligence, Gaza, Israel, Microsoft, surveillance /

Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza 2025-09-26 at 15:40 By Associated Press Microsoft said Thursday it had disabled services to a unit within the Israeli military after a company review had determined its artificial intelligence and cloud computing products were being used to help carry

React to this headline:

Loading spinner

Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza Read More »

European Windows 10 users get an additional year of free security updates

consumer, Don't miss, Europe, Hot stuff, Microsoft, News, security update, Windows /

European Windows 10 users get an additional year of free security updates 2025-09-25 at 21:26 By Zeljka Zorz Windows 10 users in the European Economic Area (EEA) will be able to receive extended security updates until October 14, 2026, without having to pay for them or to back up their settings, apps, or credentials to

React to this headline:

Loading spinner

European Windows 10 users get an additional year of free security updates Read More »

Microsoft spots LLM-obfuscated phishing attack

Don't miss, Hot stuff, LLMs, malware detection, Microsoft, News, phishing /

Microsoft spots LLM-obfuscated phishing attack 2025-09-25 at 19:00 By Zeljka Zorz Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code (along with Kali Linux)

React to this headline:

Loading spinner

Microsoft spots LLM-obfuscated phishing attack Read More »

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher

cloud security, Entra, Microsoft, Microsoft Entra, patch /

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher 2025-09-23 at 16:05 By Kevin Townsend The strength of responsible disclosure is that it can solve problems before they are actioned. The weakness is that it potentially generates a false sense of security in the vendor. The post All Microsoft Entra

React to this headline:

Loading spinner

All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher Read More »

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader

Cloudflare, Don't miss, Hot stuff, lawsuit, Microsoft, Microsoft 365, News, phishing /

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader 2025-09-17 at 15:23 By Zeljka Zorz Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting

React to this headline:

Loading spinner

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader Read More »

Senator Urges FTC Probe of Microsoft Over Security Failures

Compliance, FTC, investigation, Microsoft, Ron Wyden /

Senator Urges FTC Probe of Microsoft Over Security Failures 2025-09-11 at 14:30 By Ionut Arghire Senator Ron Wyden’s complaints focus on Windows security and the Kerberoasting attack technique.  The post Senator Urges FTC Probe of Microsoft Over Security Failures appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Senator Urges FTC Probe of Microsoft Over Security Failures Read More »

Scroll to Top