Cybersecurity

Microsoft has released its monthly security updates, addressing a total of 57 vulnerabilities across its software suite. Notably, this update includes fixes for six zero-day vulnerabilities that have been actively exploited in the wild,...

Microsoft has removed DES encryption from Windows 11 24H2 and Windows Server 2025, requiring a shift to AES-based Kerberos authentication for enhanced security.

Microsoft has rolled out patches for 55 flaws, including zero-days in Windows Core Messaging and NTFS, urging immediate updates to protect enterprise and hybrid environments.

Microsoft Edge’s new scareware blocker uses AI and computer vision to protect users from malicious pop-ups and scams in real time.

Cybersecurity experts warn that Microsoft’s OneDrive Offline Mode leaves sensitive OCR data vulnerable in unprotected local databases.

Microsoft has focused its January 2025 patch tuesday cycle on fixing critical Hyper-V and OLE flaws, securing virtualized environments and enterprise workflows.

December 2024 Patch Tuesday addresses 71 vulnerabilities, with 16 critical remote code execution issues and one zero-day.

A simple 'stop' button click can exploit ChatGPT's safeguards, exposing unfiltered outputs.

Microsoft unveils hotpatching for Windows 11 Enterprise, offering restart-free updates to enhance security and productivity.

Microsoft has updated the Windows 11 WebAuthn APIs, enabling third-party passkey plugins and advancing passwordless authentication capabilities.

Microsoft’s new Administrator Protection in Windows 11 combats credential theft by isolating admin privileges with temporary tokens.

Microsoft's November 2024 Windows 11 update addresses critical zero-day vulnerabilities and enhances user features, including a new Copilot key configuration.

Legacy components of Internet Explorer continue to expose users to malware attacks, as hackers leverage vulnerabilities in outdated software for cyber espionage.

A bug in Microsoft’s cloud services caused the loss of security logs for weeks, potentially exposing customer networks to unseen threats. Businesses using Microsoft’s Entra, Sentinel, and other services lost access to critical data,...

The cybercriminal group Void Banshee has been exploiting a zero-day defect in Windows known as CVE-2024-43461, linked to the MSHTML engine, in their cyber attacks. Initially flagged during Microsoft’s September 2024 Patch Tuesday, the...

In its latest security update for September 2024, Microsoft has addressed a total of 79 vulnerabilities. The rollout includes four zero-day flaws that are being actively exploited, demanding prompt action from IT administrators. Detailed Breakdown The...

A recent security update from Microsoft has led to boot problems for users with dual-boot systems featuring both Windows and Linux, the company has confirmed. The update, intended to fix a vulnerability in GRUB,...

Microsoft has pushed back the rollout of its AI-backed Recall feature, initially slated for release to Windows Insiders. The new deployment is now expected in October. The delay is a result of privacy and safety...

The Lazarus group, a hacking collective with ties to North Korea, has been identified leveraging a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit. The vulnerability, cataloged...

A critical security gap in Windows SmartScreen has been sealed by Microsoft after hackers exploited it for several months. The flaw, tagged as CVE-2024-38213, allowed malicious actors to bypass SmartScreen’s protective measures, intended to...

Cybersecurity firm TrustedSec has introduced "Specula," a framework aimed at post-exploitation stages and targeting Microsoft Outlook. Microsoft says the tool exploits the CVE-2017-11774 vulnerability, allowing remote code execution through Windows Registry manipulation, despite an...

Numerous Windows systems worldwide are experiencing Blue Screen of Death (BSOD) errors, impacting sectors including banking, aviation, and media. The source of the issue has been traced to a problematic update from cybersecurity company...

The threat actors employ JavaScript within HTML attachments and hijacked websites to generate fake error notifications.

Microsoft’s plan to delay the feature and enhance is a reaction to widespread criticism from privacy advocates and cybersecurity experts.

Microsoft is emphasizing the transition to Modern Authentication to provide enhanced security against email-based threats.

The UK's Information Commissioner's Office has announced that it is making inquiries with Microsoft to understand the privacy safeguards in place.

Windows path flaw lets attackers hide files, mimic trusted programs, and create rootkits without admin rights.

Microsoft patents new AI that recognizes faces and groups photos based on relationships, aiming to improve photo management

Pwn2Own Vancouver exposed critical security holes in Tesla, Windows 11, and popular software. Hackers won big for finding zero-day exploits

Hackers exploited a Windows zero-day (CVE-2024-21412) to deliver DarkGate malware via fake software installers.