Tag: microsoft
-
Microsoft Security Update Summary (9. Dezember 2025)
Microsoft hat am 9. Dezember 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 56 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert und wird ausgenutzt. Nachfolgend findet sich ein kompakter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/microsoft-security-update-summary-9-dezember-2025/
-
Microsoft patched over 1,100 CVEs in 2025
The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to over 1,100. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636275/Microsoft-patched-over-1100-CVEs-in-2025
-
Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day
Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-december-2025/
-
Windows PowerShell now warns when running Invoke-WebRequest scripts
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-windows-powershell-now-warns-when-running-invoke-webrequest-scripts/
-
Microsoft releases Windows 10 KB5071546 extended security update
Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/
-
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/
-
Windows 11 KB5072033 & KB5071417 cumulative updates released
Microsoft has released Windows 11 KB5072033 and KB5071417 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5072033-and-kb5071417-cumulative-updates-released/
-
AI-Powered Security Operations: Governance Considerations for Microsoft Sentinel Enterprise Deployments
The Tech Field Day Exclusive with Microsoft Security (#TFDxMSSec25) spotlighted one of the most aggressive demonstrations of AI-powered security operations to date. Microsoft showcased how Sentinel’s evolving data lake and graph architecture now drive real-time, machine-assisted threat response. The demo of “Attack Disruption” captured the promise”, and the unease”, of a security operations center where…
-
Ransomware IAB abuses EDR for stealthy malware execution
An initial access broker tracked as Storm-0249 is abusing endpoint detection and response solutions and trusted Microsoft Windows utilities to load malware, establish communication, and persistence in preparation for ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/
-
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul
At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
-
Microsoft Takes Aim at “Swivel-Chair Security” with Defender Portal Overhaul
At a recent Tech Field Day Exclusive event, Microsoft unveiled a significant evolution of its security operations strategy”, one that attempts to solve a problem plaguing security teams everywhere: the exhausting practice of jumping between multiple consoles just to understand a single attack. The Problem: Too Many Windows, Not Enough Clarity Security analysts have a…
-
Malicious VS Code on Microsoft Registry Steals WiFi Passwords and Captures Screens
Security researchers at Koi Security have uncovered a sophisticated malware campaign targeting developers through the Visual Studio Code Marketplace. The attack uses two seemingly innocent extensions a dark theme and an AI assistant to unleash a potent infostealer capable of capturing screenshots, hijacking browser sessions, and stealing Wi-Fi passwords. The malicious extensions, identified as >>Bitcoin BlackCodo…
-
Malicious VS Code on Microsoft Registry Steals WiFi Passwords and Captures Screens
Security researchers at Koi Security have uncovered a sophisticated malware campaign targeting developers through the Visual Studio Code Marketplace. The attack uses two seemingly innocent extensions a dark theme and an AI assistant to unleash a potent infostealer capable of capturing screenshots, hijacking browser sessions, and stealing Wi-Fi passwords. The malicious extensions, identified as >>Bitcoin BlackCodo…
-
Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities
Hypervisors the invisible backbone of modern corporate IT have become the new primary battleground for ransomware groups. According to new data from Huntress, attacks targeting hypervisors to deploy ransomware have skyrocketed in late 2025. While hypervisors like VMware ESXi and Microsoft Hyper-V power virtually all enterprise virtual machines (VMs), they often lack the security protections…
-
Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push
The release targets the Windows Recovery Environment and plays a major role in how systems recover from boot failures. The post Microsoft Issues New ‘Critical’ Windows 11 Update Amid Broader Upgrade Push appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-update-dec-2025/
-
Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities
Hypervisors the invisible backbone of modern corporate IT have become the new primary battleground for ransomware groups. According to new data from Huntress, attacks targeting hypervisors to deploy ransomware have skyrocketed in late 2025. While hypervisors like VMware ESXi and Microsoft Hyper-V power virtually all enterprise virtual machines (VMs), they often lack the security protections…
-
Akira Group Targets Hyper-V and VMware ESXi with Ransomware Exploiting Vulnerabilities
Hypervisors the invisible backbone of modern corporate IT have become the new primary battleground for ransomware groups. According to new data from Huntress, attacks targeting hypervisors to deploy ransomware have skyrocketed in late 2025. While hypervisors like VMware ESXi and Microsoft Hyper-V power virtually all enterprise virtual machines (VMs), they often lack the security protections…
-
Microsoft-365-Sicherheit Kuppingercole bescheinigt Coreview herausragende Tiefe
Das Analyseunternehmen Kuppingercole attestiert Coreview herausragende Fähigkeiten im Bereich der Microsoft-365-Sicherheit und -Resilienz: ‘Für Unternehmen, bei denen Microsoft-365 ein Element der kritischen IT-Infrastruktur ist, bietet Coreview wesentliche Cyber-Resilienz-Funktionen, die weder Microsofts native Tools noch breite Plattformlösungen wie generische IAM-Werkzeuge in ausreichender Form bereitstellen.” Da Unternehmen Microsoft-365 zunehmend ‘als ihre sensibelste Identitätsplattform ansehen, ist Coreviews fokussierter…
-
Microsoft investigates Copilot outage affecting users in Europe
Tags: microsoftMicrosoft is working to mitigate an ongoing incident that has been blocking users in Europe from accessing the company’s AI-powered Copilot digital assistant. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-investigates-copilot-outage-affecting-users-in-europe/
-
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware.The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take First seen on…
-
Malicious VSCode extensions on Microsoft’s registry drop infostealers
Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers/
-
Proofpoint CEO On Closing ‘Watershed’ $1.8B Hornetsecurity Deal, IPO Plans
Proofpoint’s acquisition of Microsoft 365 security specialist Hornetsecurity”, a $1.8 billion deal completed Monday”, sets the stage for massive new MSP opportunities with Proofpoint in the U.S. along with a possible IPO for the company in 2026, Proofpoint CEO Sumit Dhawan tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2025/proofpoint-ceo-on-closing-watershed-1-8b-hornetsecurity-deal-ipo-plans
-
Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2
The timing of this upgrade push comes during a wave of reported Windows issues. The post Microsoft Gives All Eligible PCs the Green Light for Windows 11 25H2 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows11-25h2/
-
Russian APT UTA0355 Steals Microsoft 365 OAuth Tokens via Fake Security Conference Lures and WhatsApp Support
The post Russian APT UTA0355 Steals Microsoft 365 OAuth Tokens via Fake Security Conference Lures and WhatsApp Support appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russian-apt-uta0355-steals-microsoft-365-oauth-tokens-via-fake-security-conference-lures-and-whatsapp-support/
-
Microsoft appears to move on from its most loyal ‘customers’ Contoso and Fabrikam
Outfit called ‘Zava’ selling ‘intelligent athletic apparel’ is now in the spotlight as Redmond’s fake brand for the AI age First seen on theregister.com Jump to article: www.theregister.com/2025/12/01/microsoft_contoso_fabrikam_zava/
-
AWS AI IDE, AgentCore throw down gauntlets for Microsoft
Kiro emerges as a significant alternative to GitHub Copilot agents, while AWS AgentCore updates square off against Agent 365 in the battle for enterprise AI development. First seen on techtarget.com Jump to article: www.techtarget.com/searchsoftwarequality/news/366635669/AWS-AI-IDE-AgentCore-throw-down-gauntlets-for-Microsoft
-
AI’s Closed Loops Are Tightening – Can Startups Thrive?
Closed AI Loops Are Concentrating Power – and Creating Room for Startups. Microsoft, Nvidia and Anthropic just formed the latest closed-loop artificial intelligence partnership, tying cloud, hardware and models into a single circuit. While it signals consolidation at the top, founders say it’s also creating a surprising tailwind for domain-focused AI startups. First seen on…
-
Hardening browser security with zero-trust controls
Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…