Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It’s like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today’s work environment. But here’s the

The Hacker News
Open in Source
#microsoft#The Hacker News
Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content. The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft's Azure OpenAI Service. The tech giant is

Hackers Impersonate Taiwan’s Tax Authority to Deploy Winos 4.0 Malware

FortiGuard Labs discovers Winos 4.0 malware targeting Taiwan via phishing. Learn how this advanced threat steals data and…

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control

A Team of Female Founders Is Launching Cloud Security Tech That Could Overhaul AI Protection

Cloud “container” defenses have inconsistencies that can give attackers too much access. A new company, Edera, is taking on that challenge and the problem of the male-dominated startup world.

Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.  The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape,

Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack

A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.

A week in security (February 17 – February 23)

A list of topics we covered in the week of February 17 to February 23 of 2025

The US Is Considering a TP-Link Router Ban—Should You Worry?

Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links.

CVE-2025-1006: Chromium: CVE-2025-1426 Heap buffer overflow in GPU

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 133.0.3065.82 2/21/2025 133.0.6943.126/.127