Security News

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
2025-02-11 20:15

February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation....

Windows 10 KB5051974 update force installs new Microsoft Outlook app
2025-02-11 19:32

Microsoft has released the KB5051974 cumulative update for Windows 10 22H2 and Windows 10 21H2, which automatically installs the new Outlook for Windows app and fixes a memory leak bug. [...]

Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
2025-02-11 18:56

Today is Microsoft's February 2025 Patch Tuesday, which includes security updates for 55 flaws, including four zero-day vulnerabilities, with two actively exploited in attacks. [...]

Microsoft raises rewards for Copilot AI bug bounty program
2025-02-10 15:00

​Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...]

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
2025-02-07 18:42

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial...

Microsoft shares workaround for Windows security update issues
2025-02-07 13:53

Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. [...]

Microsoft has finally fixed Date & Time bug in Windows 11
2025-02-07 11:40

Windows 11's January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings. [...]

Microsoft Edge update adds AI-powered Scareware Blocker
2025-02-07 11:15

Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads...

Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
2025-02-07 11:01

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their...

Microsoft says attackers use exposed ASP.NET keys to deploy malware
2025-02-06 20:59

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]