Microsoft
-
Microsoft Defender AI Can Detect Plaintext Credentials in Active Directory
Microsoft has unveiled a new AI-powered security capability that addresses one of cybersecurity’s most persistent vulnerabilities: plaintext credentials stored in…
Read More » -
Threat Actors Use Pirated Games to Bypass Microsoft Defender SmartScreen and Adblockers
Cybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage pirated game downloads to distribute HijackLoader, a modular malware…
Read More » -
Elastic EDR 0-Day Flaw Lets Hackers Evade Detection, Run Malware, and Trigger BSOD
AshES Cybersecurity has disclosed a severe zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) software that transforms the security…
Read More » -
10 Best Free Data Recovery Software 2025
Free data recovery software or tools are among the most essential tools, playing a crucial role in our lives. Although…
Read More » -
Windows Out-of-Box-Experience Flaw Enables Full Administrative Command Prompt Access
A newly documented vulnerability in Windows’ Out-of-Box-Experience (OOBE) allows users to bypass security restrictions and gain full administrative access to…
Read More » -
Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks
Security researchers have uncovered a “zero-click” denial-of-service chain that can silently turn thousands of Microsoft Windows Domain Controllers (DCs) into…
Read More » -
Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability
The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed on…
Read More » -
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data
Microsoft security researchers have uncovered four critical vulnerabilities in Windows BitLocker that could allow attackers with physical access to bypass…
Read More » -
‘Ghost Calls’ Attack Exploits Web Conferencing as Hidden Command-and-Control Channel
Security researchers have unveiled a sophisticated new attack technique called “Ghost Calls” that exploits popular web conferencing platforms to establish…
Read More » -
UAC-0099 Hackers Weaponize HTA Files to Deploy MATCHBOIL Loader Malware
UAC-0099 is a threat actor organization that has been targeting state officials, defense forces, and defense-industrial firms in a series…
Read More » -
Chinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and Loaders
Unit 42 researchers have identified significant overlaps between Microsoft’s reported ToolShell exploit chain targeting SharePoint vulnerabilities and a tracked activity…
Read More » -
Microsoft Upgrades .NET Bounty Program, Offers Rewards Up to $40,000
Microsoft has announced significant enhancements to its .NET Bounty Program, introducing expanded coverage, streamlined award structures, and substantially increased financial…
Read More » -
Hackers Deploy Cobalt Strike Beacon Using GitHub and Social Media
A sophisticated cyberattack campaign disrupted the Russian IT industry and entities in several other countries, leveraging advanced evasion techniques to…
Read More » -
Stealing Login Credentials from 19 Major Browsers
A sophisticated new information stealer named SHUYAL was recently discovered by Hybrid Analysis. It has demonstrated extensive capabilities in credential…
Read More » -
Microsoft Investigates Leak in Early Warning System Used by Chinese Hackers to Exploit SharePoint Vulnerabilities
Chinese laws requiring vulnerability disclosure to the government create transparency issues and potential conflicts for international cybersecurity efforts. Microsoft is…
Read More » -
Elephant APT Group Exploits VLC Player and Encrypted Shellcode in Attacks on Defense Sector
Arctic Wolf Labs has uncovered a sophisticated cyber-espionage operation attributed to the Dropping Elephant advanced persistent threat (APT) group, also…
Read More » -
Metasploit Module Released to Exploit SharePoint 0-Day Vulnerabilities
Security researchers have released a Metasploit exploitation module targeting critical zero-day vulnerabilities in Microsoft SharePoint Server, marking a significant escalation…
Read More »