Microsoft

February 2025 Patch Tuesday forecast: New directions for AI development

Don't miss, Expert analysis, Expert corner, Hot stuff, Ivanti, Microsoft, News, Patch Tuesday, predictions /

February 2025 Patch Tuesday forecast: New directions for AI development 2025-02-10 at 08:02 By Help Net Security The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI. DeepSeek ad Stargate DeepSeek took the world by storm as millions of copies […]

React to this headline:

Loading spinner

February 2025 Patch Tuesday forecast: New directions for AI development Read More »

Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys

Don't miss, Hot stuff, IIS server, Malware, Microsoft, News, web application security, web shell /

Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys 2025-02-07 at 14:22 By Zeljka Zorz A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating, remediating, and building protections against this activity, we observed an insecure

React to this headline:

Loading spinner

Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys Read More »

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

0-day, Don't miss, enterprise, Hot stuff, Microsoft, News, secure access, security update, SonicWall /

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) 2025-01-23 at 11:03 By Zeljka Zorz A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the company said

React to this headline:

Loading spinner

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) Read More »

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

CVE, Don't miss, ESET, Microsoft, News, research, vulnerability /

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) 2025-01-16 at 12:03 By Help Net Security ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability

React to this headline:

Loading spinner

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance

Adobe, Don't miss, Expert analysis, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, Windows /

January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance 2025-01-10 at 09:45 By Help Net Security Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released in 2024. While this security

React to this headline:

Loading spinner

January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance Read More »

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)

Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, Microsoft, News, VPN /

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) 2025-01-08 at 21:49 By Zeljka Zorz Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-2025-0283 Both are stack-based buffer overflow

React to this headline:

Loading spinner

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Read More »

Balancing proprietary and open-source tools in cyber threat research

CISO, cybersecurity, Don't miss, Features, Hot stuff, Microsoft, News, opinion, Threat Intelligence /

Balancing proprietary and open-source tools in cyber threat research 2025-01-06 at 07:38 By Mirko Zorz In this Help Net Security interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses how threat research drives faster, better decision-making in cybersecurity operations. Roccia provides insights into balancing internal and external research strategies, the influence of AI and geopolitical

React to this headline:

Loading spinner

Balancing proprietary and open-source tools in cyber threat research Read More »

Microsoft fixes exploited zero-day (CVE-2024-49138)

0-day, CVE, Don't miss, enterprise, Hot stuff, Immersive Labs, Microsoft, News, Patch Tuesday, Tenable, Windows, Windows Server /

Microsoft fixes exploited zero-day (CVE-2024-49138) 2024-12-10 at 23:04 By Zeljka Zorz On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploited by attackers CVE-2024-49138 stems from a heap-based buffer overflow

React to this headline:

Loading spinner

Microsoft fixes exploited zero-day (CVE-2024-49138) Read More »

Microsoft: “Hack” this LLM-powered service and get paid

Don't miss, hacking contest, Hot stuff, LLMs, Microsoft, News, prompt injection /

Microsoft: “Hack” this LLM-powered service and get paid 2024-12-09 at 18:04 By Zeljka Zorz Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve defenses against prompt injection attacks. The setup and the challenge LLMail is a simulated email client

React to this headline:

Loading spinner

Microsoft: “Hack” this LLM-powered service and get paid Read More »

December 2024 Patch Tuesday forecast: The secure future initiative impact

Adobe, Don't miss, Expert analysis, Hot stuff, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions, Windows /

December 2024 Patch Tuesday forecast: The secure future initiative impact 2024-12-06 at 08:04 By Help Net Security It seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it has been a busy year with continued Windows 11 releases, the new Server 2025 release, and all the

React to this headline:

Loading spinner

December 2024 Patch Tuesday forecast: The secure future initiative impact Read More »

Microsoft asks Windows Insiders to try out the controversial Recall feature

Artificial Intelligence, data security, Don't miss, endpoint management, enterprise, Hot stuff, Microsoft, News, Privacy, Windows /

Microsoft asks Windows Insiders to try out the controversial Recall feature 2024-11-25 at 16:33 By Zeljka Zorz Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year. “We heard

React to this headline:

Loading spinner

Microsoft asks Windows Insiders to try out the controversial Recall feature Read More »

Yubico Enrollment Suite boosts security for Microsoft users

Industry news, Microsoft, Yubico /

Yubico Enrollment Suite boosts security for Microsoft users 2024-11-20 at 10:33 By Industry News Yubico announced Yubico Enrollment Suite for Microsoft users, including Yubico FIDO Pre-reg and the new YubiEnroll. These solutions integrate with Microsoft’s Entra ID, helping organizations create stronger cyber resilience and provide support to further advance strategies with a zero trust model.

React to this headline:

Loading spinner

Yubico Enrollment Suite boosts security for Microsoft users Read More »

Microsoft announces Zero Day Quest hacking event with big rewards

bug bounty, bug hunting, Don't miss, Microsoft, News /

Microsoft announces Zero Day Quest hacking event with big rewards 2024-11-19 at 21:19 By Mirko Zorz Microsoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in critical areas such as cloud computing and AI. Event focus

React to this headline:

Loading spinner

Microsoft announces Zero Day Quest hacking event with big rewards Read More »

Microsoft announces new and improved Windows 11 security features

Application Security, Data Protection, Don't miss, Hot stuff, Microsoft, News, privileged accounts, Windows /

Microsoft announces new and improved Windows 11 security features 2024-11-19 at 21:04 By Zeljka Zorz Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that can be abused by attackers

React to this headline:

Loading spinner

Microsoft announces new and improved Windows 11 security features Read More »

Windows 365 Link: Connect securely to Windows 365

Cloud, hardware, Microsoft, News /

Windows 365 Link: Connect securely to Windows 365 2024-11-19 at 18:55 By Mirko Zorz Microsoft unveiled Windows 365 Link, their first purpose-built Cloud PC device for instant, secure connection to Windows 365. Sign-in screen with USB security key option (Source: Microsoft) Windows 365 Link prioritizes security “We have heard concerns from IT pros about the

React to this headline:

Loading spinner

Windows 365 Link: Connect securely to Windows 365 Read More »

Using AI to drive cybersecurity risk scoring systems

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, Hot stuff, Microsoft, Risk Management, Video /

Using AI to drive cybersecurity risk scoring systems 2024-11-15 at 07:18 By Help Net Security In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for cybersecurity threats, and how AI is revolutionizing risk assessment and management in cybersecurity. The post Using

React to this headline:

Loading spinner

Using AI to drive cybersecurity risk scoring systems Read More »

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

0-day, Active Directory, CVE, Don't miss, Hot stuff, Immersive Labs, Ivanti, Microsoft, Microsoft Defender, News, OpenSSL, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) 2024-11-12 at 23:03 By Zeljka Zorz November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is yet another

React to this headline:

Loading spinner

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) Read More »

Scroll to Top