Tag: microsoft
-
Windows 11 KB5070773 emergency update fixes Windows Recovery issues
Microsoft has released an emergency update to fix the Windows Recovery Environment (WinRE), which became unusable on systems with USB mice and keyboards after installing the October 2025 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-usb-issue-that-made-windows-recovery-unusable/
-
CISA Warns of Actively Exploited Windows SMB Vulnerability
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, threat, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows Server Message Block (SMB) vulnerability to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting the security flaw in the wild. The vulnerability, tracked as CVE-2025-33073, affects the Windows SMB Client and could allow attackers to escalate privileges on…
-
CISA Warns of Actively Exploited Windows SMB Vulnerability
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, threat, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Microsoft Windows Server Message Block (SMB) vulnerability to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively exploiting the security flaw in the wild. The vulnerability, tracked as CVE-2025-33073, affects the Windows SMB Client and could allow attackers to escalate privileges on…
-
Channel-Partner aufgepasst: Microsoft-Tools und Know-how praxisnah erleben
Die ADN Microsoft CSP Week ist zurück und bringt vom 24. bis 28. November 2025 eine außergewöhnliche Reihe an Top-Speakern und Branchenexpert:innen auf die virtuelle Bühne. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/channel-partner-aufgepasst-microsoft-tools-und-know-how-praxisnah-erleben/a42420/
-
October updates break USB input in Windows Recovery
Microsoft has confirmed that this month’s security updates disable USB mice and keyboards in the Windows Recovery Environment (WinRE), making it unusable. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-october-updates-break-usb-mice-and-keyboards-in-windows-recovery/
-
Five New Exploited Bugs Land in CISA’s Catalog, Oracle and Microsoft Among Targets
Tags: business, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, oracle, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a First seen…
-
Winos 4.0 Malware Uses Weaponized PDFs Posing as Government Departments to Infect Windows Machines
Security researchers are tracking a high-severity malware campaign that uses weaponized PDF files to distribute the Winos 4.0 malware. The threat actors impersonate government departments to trick users into opening malicious documents that infect Microsoft Windows machines. The campaign, first observed in early 2025, has since expanded its operations from Taiwan to Japan and Malaysia,…
-
Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with self-spreading malware called GlassWorm that has been installed an estimated 35,800 times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/self-spreading-glassworm-malware-hits-openvsx-vs-code-registries/
-
Microsoft fixes Windows Server Active Directory sync issues
Microsoft is rolling out a fix for Active Directory issues affecting some Windows Server 2025 systems after installing security updates released since September. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-active-directory-sync-issues/
-
Find hidden malicious OAuth apps in Microsoft 365 using Cazadora
Malicious OAuth apps can hide inside Microsoft 365 tenants. Huntress Labs’ Cazadora script helps uncover rogue apps before they lead to a breach. Dive deeper in their Tradecraft Tuesday sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/find-hidden-malicious-oauth-apps-in-microsoft-365-using-cazadora/
-
Microsoft warns of Windows smart card auth issues after October updates
Microsoft says the October 2025 Windows security updates are causing smart card authentication and certificate issues due to a change designed to strengthen the Windows Cryptographic Services. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-october-security-updates-cause-windows-smart-card-auth-issues/
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Threat actors are spreading malicious extensions via VS marketplaces
What are VS extensions: Extensions and themes can be added to Visual Studio code to make life easier for developers, as well as to enhance functionality. An extension can add features like debuggers, new languages, or other development tools, while a theme is a type of extension that changes the appearance of the editor, controlling things like colors…
-
Wenn KI angreift: Microsoft warnt vor neuer Phishing-Welle
Der Fall zeigt deutlich: Künstliche Intelligenz ist längst ein entscheidender Faktor in der Cybersicherheit auf beiden Seiten. Während Angreifer KI zur Perfektion ihrer Täuschungen nutzen, hilft sie Verteidigern, komplexe Bedrohungen in Echtzeit zu erkennen und abzuwehren. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-ki-angreift-microsoft-warnt-vor-neuer-phishing-welle/a42411/
-
Wenn KI angreift: Microsoft warnt vor neuer Phishing-Welle
Der Fall zeigt deutlich: Künstliche Intelligenz ist längst ein entscheidender Faktor in der Cybersicherheit auf beiden Seiten. Während Angreifer KI zur Perfektion ihrer Täuschungen nutzen, hilft sie Verteidigern, komplexe Bedrohungen in Echtzeit zu erkennen und abzuwehren. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/wenn-ki-angreift-microsoft-warnt-vor-neuer-phishing-welle/a42411/
-
Microsoft admonished for role in facilitating Gaza genocide
Following credible allegations that Microsoft Azure was being used to facilitate mass surveillance and lethal force against Palestinians, which prompted the company to suspend services to the Israeli military unit responsible, human rights organisations are calling for further action First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632809/Microsoft-admonished-for-role-in-facilitating-Gaza-genocide
-
Microsoft Revokes 200+ Fake Certificates Used in Teams Malware Attack
Microsoft has revoked over 200 fraudulent code-signing certificates used in a ransomware campaign involving fake Teams installers by threat group Vanilla Tempest First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-revokes-200-fake/
-
Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
Tags: access, attack, authentication, breach, china, control, corporate, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, flaw, framework, government, group, hacker, identity, infrastructure, intelligence, Intruder, korea, microsoft, monitoring, network, ransomware, reverse-engineering, risk, russia, supply-chain, tactics, technology, theft, threat, vulnerability, zero-day, zero-trustChina or Russia? Conflicting attribution: Microsoft attributed the broader wave of SharePoint exploitations to three Chinese-linked groups: Linen Typhoon, Violet Typhoon, and a third actor it tracks as Storm-2603. The company said the attackers were preparing to deploy Warlock ransomware across affected systems.However, the source familiar with the Kansas City incident tells CSO that a…
-
Inside the messy reality of Microsoft 365 management
Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/20/microsoft-365-msp-challenges-report/
-
Windows 11 24H2/25H2 Update Breaks Mouse and Keyboard in Recovery Mode
Microsoft’s latest cumulative update for Windows 11, KB5066835, is causing significant disruptions for users, most notably by rendering USB keyboards and mice useless within the Windows Recovery Environment (WinRE). The patch, released on October 14, 2025, affects Windows 11 versions 24H2 and 25H2, along with Windows Server 2025, creating a critical roadblock for system troubleshooting…
-
Week in review: F5 data breach, Microsoft patches three actively exploited zero-days
Tags: breach, cybersecurity, data, data-breach, exploit, healthcare, microsoft, strategy, WeeklyReview, zero-dayHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a healthcare cybersecurity strategy that works In this Help Net … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/19/week-in-review-f5-data-breach-microsoft-patches-three-actively-exploited-zero-days/
-
Veeam Data Cloud für MSP stärkt Partner im wachsenden SaaS-Markt
Die Veeam Data Cloud ist weltweit über das Veeam Rental Program verfügbar und unterstützt Microsoft 365, Entra ID sowie Veeam Vault Cloud Storage. Die Unterstützung für Azure- und Salesforce-Workloads sowie kombinierte Angebote für Microsoft 365 und Entra ID wird noch in diesem Jahr erwartet. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-data-cloud-fuer-msp-staerkt-partner-im-wachsenden-saas-markt/a42404/
-
Im Visier Cyberkrimineller: Bei Erpressung, Diebstahl und Spionage Deutschland laut Microsoft auf Platz 4
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/visier-cyberkriminelle-erpressung-diebstahl-spionage-deutschland-microsoft-platz-4
-
Feeling lonely? Microsoft Copilot can now listen to your every word, watch your screen
Tags: microsoftWe’ve seen this before and it was called Cortana or Clippy First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/microsoft_copilot_updates/
-
Microsoft Windows 11 October Update Disrupts Localhost (127.0.0.1) Connectivity
Microsoft’s October 2025 Windows 11 update has introduced an unexpected connectivity issue affecting developers and IT professionals worldwide. The security patch KB5066835, released on October 14, 2025, for OS Builds 26200.6899 and 26100.6899, has disrupted localhost connections, preventing applications from accessing services running on the loopback address 127.0.0.1. The update, which primarily addressed security vulnerabilities…
-
Microsoft ist Spitzenreiter bei Markenmissbrauch
Der Security-Spezialist Check Point Software Technologies hat seinen Brand Phishing Report für das dritte Quartal 2025 vorgelegt. Die Zahlen belegen: Cyber-Kriminelle setzen verstärkt auf die Nachahmung bekannter Technologiemarken, allen voran Microsoft. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-microsoft-marke
-
Denial of Fuzzing: Rust-Safe Code Triggers Kernel Crashes in Windows
Malformed EMF files crash Windows 11 via a Rust-based kernel bug. Microsoft patches issue after Check Point’s denial-of-service discovery. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/windows-fuzzing-rust-vulnerability/
-
Microsoft Warns: Ransomware Powers Most Cyberattacks
Microsoft reports ransomware drives over half of cyberattacks, fueled by AI, automation, and credential theft. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ransomware-powers-cyberattacks/
-
Microsoft Warns: Ransomware Powers Most Cyberattacks
Microsoft reports ransomware drives over half of cyberattacks, fueled by AI, automation, and credential theft. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/ransomware-powers-cyberattacks/
-
Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates
Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-disrupts-ransomware-abusing-azure-certificates