Microsoft

February 11, 2026

Hackers Weaponize 7-Zip Downloads to Turn Home PCs Into Proxy Nodes

A fake website impersonating the popular 7-Zip file archiver has been distributing malicious software that secretly converts infected computers into…
Read More »
December 22, 2025

Microsoft Brokering File System Vulnerability Enables Local Privilege Escalation

Microsoft has recently patched a critical vulnerability in its Brokering File System (BFS) driver, which could have allowed attackers to…
Read More »
December 20, 2025

Microsoft Teams Outage Causes Global Messaging Delays and Service Interruptions

A global outage of Microsoft Teams occurred on December 20, 2025, causing significant disruptions to the collaboration platform’s messaging functionality…
Read More »
December 20, 2025

Iranian APT Targeting Networks and Critical Infrastructure Organizations

A new wave of sophisticated malware campaigns has been launched by Iranian state-sponsored threat actors, targeting critical infrastructure organizations worldwide.…
Read More »
December 19, 2025

Microsoft Patches MSMQ Flaw That Affects IIS Web Servers

Microsoft has issued an emergency security update to fix a critical vulnerability in the Message Queuing (MSMQ) feature, which affects…
Read More »
December 19, 2025

Beware of Malicious Scripts in Weaponized PDF Purchase Orders

A sophisticated phishing campaign utilizing a weaponized PDF document named “NEW Purchase Order # 52177236.pdf” has been identified, employing legitimate…
Read More »
December 18, 2025

Microsoft Desktop Window Manager Flaw Allows Privilege Escalation

A critical vulnerability has been identified in the Windows Desktop Window Manager (DWM) that could potentially allow attackers to escalate…
Read More »
December 16, 2025

Microsoft December 2025 Security Updates Disrupt MSMQ Functionality on IIS

A significant compatibility issue has been introduced by Microsoft’s December 2025 security update, affecting Message Queuing (MSMQ) functionality across Windows…
Read More »
December 15, 2025

EDR Process Sideloading to Conceal Malicious Activity

Initial access broker Storm-0249 has undergone a significant transformation, evolving from a mass phishing operation into a sophisticated threat actor…
Read More »
December 13, 2025

Surge in Attacks Targeting RSC-Enabled Services Worldwide

In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React Server Components (RSC) that enables remote code execution (RCE), was publicly…
Read More »
December 10, 2025

Makop Ransomware Evolves with Advanced Evasion Techniques and Exploit Arsenal

Makop, a ransomware strain derived from Phobos, continues to pose a significant threat by exploiting exposed Remote Desktop Protocol (RDP)…
Read More »
December 9, 2025

New Vishing Attack Exploits Microsoft Teams and QuickAssist to Deploy .NET Malware

A sophisticated vishing campaign has emerged that combines social engineering with legitimate Microsoft tools to establish command execution chains leading…
Read More »
December 9, 2025

Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities

Hypervisors, the invisible backbone of modern corporate IT, have become the new primary battleground for ransomware groups. According to new…
Read More »
December 8, 2025

Encrypted Configuration and Obfuscation Techniques

In the second installment of the “Advent of Configuration Extraction” series, security researchers have unwrapped QuasarRAT, a widely-deployed .NET remote…
Read More »
December 7, 2025

Beyond CVEs – Turning Visibility into Action with ASM

Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM…
Read More »
December 3, 2025

Threat Actors Using Matanbuchus Downloader to Deliver Ransomware and Maintain Persistence

Threat actors are increasingly abusing the Matanbuchus malicious downloader as a key enabler for hands-on-keyboard ransomware operations, using its backdoor-like…
Read More »
December 2, 2025

Cyber Startup Frenetik Launches Patented Deception Technology to Counter the AI Arms Race

Bethesda, USA / Maryland, December 2nd, 2025, CyberNewsWire While most cybersecurity companies pour resources into AI models, massive compute, hoovering…
Read More »
November 28, 2025

Microsoft Blocks External Scripts in Entra ID Logins to Boost Security

Microsoft has announced a significant security change to the Microsoft Entra ID sign-in experience that will block external scripts from…
Read More »
November 25, 2025

Microsoft Warns of Security Risks in New Agentic AI Feature

Microsoft is sounding the alarm on critical security considerations as it introduces agentic AI capabilities to Windows through experimental features…
Read More »
November 23, 2025

Tycoon2FA Launches Nearly 1 Million Attacks Targeting Office 365 Accounts

Tycoon2FA, a sophisticated phishing-as-a-service platform tracked by Microsoft as Storm-1747, has emerged as the dominant threat targeting Office 365 accounts…
Read More »

Previous page Next page