Tag: microsoft
-
Microsoft’s Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/microsoftoriginal-windows-secure-boot-certificates-expire
-
Microsoft Fixes 167 Vulnerabilities in Latest Patch Tuesday Update
Microsoft’s Patch Tuesday April 2026 release has introduced one of the most extensive security update rollouts of the year, addressing a total of 167 vulnerabilities across Windows operating systems and associated software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-april-2026/
-
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Google, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/audit-big-tech-ignores-data-collection-requests
-
Check Point Research enttarnt betrügerische Anzeigen für PlaystationJubiläumsedition
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies Ltd. veröffentlicht sein ‘Brand Phishing Ranking” für das erste Quartal 2026 und deckt darin Betrugsversuche mit Sonys Playstation 5 sowie mit vermeintlichen Software-Downloads und Login-Masken von Microsoft auf. Die neuesten Ergebnisse zeigen zudem, dass Microsoft weiterhin die am häufigsten imitierte Marke war und in…
-
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flaws
-
Microsoft announces product it doesn’t want you to buy: Extended security updates for old Exchange, and Skype for Biz
Just migrate already, would you? But if you can’t, Redmond will take your cash First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/microsoft_exchange_skype/
-
Microsoft Bets $10B to Boost Japan’s AI, Cybersecurity
The deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships, the latest move by a hyperscaler to compete for sovereign AI and data centers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-bets-10-billion-to-boost-japan-s-ai-cybersecurity
-
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability…
-
Microsoft ends desktop detour for sensitivity labels in Office web apps
Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/15/microsoft-office-sensitivity-labels-permissions/
-
Microsoft adds Windows protections for malicious Remote Desktop files
Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-protections-for-malicious-remote-desktop-files/
-
Privilege Elevation Dominates Massive Microsoft Patch Update
Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/privilege-elevation-dominates-microsoft-patch-update
-
Microsoft drops its second-largest monthly batch of defects on record
The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-april-2026/
-
Microsoft’s massive Patch Tuesday: It’s raining bugs
One CVE under attack, one already disclosed by angry bug hunter, and 163 more First seen on theregister.com Jump to article: www.theregister.com/2026/04/14/microsofts_massive_patch_tuesday/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
Microsoft Discloses ‘Monstrous’ Number Of Bugs As AI Discoveries Surge: Researcher
The unusually large number of CVEs (Common Vulnerabilities and Exposures) disclosed by Microsoft Tuesday is “likely” to be linked to AI-related developments, including the increasing discoveries of vulnerabilities using LLM-powered tools, according to a TrendAI researcher. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-discloses-monstrous-number-of-bugs-as-ai-discoveries-surge-researcher
-
Microsoft Patch Tuesday for April 2026 – Snort Rule and Prominent Vulnerabilities
Overview of patch tuesday release from Microsoft for April 2026. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/
-
Microsoft releases Windows 10 KB5082200 extended security update
Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5082200-extended-security-update/
-
Windows 11 cumulative updates KB5083769 & KB5082052 released
Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-cumulative-updates-kb5083769-and-kb5082052-released/
-
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/
-
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-fast-track-to-reinstate-windows-hardware-dev-accounts/
-
Martin Baron ist neuer Channel-Manager bei Coreview
Tags: microsoftMartin Baron ist neuer Channel Account Manager für DACH und Osteuropa bei Coreview, Spezialist für den Schutz und das Management von Microsoft-365-Tenants. Sein Schwerpunkt liegt dabei auf der Entwicklung und Umsetzung der Partnerstrategie und dem Ausbau des Partner-Ökosystems. Nach Lukas Haas und Nurschan Bisenov als Enterprise Account Executives ist Baron somit die dritte Verstärkung des…
-
DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend
Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/davmail-6-6-0-released/
-
CISA Alerts on Exploited Microsoft Exchange and Windows CLFS Security Flaws
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding two actively exploited security vulnerabilities in Microsoft products. Added to the Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026, these flaws impact the Microsoft Windows Common Log File System (CLFS) and Microsoft Exchange Server. Federal agencies and private organizations are strongly…
-
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
Tags: adobe, apple, cisa, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week,…
-
Windows 11: Microsoft testet freie Datumswahl für Updates
Microsoft testet unter Windows 11 eine Kalender-Auswahl für Update-Pausen. Ab Mai 2026 soll zudem Hotpatching störende Neustarts minimieren. First seen on golem.de Jump to article: www.golem.de/news/windows-11-microsoft-testet-freie-datumswahl-fuer-updates-2604-207525.html
-
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
Tags: adobe, cisa, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, microsoft, software, sql, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to First seen on thehackernews.com…
-
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
One was patched almost 14 years ago First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/ransomware_gang_other_crims_attacking/
-
Claude Mythos Could Flood Vendors With Fixes They Deferred
Ex-Microsoft CIO: Mythos Could Surface Known Flaws Faster Than Vendors Can Fix Them. Former Microsoft CIO Jim DuBois and IDC’s Frank Dickson say Claude Mythos Preview could rapidly surface long-known but unfixed software flaws at scale, forcing vendors and enterprises to strengthen patch validation, orchestration and deployment before attackers exploit the backlog. First seen on…
-
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mailbox-rule-abuse-stealthy-post/