SharePoint RCE Under Active Exploitation, CISA Deadline July 4
CVE-2026-45659 lets authenticated attackers with basic Site Member permissions execute arbitrary code on SharePoint servers. CISA added it to KEV after confirming active exploitation.
48 articles tagged with "Microsoft"
CVE-2026-45659 lets authenticated attackers with basic Site Member permissions execute arbitrary code on SharePoint servers. CISA added it to KEV after confirming active exploitation.
Netcraft identifies 70 new Bluekit hostnames as the phishing-as-a-service platform adopts real-time session hijacking that defeats all forms of traditional MFA.
Microsoft Threat Intelligence tracks active campaign deploying TonRAT malware against hospitality sector in Europe and Asia via fake guest complaint emails.
Microsoft extended its free Windows 10 Extended Security Updates program by a year, giving consumers security coverage through October 2027. Here's what changed and who qualifies.
A new class of CI/CD vulnerability affects repositories at Microsoft, Google, Apache, and Cloudflare. A free GitHub account is all attackers need to forge approvals and steal credentials.
Microsoft and Europol seize 66 domains and 296 servers supporting StealC and Amadey malware, recovering 25.6 million stolen credentials in coordinated takedown.
A publicly released exploit targets CVE-2026-50656 in Microsoft Defender's quarantine pipeline. Microsoft confirms the flaw but has no patch timeline yet.
Microsoft warns of CryptoBandits campaign spreading clipboard-hijacking malware through USB drives. The worm uses Tor C2, steals seed phrases, and replaces wallet addresses mid-transaction.
Security researcher Nightmare Eclipse releases fourth Microsoft Defender zero-day in months, granting SYSTEM privileges on patched Windows 10 and 11 systems. Here's what defenders need to know.
Microsoft's record-breaking June 2026 Patch Tuesday fixes 206 vulnerabilities including CVE-2026-45657, a CVSS 9.8 wormable kernel flaw allowing remote code execution without authentication.
Self-replicating Miasma malware compromises 73 Microsoft repositories across Azure, Microsoft, and MicrosoftDocs orgs. GitHub disables access as durabletask package gets reinfected.
Critical Windows Netlogon vulnerability CVE-2026-41089 enables zero-click RCE on domain controllers. Active exploitation confirmed—patch immediately.
Microsoft Exchange Server zero-day CVE-2026-42897 enables session hijacking via malicious emails. Active exploitation confirmed with no permanent fix available.
Microsoft warns of active campaign using AI chatbot recommendations to distribute GPU mining malware. Attackers target high-end graphics card owners through fake utility downloads.
Microsoft's Digital Crimes Unit seizes infrastructure behind Fox Tempest, a malware-signing service that helped Rhysida, Akira, and Qilin ransomware gangs disguise malicious code as legitimate software.
Microsoft unveils four-pillar Driver Quality Initiative at WinHEC 2026, enforcing stricter power, thermal, and security standards for Windows 11 drivers starting this year.
Microsoft unveiled MDASH, a multi-agent AI system that discovered 16 Windows vulnerabilities including 4 critical RCEs in networking and auth stacks. Now available in limited preview.
A disgruntled researcher released two unpatched Windows zero-days: YellowKey bypasses BitLocker encryption via USB, while GreenPlasma grants SYSTEM privileges. No patches available yet.
Microsoft's May 2026 Patch Tuesday addresses 120 vulnerabilities including 17 critical RCE flaws. No zero-days, but Word preview pane attacks and Netlogon bugs demand immediate attention.
CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 allowed information disclosure via injection attacks in Microsoft 365 Copilot. No admin action required.
Russian state hackers weaponize CVE-2026-32202, an incomplete patch for Windows Shell that enables zero-click NTLM hash theft. Microsoft confirms active exploitation after Akamai discovers the bypass.
Microsoft releases emergency patch for CVE-2026-40372 (CVSS 9.1), a critical ASP.NET Core flaw allowing attackers to forge authentication cookies and gain SYSTEM privileges on Linux and macOS servers.
Kaspersky discloses PhantomRPC, an architectural Windows RPC vulnerability enabling SYSTEM-level privilege escalation across all Windows versions. Microsoft declined to patch despite five exploitation paths.
Microsoft's KB5082063 causes LSASS crashes on non-Global Catalog domain controllers using PAM. Affected servers stuck in restart loops - no fix yet.
Microsoft's April 2026 Patch Tuesday fixes 167 vulnerabilities including CVE-2026-32201, an actively exploited SharePoint zero-day. Eight critical RCE flaws patched.
Microsoft tracks Storm-2755 'Payroll Pirate' using poisoned search results and AiTM phishing to hijack Canadian employee direct deposits. HR systems compromised.
Microsoft found an intent redirection vulnerability in EngageLab's Android SDK affecting 50M+ app installs. Crypto wallets with 30M users were at risk.
Microsoft Defender Experts identify multi-stage malware campaign using WhatsApp messages to deliver VBS scripts that bypass UAC and establish persistent Windows backdoors.
Microsoft Azure Kubernetes Service has a critical auth bypass (CVE-2026-33105) with a perfect CVSS 10.0 score. Unauthenticated attackers can escalate to cluster admin—patch now.
Classic Outlook users can finally sync Gmail again after Microsoft resolves OAuth token issue that blocked email synchronization since February 26. Here's what happened and how to restore access.
Global coalition seizes 330 domains powering Tycoon 2FA, a phishing-as-a-service platform that bypassed MFA to compromise 96,000 victims across 500,000 organizations.
CISA added Microsoft SharePoint CVE-2026-20963 to the KEV catalog after confirming active exploitation. Federal agencies must patch by March 21.
Microsoft exposes Storm-2561 campaign using SEO manipulation to distribute fake Cisco, Fortinet, and Ivanti VPN clients that steal enterprise credentials.
Microsoft's March 2026 Patch Tuesday addresses 83 vulnerabilities including two publicly disclosed zero-days in SQL Server and .NET. Eight flaws rated Critical.
Windows Autopatch will deliver rebootless security updates automatically for eligible devices starting May 2026. IT admins can opt out beginning April 1.
Microsoft confirms Copilot bug bypassed DLP policies, reading confidential emails without authorization. European Parliament blocked Copilot over concerns.
CVE-2026-26119 lets attackers escalate from standard user to domain admin via improper authentication. Microsoft rates exploitation 'more likely.'
CVE-2026-26030 in Microsoft's Semantic Kernel Python SDK enables unauthenticated RCE through InMemoryVectorStore. Upgrade to 1.39.4 immediately.
Microsoft Defender Experts track expanding infostealer campaigns hitting macOS via ClickFix prompts, malicious DMG installers, and Python-based stealers. DigitStealer, MacSync, and AMOS lead the wave.
Microsoft warns of ClickFix variant that deliberately crashes Chrome, then social-engineers victims into running PowerShell. Only domain-joined hosts targeted.
Microsoft's February 2026 Patch Tuesday fixes 59 flaws including six actively exploited zero-days. CrowdStrike confirmed CVE-2026-21533 was used in attacks targeting US and Canada since December.
CVE-2026-21509 bypasses OLE security protections across Office 2016-2024. CISA adds it to KEV catalog with February 16 deadline.
KB5074109 update causing UNMOUNTABLE_BOOT_VOLUME errors on some Windows 11 devices. Physical machines affected; VMs appear unimpacted.
Microsoft disrupts multi-stage attack combining adversary-in-the-middle phishing with BEC. Attackers abused SharePoint and inbox rules for persistence.
Varonis researchers disclosed a vulnerability chain that let attackers exfiltrate user data through Copilot with a single malicious link click. Microsoft has patched the issue.
Coordinated takedown seizes cybercrime service that enabled 191,000 account compromises. Operation marks Microsoft's 35th action against criminal infrastructure.
January 2026 Patch Tuesday addresses CVE-2026-20805, an info disclosure bug already under attack. CISA gives feds until February 3 to patch.
Threat actors spoof organization domains by abusing complex mail routing and weak DMARC policies. Microsoft blocked 13 million malicious emails in October alone.