Security News

Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog,...

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. [...]

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private...

Free unofficial patches are available for a new Windows zero-day vulnerability that can let remote attackers steal NTLM credentials by tricking targets into viewing malicious files in Windows...

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns...

Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. Until NTLM gets...

Microsoft's OS sure loves throwing your creds at remote systems Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users' OS...

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. [...]

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability...