Tag: microsoft
-
Patchday von Microsoft, SAP & Co – Was ist der Patchday?
First seen on security-insider.de Jump to article: www.security-insider.de/was-ist-der-patchday-a-e4fc5ad550cb9fd8bfa6838fc13f2be6/
-
Windows 11: Microsoft schließt stillschweigend LNK-Schwachstelle CVE-2025-9491
Seit Ende August 2025 ist eine LNK-File-Schwachstelle (CVE-2025-9491) bekannt. Diese lässt sich unter Windows für eine Remote Code-Ausführung missbrauchen. Microsoft wollte erst keinen Patch bereitstellen, hat dann aber doch was per Update getan. 0patch hatte bereits seit Monaten einen Micropatch … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/03/microsoft-schliesst-stillschweigend-lnk-schwachstelle-cve-2025-9491/
-
Breach Roundup: React Flaw Incites Supply Chain Risk
Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for ‘Evil Twin’ Hack. This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth’s Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi evil twin crimes. The US FTC will send $15.3 million to Avast users. A London…
-
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos…
-
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files First seen on theregister.com Jump to article: www.theregister.com/2025/12/04/microsoft_lnk_bug_fix/
-
Windows shortcuts’ use as a vector for malware may be cut short
Windows shortcut files (.lnk) have long been a convenient hiding place for attackers because Windows Explorer only displayed the first 260 characters of the command in a shortcut’s properties. Anything appended after a long string of spaces stayed invisible to the user.The issue is tracked as CVE-2025-9491, with security analysts assigning a high-severity CVSS rating…
-
Microsoft 365 license check bug blocks desktop app downloads
Tags: microsoftMicrosoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-bug-in-microsoft-365-license-checks-blocks-desktop-app-downloads/
-
Microsoft Silently Fixes 8-Year Windows Security Flaw
The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows’ standard interface. The post Microsoft Silently Fixes 8-Year Windows Security Flaw appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-fixes-security-flaw/
-
‘ShadyPanda’ Hackers Weaponize Millions of Browsers
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/shadypanda-hackers-weaponize-browsers
-
Microsoft mops up Mesh after another metaverse misfire
Tags: microsoftDreams of a virtual world linger on in Teams First seen on theregister.com Jump to article: www.theregister.com/2025/12/02/microsoft_mesh_axed/
-
Newly discovered malicious extensions could be lurking in enterprise browsers
Tags: attack, browser, chrome, data, detection, exploit, google, malicious, marketplace, microsoft, technology, tool, update, vulnerabilityShadyPanda played the long game, with extensions including the popular Clean Master utility with 200,000 installs distributed as completely legitimate tools early on, earning them positive user ratings and, in some cases, trust signals such as “Featured” or “Verified” badges in the Chrome Web Store and Microsoft Edge Add-ons store. No review after submission: This…
-
Newly discovered malicious extensions could be lurking in enterprise browsers
Tags: attack, browser, chrome, data, detection, exploit, google, malicious, marketplace, microsoft, technology, tool, update, vulnerabilityShadyPanda played the long game, with extensions including the popular Clean Master utility with 200,000 installs distributed as completely legitimate tools early on, earning them positive user ratings and, in some cases, trust signals such as “Featured” or “Verified” badges in the Chrome Web Store and Microsoft Edge Add-ons store. No review after submission: This…
-
Microsoft Defender portal outage disrupts threat hunting alerts
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-defender-portal-outage-blocks-access-to-security-alerts/
-
Microsoft Defender portal outage disrupts threat hunting alerts
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-defender-portal-outage-blocks-access-to-security-alerts/
-
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform…
-
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform…
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
KB5070311 triggers File Explorer white flash in dark mode
Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-kb5070311-triggers-file-explorer-bright-white-flashes-in-dark-mode/
-
Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration
Travel and hospitality industry leader Sonesta International Hotels partners with AccuKnox to deploy Zero Trust Integrated Application and Cloud Security [ASPM and CNAPP (Cloud Native Application Protection Platform)] for Microsoft Azure. AccuKnox, Inc., announced that Sonesta International Hotels has partnered with AccuKnox to deploy Zero Trust CNAPP. Gartner Group, in its 2024 findings, reported that…
-
Windows 11 KB5070311 update fixes File Explorer freezes, search issues
Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/
-
Windows 11 KB5070311 update fixes File Explorer freezes, search issues
Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/
-
Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants
A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpatched as Microsoft considers it working >>by design.
-
Windows Update Orchestration Platform – Microsofts neue Infrastruktur für einheitliche Updates unter Windows
First seen on security-insider.de Jump to article: www.security-insider.de/windows-update-orchestration-platform-patch-management-a-d6653a1b38e0c56ad03c83324a3daaaf/
-
NoID Privacy-Tool zur Härtung von Windows 11 24H2 25H2
Wie lässt sich Windows 11 sicherheitstechnisch härten und in der Telemetrie begrenzen? Für Administratoren in Firmen gibt es Security-Empfehlungen von Microsoft samt Gruppenrichtlinien oder Intune zum Umsetzen. Für Windows 11 in nicht verwalteten Umgebungen (Home, Pro) lässt sich das Tool … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/02/noid-privacy-tool-zur-haertung-von-windows-11-25h2/
-
NoID Privacy-Tool zur Härtung von Windows 11 25H2
Wie lässt sich Windows 11 sicherheitstechnisch härten und in der Telemetrie begrenzen? Für Administratoren in Firmen gibt es Security-Empfehlungen von Microsoft samt Gruppenrichtlinien zum Umsetzen. Für Windows 11 in nicht verwalteten Umgebungen (Home, Pro) lässt sich das Tool NoID Privacy … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/02/noid-privacy-tool-zur-haertung-von-windows-11-25h2/
-
Frühwarnsystem für SAP – Onapsis-Integration macht Microsoft Sentinel zur SAP-Sicherheitszentrale
First seen on security-insider.de Jump to article: www.security-insider.de/onapsis-microsoft-integriertes-sap-sicherheitsmonitoring-a-da35a1c6955dcbd2ea851de915a779b6/
-
NoID Privacy-Tool zur Härtung von Windows 11 25H2
Wie lässt sich Windows 11 sicherheitstechnisch härten und in der Telemetrie begrenzen? Für Administratoren in Firmen gibt es Security-Empfehlungen von Microsoft samt Gruppenrichtlinien zum Umsetzen. Für Windows 11 in nicht verwalteten Umgebungen (Home, Pro) lässt sich das Tool NoID Privacy … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/02/noid-privacy-tool-zur-haertung-von-windows-11-25h2/
-
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms. Researchers at Secure Annex have uncovered and tracked 24 new malicious packages linked to the…