Ravie LakshmananApr 17, 2026Vulnerability / Endpoint Security Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. …
Tag:
Microsoft
Safety & Security
Russia Hacked Routers to Steal Microsoft Office Tokens – Krebs on Security
by David Walker
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying …
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to …
Safety & Security
Microsoft flips security script: ‘In scope by default’ makes all vulnerabilities fair game for bug bounties
by David Walker
However, these rules of engagement prohibit red teamers from using or accessing credentials that aren’t their own, launching phishing attacks against Microsoft employees, performing denial-of-service testing or other testing that …
Safety & Security
Microsoft Patch Tuesday, December 2025 Edition – Krebs on Security
by David Walker
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that …
Safety & Security
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
by David Walker
“Microsoft Trusted Signing certificates are issued with a 72-hour validity period. After that, the certificates expire and need to be renewed. This short period makes the standard process of purchasing …
Safety & Security
Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign
by David Walker
Oct 17, 2025Ravie LakshmananMalware / Cybercrime Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign …
Safety & Security
Microsoft Patch Tuesday, September 2025 Edition – Krebs on Security
by David Walker
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this …
Safety & Security
VoidProxy phishing-as-a-service operation steals Microsoft, Google login credentials
by David Walker
“By offering this sophisticated PhaaS, VoidProxy lowers the technical barrier for a wide range of threat actors to execute AitM phishing attacks. Accounts compromised using PhaaS platforms facilitate numerous malicious …
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, …
- 1
- 2