Microsoft
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly …
How Russian hackers went after NGOs’ WhatsApp accounts
Star Blizzard, a threat actor tied to the Russian Federal Security Service (FSB), was spotted attempting to compromise targets’ WhatsApp accounts through a clever …
New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a …
Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) …
January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
January 2025 Patch Tuesday is now live: Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Welcome to 2025 and a new year of patch excitement! In my December …
Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
NEW STORY: Thursday, January 9, 07:30 ET Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting Ivanti …
Balancing proprietary and open-source tools in cyber threat research
In this Help Net Security interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses how threat research drives faster, better decision-making in …
Microsoft enforces defenses preventing NTLM relay attacks
Since making Kerberos the default Windows authentication protocol in 2000, Microsoft has been working on eventually retiring NTLM, its less secure and obsolete counterpart. …
Microsoft fixes exploited zero-day (CVE-2024-49138)
On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by …
Microsoft: “Hack” this LLM-powered service and get paid
Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve …
December 2024 Patch Tuesday forecast: The secure future initiative impact
December 2024 Patch Tuesday is now live: Microsoft fixes exploited zero-day (CVE-2024-49138) It seems like 2024 just started, but the final Patch Tuesday of the year is almost …
Microsoft asks Windows Insiders to try out the controversial Recall feature
Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that …
Featured news
Resources
Don't miss
- AI security posture management will be needed before agentic AI takes hold
- Don’t let these open-source cybersecurity tools slip under your radar
- Cyber trends set to influence business strategies
- How to use Apple’s App Privacy Report to monitor data tracking
- North Korean IT workers are extorting employers, FBI warns