News • Insights • Analysis
Crooks are exploiting four Microsoft vulnerabilities – one patched 14 years ago and another tied to ransomware activity – according to America’s lead cyber-defense agency, which on Monday gave federal agencies two weeks to patch them. The four vulnerabilities added Read More …
Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their Read More …
Unknown baddies are abusing yet another critical Microsoft SharePoint bug to compromise victims’ SharePoint servers, the US government warned. CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any Read More …
After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and Read More …
Microsoft is publishing 77 vulnerabilities this March 2026 Patch Tuesday. Microsoft is aware of public disclosure of two of today’s vulnerabilities, but without evidence of exploitation in the wild for any (yet), so there are no Microsoft additions to CISA Read More …
Microsoft is warning of a new phishing campaign which aims to deploy persistent backdoors to victim’s computers. In a new in-depth analysis, the company’s researchers said they recently spotted multiple phishing campaigns, currently not attributed to any known threat actors, Read More …
Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims’ machines with malware and take over their devices. The phishing expedition targets government and public-sector organizations, according to a Monday report Read More …
According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack. CISA added CVE-2024-43468 to its Known Read More …
Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today’s vulnerabilities, and notes public disclosure for three of those. Earlier in the month, All three of the publicly Read More …
GlassWorm, the malware campaign which targeted VS Code developers on Microsoft’s official Visual Studio Code marketplace, has now expanded to open source alternatives, experts have claimed. Recently, security researchers Socket said they discovered four extensions in Open VSX, an open, Read More …
