Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-47991: Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

Use after free in Microsoft Input Method Editor (IME) allows an unauthorized attacker to elevate privileges over a network.

Microsoft Security Response Center
#vulnerability#windows#microsoft#auth#Microsoft Input Method Editor (IME)#Security Vulnerability
CVE-2025-48812: Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2025-47994: Microsoft Office Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

ICC Contained Cyberattack Amid Espionage Threats and Pressure

International Criminal Court faces new "sophisticated" cyberattack in The Hague. Occurring near the NATO summit, this incident impacts the ICC as it handles major global cases.

Gamers hacked playing Call of Duty: WWII—PC version temporarily taken offline

The Call of Duty team confirmed that the PC edition of WWII has been taken offline following "reports of an issue."

Congratulations to the top MSRC 2025 Q2 security researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad Schlintz (nmdhkr), and 0x140ce! Check out the full list of researchers recognized this quarter here.

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According to QiAnXin's RedDrip Team, the threat actor has been active since 2023 and has switched network