Microsoft

Exploits Target Office CVE-2024-21413 Flaw Microsoft Patched a Year Ago

The flaw can lead to remote code execution

Thousands of ASP.NET Sites at Risk from Publicly Exposed Machine Keys

Microsoft warns that over 3,000 publicly disclosed ASP.NET machine keys could enable ViewState code injection attacks, leading to remote code execution.

Zero-Click OLE RCE (CVE-2025-21298) - Microsoft Outlook Impacted

Simply previewing a malicious RTF file in Microsoft Outlook can trigger the exploit—no additional clicks needed.

Microsoft Patches CVE-2024-49138 Windows Zero Day

The bug is in one of the drivers in Windows and is under active exploitation

Russian APT Secret Blizzard Piggybacks on Other Groups' Infrastructure

The FSB-affiliated group has taken over other APT teams' C2 servers and tools

Russian Group RomCom Used Firefox, Windows Zero Days in Recent Attacks

The RomCom attackers used two zero days to target companies worldwide

Microsoft Wants You to Hack Its AI

Microsoft is launching a new addition to its bug bounty program, along with a new, invitation-only hacking contest

Microsoft Fixes Exploited Windows Task Scheduler Bug

Microsoft has fixed an important-severity EoP bug in Windows Task Scheduler (CVE-2024-49039), which is being exploited in attacks.

New Midnight Blizzard Campaign Uses RDP Files to Gain Access

Microsoft researchers have identified a new spear-phishing campaign by Russian threat actor Midnight Blizzard.

Attackers Exploiting CVE-2024-38094 in SharePoint

Attackers are exploiting a Microsoft SharePoint vulnerability that the company disclosed–and patched–in July.

Microsoft Fixes Two Actively Exploited Bugs