Microsoft News Articles

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation

Microsoft releases urgent fix for critical WSUS flaw CVE-2025-59287 under active exploitation.

8 hours ago

Critical WSUS flaw in Windows Server now exploited in attacks

Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code.

8 hours ago

Microsoft Issues Emergency Patch for Actively Exploited Windows Server Flaw CVE-2025-59287 - WinBuzzer

Microsoft has released an urgent out-of-band patch for CVE-2025-59287, a critical, wormable RCE vulnerability in WSUS that is being actively exploited in the wild.

10 hours ago

Microsoft issues out-of-band patch for critical WSUS flaw

Microsoft has released an out-of-band update to patch a critical vulnerability in Windows Server Update Services (WSUS). The update addresses CVE-2025-59287">CVE-2025-59287, a remote code execution flaw...

13 hours ago

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) - Help Net Security

There's a new security update for CVE-2025-59287, a WSUS vulnerability that is reportedly being exploited in the wild.

13 hours ago

Microsoft Fixes Critical WSUS RCE Flaw CVE-2025-59287

Microsoft issues an urgent patch for CVE-2025-59287, a critical RCE vulnerability in Windows Server Update Services (WSUS).

13 hours ago

Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw

Microsoft released a critical patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS).

17 hours ago

Windows Server emergency patches fix WSUS bug with PoC exploit

Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code.

17 hours ago

Critical Windows Server WSUS Vulnerability Exploited in the Wild 

Microsoft released out-of-band updates to patch the WSUS vulnerability CVE-2025-59287 and exploitation of the flaw was seen just hours later. 

1 day ago

ToolShell Used to Compromise Telecoms Company in Middle East

China-based threat actors also compromised networks of government agencies in countries in Africa and South America.

2 days ago

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch

Chinese threat actors exploited a patched SharePoint flaw, CVE-2025-53770, in global espionage attacks.

2 days ago

Sharepoint ToolShell attacks targeted orgs across four continents

Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations.

3 days ago

Active Exploitation Of Windows SMB Flaw CVE-2025-33073 Spotted

CISA warns of active attacks exploiting CVE-2025-33073, a critical Windows SMB flaw allowing SYSTEM privilege escalation. Patch affected Windows systems now.

3 days ago

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) - Help Net Security

CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers.

3 days ago

Patch These Microsoft Windows Vulnerabilities Now, CISA Warns

Microsoft Windows 10 and 11 users are at risk from two new security threats — update before the CISA two-week deadline expires to stay safe.

4 days ago

Critical Windows SMB vulnerability being actively exploited in attacks

US cybersecurity agency CISA warns of active exploitation of a vulnerability in the Windows SMB protocol.

4 days ago

Feds flag active exploitation of patched Windows SMB vuln

Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited – months after it was patched. The bug, tracked as CVE-2025-33073, was added...

4 days ago

CISA Warns of Actively Exploited Windows SMB Vulnerability

The security flaw, tracked as CVE-2025-33073, has been added to CISA’s Known Exploited Vulnerabilities catalog,

4 days ago

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship…

4 days ago

Critical vulnerability in Windows SMB client: CISA raises alarm

A serious vulnerability in the Windows SMB client, CVE-2025-33073, puts corporate systems at risk. CISA urges immediate application of security patches.

4 days ago

CISA Warns of Actively Exploited Windows SMB Vulnerability

CISA has added a critical Microsoft Windows Server Message Block (SMB) vulnerability to its Known Exploited Vulnerabilities catalog.

4 days ago

CISA Warns of Actively Exploited Windows SMB Vulnerability

CISA has added a critical Microsoft Windows Server Message Block (SMB) vulnerability to its Known Exploited Vulnerabilities catalog.

4 days ago

Microsoft Windows Cloud Minifilter Flaw Enables Privilege Escalation

A security vulnerability in Microsoft Windows Cloud Minifilter has been patched, addressing a race condition that allowed attackers to escalate privileges

4 days ago

CISA: High-severity Windows SMB flaw now exploited in attacks

CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems.

4 days ago

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

Microsoft has patched CVE-2025-55315, a critical vulnerability in the ASP.NET Core open source web development framework.

1 week ago

Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the

1 week ago

CISA Alerts to Active Exploitation of Critical Windows Flaw | eSecurity Planet

CISA warns of an exploited Windows flaw that lets attackers gain control of systems.

1 week ago

Microsoft patches ASP.NET Core bug rated highly critical

Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and...

1 week ago

CISA Alerts on Actively Exploited Windows Improper Access Control Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding an actively exploited vulnerability in Microsoft Windows.

1 week ago

Microsoft patches three zero-days actively exploited by attackers - Help Net Security

On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack.

1 week ago

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

Microsoft’s October 2025 Patch Tuesday fixes 183 flaws, including three exploited zero-days and two 9.9 CVSS bugs.

1 week ago

Microsoft Drops Record-Setting Patch Update

October 2025's Patch Tuesday offers actively exploited zero-days, high-severity privilege-escalation bugs, and the end of Windows 10 updates.

1 week ago

Microsoft Patch Tuesday: 175 vulnerabilities fixed and two zero-days exploited

Microsoft has fixed 175 vulnerabilities, including two actively exploited zero-days. Learn more about vulnerabilities and security updates.

1 week ago

Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days

The tech giant addressed a record-high number of defects for the year in its latest update.

1 week ago

How Cortex Defends Against Microsoft SharePoint "ToolShell" Exploits - Palo Alto Networks Blog

Cortex defends against the new "ToolShell" attack chain, which exploits vulnerabilities to achieve full remote code execution without requiring credentials. Cortex defends against the new "ToolShell" attack chain, which exploits vulnerabilities to achieve full remote code execution without requiring...

2 weeks ago

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

Microsoft patched CVE-2025-55241 July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world.

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft patched 80 flaws in Sept 2025, including CVE-2025-55234 SMB bug and CVSS 10 Azure risk.

PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised systems.

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

PipeMagic exploits CVE-2025-29824 in Windows, enabling RansomExx attacks in Saudi Arabia and Brazil.

PipeMagic in 2025: How the backdoor operators’ tactics have changed

We examine the evolution of the PipeMagic backdoor and the TTPs of its operators – from the RansomExx incident in 2022 to attacks in Brazil and Saudi Arabia, and the exploitation of CVE-2025-29824 in 2025.

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

EncryptHub exploits CVE-2025-26633 with social engineering and rogue MSC files, delivering Fickle Stealer malware.

Canada’s House of Commons investigating data breach after cyberattack

The House of Commons of Canada is currently investigating a data breach after a threat actor reportedly stole employee information in a cyberattack on Friday.

Over 29,000 Exchange servers unpatched against high-severity flaw

Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Microsoft patches CVE-2025-49760 Windows RPC flaw enabling spoofing, hash theft, and privilege escalation.

Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability

The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed.

28,000+ Microsoft Exchange Servers Vulnerable to CVE-2025-53786 Exposed Online

Over 28,000 unpatched Microsoft Exchange servers are exposed on the public internet and remain vulnerable to a critical security flaw designated CVE-2025-53786, according to new scanning data released on August 7, 2025, by The Shadowserver Foundation.

CVE-2025-53786: U.S. CISA Issues Emergency Directive for Post-Authentication Vulnerability in Microsoft Exchange Hybrid Configurations - Arctic Wolf

On August 6, 2025, Microsoft disclosed a high-severity post-authentication vulnerability affecting on-premises Microsoft Exchange servers configured for hybrid-joined environments, tracked as CVE-2025-53786. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Direct...

Microsoft Exchange Server Hybrid at risk by CVE-2025-53786 | Born's Tech and Windows World

[German]Another note for administrators of Microsoft Exchange Server hybrid configurations. Microsoft points out that these configurations are at risk from an Elevation of Privilege vulnerability...