News • Insights • Analysis
Russia-linked attackers are already exploiting Microsoft’s latest Office zero-day, with Ukraine’s national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU. In an alert published on Read More …
Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files. Microsoft pushed the emergency patch for the zero‑day, tracked as Read More …
More than 1.5 million people may have had their sensitive data exfiltrated to Chinese hackers through two malicious extensions found on the VSCode Marketplace. Security researchers at Koi Security said they discovered two malicious browser extensions in Microsoft’s Visual Studio Read More …
Researchers found a method to steal data which bypasses Microsoft Copilot’s built-in safety mechanisms. The attack flow, called Reprompt, abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session. Copilot is an AI Read More …
Today, Microsoft is announcing a coordinated legal action in the United States and, for the first time, the United Kingdom to disrupt RedVDS, a global cybercrime subscription service fueling millions in fraud losses. These efforts are part of a broader Read More …
The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities (KEV). The KEV catalog gives Federal Civilian Executive Branch (FCEB) agencies a list of Read More …
The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) has apprehended a suspected cyber fraudster linked to coordinated attacks on Microsoft 365 email platforms used by corporate organisations. The arrest followed an intelligence-led investigation triggered by credible information from Microsoft Corporation Read More …
Microsoft has said it successfully mitigated, “the largest DDoS attack ever observed in the cloud” after cybercriminals running the Aisuru botnet targeted a single endpoint, located in Australia. The attack was a sight to behold: more than 500,000 source IPs, Read More …
The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue. A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on Read More …
The Rapid7 September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This zero-day is being used by threat actors to gain initial access to victim networks, with exploitation observed in government as well as multiple Read More …
