Tag: microsoft
-
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
New research has exposed a search engine poisoning campaign that delivers a trojanized TestDisk installer, abuses a Microsoft-signed binary for DLL sideloading, and silently deploys the ScreenConnect remote monitoring and management (RMM) client for hands-on keyboard access. The rogue domain copies the branding of the real open-source data recovery tool, presenting itself as “The Ultimate…
-
Mythos and Cybersecurity
Tags: access, ai, apple, crowdstrike, cybersecurity, exploit, microsoft, service, software, vulnerabilityLast week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations”, Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical…
-
Another Microsoft Defender privilege escalation bug emerges days after patch
Second Defender-based LPE in days: The Defender flaw addressed earlier this week as part of Patch Tuesday was one of the two zero-day bugs Microsoft fixed, and it also allowed local privilege escalation stemming from “insufficient granularity of access control.”While Microsoft attributed the discovery of the flaw, tracked as CVE-2026-33825, to security researcher Zen Dodd,…
-
Sometimes changing the password on your email mailbox isn’t enough
Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. First seen on fortra.com Jump to article: www.fortra.com/blog/sometimes-changing-password-your-email-mailbox-isnt-enough
-
Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches
Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers after deploying the April 2026 cumulative update KB5082063 (OS Build 26100.32690), released on April 14, 2026. Affected domain controllers are entering repeated restart loops, and a separate but related issue is triggering BitLocker recovery prompts on enterprise-managed systems post-update. Reboot Loop Issue…
-
Microsoft announces product it doesn’t want anyone to buy
Tags: microsoftJust migrate already, would you? But if you can’t, Redmond will take your cash First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/microsoft_exchange_skype/
-
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/microsoft-defender-zero-days-exploited/
-
Nach Microsoft-Patchday: Update-Fehler und ständige Reboots bei Windows Server
IT-Admins haben mit den April-Updates für Windows Server allerhand zu tun. Die Updates können fehlschlagen oder wiederholte Reboots auslösen. First seen on golem.de Jump to article: www.golem.de/news/nach-microsoft-patchday-update-fehler-und-staendige-reboots-bei-windows-server-2604-207693.html
-
Some Windows servers enter reboot loops after April patches
Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-reboot-loops-affecting-some-domain-controllers/
-
Microsoft Fixes 167 Vulnerabilities in Latest Patch Tuesday Update
Microsoft’s Patch Tuesday April 2026 release has introduced one of the most extensive security update rollouts of the year, addressing a total of 167 vulnerabilities across Windows operating systems and associated software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-april-2026/
-
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Google, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/audit-big-tech-ignores-data-collection-requests
-
Check Point Research enttarnt betrügerische Anzeigen für PlaystationJubiläumsedition
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies Ltd. veröffentlicht sein ‘Brand Phishing Ranking” für das erste Quartal 2026 und deckt darin Betrugsversuche mit Sonys Playstation 5 sowie mit vermeintlichen Software-Downloads und Login-Masken von Microsoft auf. Die neuesten Ergebnisse zeigen zudem, dass Microsoft weiterhin die am häufigsten imitierte Marke war und in…
-
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flaws
-
Microsoft announces product it doesn’t want you to buy: Extended security updates for old Exchange, and Skype for Biz
Just migrate already, would you? But if you can’t, Redmond will take your cash First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/microsoft_exchange_skype/
-
Microsoft Bets $10B to Boost Japan’s AI, Cybersecurity
The deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships, the latest move by a hyperscaler to compete for sovereign AI and data centers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-bets-10-billion-to-boost-japan-s-ai-cybersecurity
-
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability…
-
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…
-
April Patch Tuesday brings zero-days in Defender, SharePoint Server
Microsoft’s latest Patch Tuesday update may be one of the largest in history, with more than 160 issues in scope First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641679/April-Patch-Tuesday-brings-zero-days-in-Defender-SharePoint-Server
-
Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days
Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-165-vulnerabilities-april-2026/
-
What to do When Your AI Guardrails Fail
I want to talk about a bug. Not because the bug itself was exceptional, but because what it exposed should change how every organisation architects AI governance. For several weeks earlier this year, Microsoft 365 Copilot read and summarised confidential emails despite sensitivity labels and Data Loss Prevention policies being correctly configured to block that…
-
QA: Your Face Is Now Part of the Threat Landscape, Warns Sarah Armstrong-Smith
Sarah Armstrong-Smith brings rare front-line authority to the cyber resilience conversation, with a career shaped by some of the most defining digital threats of the modern era. From the Millennium Bug through to board-level cyber strategy at Microsoft and the London Stock Exchange Group, her perspective is grounded in real crisis leadership, not theory. That…
-
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/
-
April Windows Server 2025 update may fail to install
Microsoft is investigating an issue causing this month’s KB5082063 security update to fail to install on some Windows Server 2025 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-2025-update-may-fail-to-install/
-
April Windows Server 2025 update may fail to install
Microsoft is investigating an issue causing this month’s KB5082063 security update to fail to install on some Windows Server 2025 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-2025-update-may-fail-to-install/
-
Medium-severity flaw in Microsoft SharePoint exploited
The flaw should be taken seriously, despite its relatively low score, according to researchers. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/medium-severity-flaw-microsoft-sharepoint-exploitation/817559/
-
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-pays-23-million-for-cloud-and-ai-flaws-at-zero-day-quest/
-
Microsoft’s Windows Recall still allows silent data extraction
Exploitation risk: The barrier to weaponizing this technique is lower than Microsoft’s security messaging would suggest, Hagenah said.”They only need code running in the user’s context and a way to reuse the authorized Recall session,” he said. “That is a much lower bar than many people would assume from Microsoft’s security messaging.”While Recall’s limitation to…
-
New PoC Exploit Published for Microsoft Defender 0-Day Flaw
A security researcher operating under the alias >>Chaotic Eclipse<< has publicly released a proof-of-concept (PoC) exploit for a vulnerability in Microsoft Defender. Published on April 15, 2026, the exploit targets a flaw in CVE-2026-33825, a recently patched vulnerability. The uncoordinated release highlights an escalating conflict between independent security researchers and Microsoft's vulnerability disclosure programs. Public…
-
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, including Cisco, Microsoft, Google, ConnectWise, Langflow, Citrix, Aquasecurity, Nginx UI, Qualcomm, F5, Craft CMS, Laravel, Apple,…