Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2026-0628: Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 143.0.3650.139 01/08/2026 143.0.7499.192/.193

Microsoft Security Response Center
Open in Source
#web#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages

Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials.

Resolutions, shmesolutions (and what’s actually worked for me)

Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.

CISA warns of active attacks on HPE OneView and legacy PowerPoint

Two actively exploited flaws—one brand new, one 16 years old—have been added to CISA’s KEV catalog, signaling urgent patching.

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits. Honeypot Traps Hackers Hackers Fall for

Fake WinRAR downloads hide malware behind a real installer

We unpack a trojanized WinRAR download that was hiding the Winzipper malware behind a real installer.

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2009-0556 (CVSS score: 8.8) - A code injection vulnerability in Microsoft Office

Phishers Exploit Office 365 Users Who Let Their Guard Down

Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled are especially vulnerable.

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and

GHSA-6fg3-hvw7-2fwq: Microsoft Playwright MCP Server vulnerable to DNS Rebinding Attack; Allows Attackers Access to All Server Tools

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints.