Microsoft News Articles

NTLM Hash Exploit Targets Poland and Romania Days After Patch

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild

56 minutes ago

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) - Help Net Security

CVE-2025-24054 has been exploited by threat actors in campaigns targeting government and private institutions in Poland and Romania.

5 hours ago

Multiple Groups Exploit NTLM Flaw in Microsoft Windows

The attacks have been going on since shortly after Microsoft patched the vulnerability in March.

20 hours ago

This Windows Vulnerability Lets Hackers Into Your PC in Just 300 Milliseconds

Hackers can get into your system almost faster than you can blink.

21 hours ago

Windows NTLM Vulnerability Actively Exploit in the Wild to Hack Systems

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide.

22 hours ago

Hackers Exploiting Windows NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals have been actively exploiting a critical vulnerability in Windows systems, identified as CVE-2025-24054. This vulnerability leverages NTLM hash disclosure through spoofing techniques.

1 day ago

Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds

A critical vulnerability in Windows 11 allowed attackers to escalate from a low-privileged user to full system administrator rights in just 300 milliseconds. 

1 day ago

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Don't delete this alarming new Windows folder — here's why.

2 days ago

Don't delete inetpub folder. It's a Windows security fix

Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended...

3 days ago

No, it’s not OK to delete that new inetpub folder

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

3 days ago

Microsoft Warns Millions Of Windows Users To Never Delete This Folder

You may have noticed a new folder in your root folder after applying the latest cumulative update.

3 days ago

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Don't delete this alarming new Windows folder — here's why.

4 days ago

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete

Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty

6 days ago

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day

6 days ago

Microsoft: Zero-day bug used in ransomware attacks on US real estate firms

Microsoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims.

1 week ago

Microsoft’s April 2025 bumper Patch Tuesday corrects 124 bugs | Com...

Microsoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’.

1 week ago

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain Services (AD DS).

1 week ago

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

Windows zero-day CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.

1 week ago

Patch Tuesday, April 2025 Edition

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware…

1 week ago

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability

Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.

1 week ago

Windows CLFS zero-day exploited in ransomware attacks

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

1 week ago

Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to ...

1 week ago

Microsoft fixes 124 flaws, including one under active exploitation

An elevation of privilege vulnerability in the Windows Common Log File System was added to CISA's KEV list.

1 week ago

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

1 week ago

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) - Help Net Security

For April 2025 Patch Tuesday, Microsoft delivers fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) under active attack.

1 week ago

Microsoft: Windows CLFS zero-day exploited by ransomware gang

Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems.

1 week ago

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.

2 weeks ago

A Deep Dive into Water Gamayun's Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.

3 weeks ago

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

3 weeks ago

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

A sophisticated campaign by Russian threat actors exploiting a critical zero-day vulnerability in the Microsoft Management Console (MMC).

3 weeks ago

EncryptHub linked to MMC zero-day attacks on Windows systems

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.

3 weeks ago

CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin

Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data.

3 weeks ago

CVE-2025-24071 Windows File Explorer Spoofing Vulnerability Uncovered, Patch Now

A vulnerability in Windows File Explorer, indicated as CVE-2025-24071, may be exploited in the wild after the public release of the PoC exploit

1 month ago

Critical Windows Vulnerability Exposes NTLM Passwords

A critical vulnerability in Microsoft Windows File Explorer, known as CVE-2025-24071, has been identified as a significant threat, enabling attackers to covertly…

1 month ago

Microsoft Windows NTLM File Explorer Vulnerability Exploited in The Wild - PoC Released

A significant vulnerability in Microsoft Windows File Explorer, identified as CVE-2025-24071, has been discovered.

1 month ago

Microsoft Windows File Explorer Vulnerability Let Attackers Perform Network Spoofing - PoC Released

A critical vulnerability in Windows File Explorer, identified as CVE-2025-24071, enables attackers to steal NTLM hashed passwords.

1 month ago

Critical Windows Vulnerability Leaks NTLM Hashes Without User Interaction

Security researchers have discovered and documented a critical Windows vulnerability (CVE-2025-24071) that enables attackers to steal authentication credentials without any user interaction. The...

1 month ago

Windows File Explorer Vulnerability Enables Network Spoofing Attacks: PoC Released

A critical vulnerability in Windows File Explorer has been discovered, allowing attackers to capture NTLM hashes and potentially exploit them for network spoofing attacks.

1 month ago

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017.

1 month ago

February trending vulnerability digest

After conducting a detailed analysis in January, we've compiled a list of vulnerabilities that are currently classified as trending. These represent the most dangerous security flaws, either currently being widely exploited by cybercriminals or likely to be exploited in the near future.

CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation

2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild

Attackers have been exploiting this flaw in the wild since March 2023, making it one of the longest-running active exploits before remediation.

Microsoft Fixes Six Actively-Exploited 0-Day Flaws In Patch Tuesday Rollout, Update ASAP

Microsoft released patches for 57 security flaws, six of which are already being exploited, while cybersecurity experts describe another six as critical.

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

Microsoft patches 57 vulnerabilities, including 6 zero-days

More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.

Windows kernel bug exploited in the wild for two years

A Windows kernel vulnerability patched today by Microsoft has been actively exploited in the wild for two years, claims security firm ESET.

Zero Day Initiative — The March 2025 Security Update Review

We’ve reached the third Patch Tuesday of 2025, and, as expected, Microsoft and Adobe have released their latest security offerings. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering th

Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks

Blind Eagle targeted 1,600 victims in Colombia using spear-phishing, exploiting CVE-2024-43451, and distributing malware via GitHub and Bitbucket.

APT 'Blind Eagle' Targets Colombian Government

The South American-based advanced persistent threat group is using an exploit with a "high infection rate," according to research from Check Point.