Collecting Cyber-News from over 60 sources

Tag: microsoft

Microsoft Fixes Two Publicly Disclosed Zero-Days

Mar 11, 2026 10:46 AM

Tags: flaw, microsoft, update, zero-day

March Patch Tuesday sees Microsoft release updates for 79 flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-fixes-two-publicly/
Microsoft-Patchday: Gefährliche Excel-Lücke ermöglicht Datenklau mit Copilot

Mar 11, 2026 9:48 AM

Tags: microsoft

Angreifer können Daten von Excel-Nutzern abgreifen und bekommen dabei Unterstützung von Copilot. Ein ganz normaler Microsoft-Patchday also. First seen on golem.de Jump to article: www.golem.de/news/microsoft-patchday-gefaehrliche-excel-luecke-ermoeglicht-datenklau-mit-copilot-2603-206340.html
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges

Mar 11, 2026 8:47 AM

Tags: cve, cyber, flaw, identity, infrastructure, microsoft, service, threat, update, vulnerability

Microsoft has released a critical security update addressing a high-severity elevation of privilege vulnerability in Active Directory Domain Services (AD DS). This flaw, patched during the March 10, 2026, Patch Tuesday rollout, poses a significant threat to enterprise identity infrastructure by allowing attackers to gain SYSTEM-level access. Tracked as CVE-2026-25177, this security defect carries a…
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks

Mar 11, 2026 8:47 AM

Tags: attack, cve, cyber, flaw, framework, microsoft, service, update, vulnerability, zero-day

Microsoft’s March 2026 Patch Tuesday has addressed a zero-day vulnerability in the .NET framework, officially tracked as CVE-2026-26127. Disclosed publicly before a patch was available, this flaw allows unauthenticated remote attackers to trigger a denial of service (DoS) condition against applications running on affected .NET environments. The vulnerability has been categorized as an out-of-bounds read…
Microsoft Patchday März 2026 – 93 Schwachstellen in Windows, Office, Azure und Serverkomponenten

Mar 11, 2026 8:47 AM

Tags: microsoft, office, vulnerability, windows

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-maerz-2026-patches-updates-a-46bdfd333e21799fd5668565101471ba/
12 ways attackers abuse cloud services to hack your enterprise

Mar 11, 2026 8:47 AM

Tags: access, ai, api, attack, backdoor, backup, business, ceo, china, cloud, communications, control, corporate, credentials, crowdstrike, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, endpoint, exploit, extortion, firewall, framework, group, hacking, incident, incident response, infrastructure, kubernetes, login, malicious, malware, microsoft, network, openai, phishing, ransomware, russia, service, social-engineering, threat, tool

Hiding command-and-control in trusted APIs: Attackers are also forging malware that routes C2 traffic through trusted services such as OpenAI APIs.For example, the SesameOp backdoor routes traffic through OpenAI’s Assistants API, masking C2 communications as legitimate AI development work.”In cases such as the SesameOp backdoor, traffic looks like normal AI development activity,” says Parthiban Jegatheesan,…
Microsoft Fixes 79 Vulnerabilities in March 2026 Patch Tuesday, Mitigating Two Exploited 0-Days

Mar 11, 2026 7:47 AM

Tags: cyber, exploit, microsoft, office, sql, update, vulnerability, windows, zero-day

Microsoft has released its March 2026 Patch Tuesday updates, successfully addressing 79 security vulnerabilities across various products and mitigating two publicly disclosed zero-day flaws. These critical security updates provide essential fixes for enterprise systems, including Microsoft Windows, Office, SQL Server, and the .NET framework. March 2026 Vulnerability Overview The March 2026 Patch Tuesday addresses a…
Microsoft SQL Server Zero-Day Exposes Privilege Escalation Risk for Users

Mar 11, 2026 6:48 AM

Tags: control, cve, cvss, cyber, flaw, malicious, microsoft, risk, sql, unauthorized, vulnerability, zero-day

Microsoft has disclosed a critical security flaw affecting SQL Server, officially tracked as CVE-2026-21262. Released on March 10, 2026, this elevation of privilege vulnerability exposes organizations to significant risks by allowing malicious actors to gain unauthorized control over enterprise database environments. With a maximum severity rating of >>Important<< and a CVSS 3.1 score of 8.8,…
Microsoft Patch Tuesday, March 2026 Edition

Mar 11, 2026 5:48 AM

Tags: flaw, microsoft, update, vulnerability, windows, zero-day

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to February’s five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this…
Microsoft 365 confirms new premium tier, stuffed with AI and few discounts

Mar 11, 2026 5:48 AM

Tags: ai, microsoft

E7 arrives with a hefty price. Got to keep those shareholders happy First seen on theregister.com Jump to article: www.theregister.com/2026/03/09/microsoft_adds_a_premium_tier/
Microsoft Patches 83 CVEs in March Update

Mar 11, 2026 5:48 AM

Tags: cve, microsoft, update

For a change, there’s little in this month’s Patch Tuesday that should cause panic, according to security experts. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-patches-83-cves-march-update
March Patch Tuesday: Three high severity holes in Microsoft Office

Mar 11, 2026 1:48 AM

Tags: ai, apache, backup, browser, chrome, cloud, credentials, cve, cvss, cyber, email, endpoint, exploit, google, incident, incident response, injection, insurance, iot, linux, macOS, malicious, microsoft, network, office, sap, soc, sql, tool, update, vulnerability, windows

aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
Microsoft Patch Tuesday security updates for March 2026 fixed 84 bugs

Mar 11, 2026 1:48 AM

Tags: exploit, flaw, microsoft, office, sql, update, vulnerability, windows

Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities in its products. None of the flaws are known to be exploited so far. Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities across its products. The IT giant addressed flaws across Windows, Office, Edge, Azure, SQL Server, Hyper-V, and ReFS. Including…
Microsoft patches zero-days in .NET and SQL Server

Mar 11, 2026 12:47 AM

Tags: microsoft, rce, remote-code-execution, sql, update, zero-day

Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday update. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639784/Microsoft-patches-zero-days-in-NET-and-SQL-Server
Hackers Pose as IT Staff in Microsoft Teams to Install Malware

Mar 11, 2026 12:47 AM

Tags: access, corporate, hacker, malware, microsoft

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. The post Hackers Pose as IT Staff in Microsoft Teams to Install Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-teams-it-impersonation-malware-attack/
Microsoft Patch Tuesday for March 2026, Snort rules and prominent vulnerabilities

Mar 10, 2026 11:48 PM

Tags: microsoft, update, vulnerability

Microsoft has released its monthly security update for”¯March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as “critical.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-march-2026/
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)

Mar 10, 2026 10:48 PM

Tags: access, ai, attack, authentication, best-practice, cve, cyber, data, dos, exploit, flaw, identity, infrastructure, iot, linux, microsoft, mobile, office, rce, remote-code-execution, service, sql, tool, update, vulnerability, windows

8Critical 75Important 0Moderate 0Low Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released. Microsoft patched 83 CVEs in its March 2026 Patch Tuesday release, with eight rated critical and 75 rated as important. Our counts omitted one CVE (CVE-2026-26030) assigned by GitHub. This month’s update includes patches…
Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack

Mar 10, 2026 10:48 PM

Tags: attack, data, finance, microsoft

Could steal sensitive personal and financial data First seen on theregister.com Jump to article: www.theregister.com/2026/03/10/zeroclick_microsoft_info_disclosure_bug/
Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days

Mar 10, 2026 9:48 PM

Tags: exploit, microsoft, update, vulnerability, zero-day

The vendor said six of the 83 vulnerabilities it addressed this month are more likely to be exploited. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-march-2026/
Teams Social Engineering Campaign Drops A0Backdoor Malware

Mar 10, 2026 9:48 PM

Tags: malware, microsoft, social-engineering

Attackers are using Microsoft Teams impersonation to deliver A0Backdoor malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teams-social-engineering-campaign-drops-a0backdoor-malware/
Windows 11 KB5079473 & KB5078883 cumulative updates released

Mar 10, 2026 7:49 PM

Tags: microsoft, update, vulnerability, windows

Microsoft has released Windows 11 KB5079473 and KB5078883 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5079473-and-kb5078883-cumulative-updates-released/
Microsoft releases Windows 10 KB5078885 extended security update

Mar 10, 2026 7:49 PM

Tags: microsoft, update, vulnerability, windows, zero-day

Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting down. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5078885-extended-security-update/
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

Mar 10, 2026 7:49 PM

Tags: flaw, microsoft, update, zero-day

Today is Microsoft’s March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/
Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys

Mar 10, 2026 5:47 PM

Tags: authentication, microsoft, passkey, phishing, windows

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-entra-brings-phishing-resistant-sign-in-to-windows/
Microsoft flips Windows Autopatch to default hotpatch security updates

Mar 10, 2026 3:48 PM

Tags: microsoft, update, windows

Microsoft is changing the default behavior in Windows Autopatch so that hotpatch security updates are enabled automatically for eligible devices managed through Microsoft … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/microsoft-windows-autopatch-default-security-updates/
Microsoft to enable Windows hotpatch security updates by default

Mar 10, 2026 12:47 PM

Tags: api, microsoft, update, windows

Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-enable-hotpatch-security-updates-by-default-in-may/
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform

Mar 10, 2026 10:47 AM

Tags: 2fa, email, infrastructure, law, microsoft, phishing, service

Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide. The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
WA auditor general flags weak Microsoft 365 security controls across state entities

Mar 10, 2026 8:47 AM

Tags: breach, control, data, government, microsoft, office

Western Australia’s Office of the Auditor General has uncovered weaknesses in M365 configurations across seven government agencies, leading to compromised accounts and data breaches First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639954/WA-auditor-flags-weak-Microsoft-365-security-controls-across-state-entities