Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

How One AI Startup Founder Cornered Microsoft Into Finally Taking Down Explicit Videos of Her

Breeze Liu has been a prominent advocate for victims. But even she struggled to scrub nonconsensual intimate images and videos of herself from the web.

Wired
Open in Source
#web#google#microsoft#cisco#git#sap
Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now

For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "

Russian Groups Target Signal Messenger in Spy Campaign

These sorts of attacks reveal growing adversary interest in secure messaging apps used by high-value targets for communication, Google says.

Malwarebytes introduces native ARM support for Windows devices 

Malwarebytes now protects ARM-based Windows devices, such as Microsoft’s Surface Pro X and Lenovo’s Yoga laptops.

CVE-2025-21355: Microsoft Bing Remote Code Execution Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

$10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit

A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.

Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,