Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

A pair of flaws in Microsoft's Entra ID identity and access management system could have allowed an attacker to gain access to virtually all Azure customer accounts.

Wired
Open in Source
#vulnerability#microsoft#git#perl#auth
Disrupted phishing service was after Microsoft 365 credentials

Microsoft and Cloudflare have delivered a major blow to the fastest growing Phishing-as-a-Service operation called RaccoonO365.

Update your Chrome today: Google patches 4 vulnerabilities including one zero-day

Google has issued a Chrome update to fix four high priority flaws including one zero-day, zero-click vulnerability.

CVE-2025-59216: Windows Graphics Component Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions

Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been exploited in the wild. The zero-day vulnerability in question is CVE-2025-10585, which has been described as a type confusion issue in the V8 JavaScript and WebAssembly engine. Type confusion vulnerabilities can have severe consequences as they can be

Microsoft Disrupts 'RaccoonO365' Phishing Service

Phishing-as-a-service (PhaaS) kits have become an increasingly popular way for lower-skill individuals who want to get into cybercrime.

TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks

The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels. "The threat actors continue to employ phishing emails with invoice

Chinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy Experts

A China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. "In this activity, the group masqueraded as the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well as the

Microsoft Shuts Down RaccoonO365 Phishing Ring, Seizes 338 Websites

Microsoft's Digital Crimes Unit dismantled RaccoonO365, a major phishing service that stole thousands of user credentials and targeted US healthcare organisations. Discover how the operation worked and its global impact.