Security News

Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks
2025-02-07 11:01

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their...

Microsoft says attackers use exposed ASP.NET keys to deploy malware
2025-02-06 20:59

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]

Critical RCE bug in Microsoft Outlook now exploited in attacks
2025-02-06 18:17

CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...]

New Microsoft script updates Windows media with bootkit malware fixes
2025-02-05 23:16

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus...

Microsoft script updates bootable media for BlackLotus bootkit fixes
2025-02-05 23:16

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus...

Hackers spoof Microsoft ADFS login pages to steal credentials
2025-02-05 18:41

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication...

CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
2025-02-05 16:45

The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply...

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
2025-02-04 05:08

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges...

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
2025-02-04 04:29

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat...

Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon
2025-02-03 23:19

The feature will no longer be available starting Feb. 28. Microsoft wants to focus on “new areas that will better align to customer needs.”