Microsoft News Articles

Patch Tuesday: Microsoft EoP, NotePad++, Ivanti, Fortinet

Happy December Patch Tuesday to all who celebrate. This month's patch party includes one Microsoft flaw under exploitation, plus two others listed as publicly known – but just 57 CVEs in total from...

12 hours ago

Microsoft releases Windows 10 KB5071546 extended security update

Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws.

16 hours ago

Microsoft fixes Windows shortcut flaw exploited for years

Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks. The flaw, tracked as CVE-2025-9491, allows malicious .lnk shortcut files to hide harmful...

6 days ago

Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation

Microsoft fixes the Windows LNK flaw CVE-2025-9491, a bug exploited by multiple state groups since 2017.

1 week ago

November 2025 Cybersecurity Threat Advisory | Crowe UAE

Stay ahead of cyber threats with in-depth analysis of critical vulnerabilities, major attacks, and expert recommendations from the November 17–23, 2025 Threat Advisory. Learn about CVEs, brute-force surges, and proactive defense for your organization.

2 weeks ago

How NTLM is being abused in 2025 cyberattacks

This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025.

2 weeks ago

Windows Server Vulnerability Exploited: ShadowPad Malware Deployed

CVE-2025-59287 vulnerability in Windows Server Update Services exploited to deploy ShadowPad malware. Learn how attackers used this flaw to gain access.

2 weeks ago

Attackers deliver ShadowPad via newly patched WSUS RCE bug

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware.

2 weeks ago

Attackers deliver ShadowPad via newly patched WSUS RCE bug

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware.

2 weeks ago

ShadowPad Backdoor Exploits WSUS Zero-Day to Breach Enterprise Environments

The ShadowPad malware explodes in the wild exploiting a WSUS zero-day (CVE-2025-59287) to gain full system access on Windows servers.

2 weeks ago

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

ShadowPad malware is being delivered through an actively exploited WSUS vulnerability, granting attackers full system access.

2 weeks ago

Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges

Microsoft addressed a flaw in Azure Bastion, that allows attackers to bypass authentication and escalate privileges to administrative levels.

2 weeks ago

Critical Azure Bastion Vulnerability Lets Attackers Bypass Login and Escalate Privileges

A critical authentication bypass vulnerability in Azure Bastion, its managed remote access service.

3 weeks ago

Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware

Chinese-backed hackers exploit CVE-2025-59287 in WSUS to push ShadowPad, using the flaw for system-level access.

3 weeks ago

Critical Vulnerability in Azure Bastion Scores 10! When RDP and SSH in the Cloud Are Checkmated

Learn about the critical vulnerability in Azure Bastion, CVE-2025-49752, that allows authentication bypass and privilege escalation. Update now to protect your VMs.

3 weeks ago

Critical Vulnerability in Azure Bastion Scores 10! When RDP and SSH in the Cloud Are Checkmated

Learn about the critical vulnerability in Azure Bastion, CVE-2025-49752, that allows authentication bypass and privilege escalation. Update now to protect your VMs.

3 weeks ago

Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware

Security researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated cyberattack campaign targeting Microsoft Windows Server Update Services.

3 weeks ago

Chinese Hackers Exploiting WSUS Remote Code Execution Vulnerability to Deploy ShadowPad Malware

Security researchers at the AhnLab Security Intelligence Center (ASEC) have uncovered a sophisticated cyberattack campaign targeting Microsoft Windows Server Update Services.

3 weeks ago

Windows Graphics Flaw Lets Hackers Take Over with Just One Image

A flaw in the Windows Graphics Component that enables attackers to seize complete control of computers using nothing more than a crafted image file.

3 weeks ago

Windows Graphics Flaw Lets Hackers Take Over with Just One Image

A flaw in the Windows Graphics Component that enables attackers to seize complete control of computers using nothing more than a crafted image file.

3 weeks ago

Critical Microsoft Alert — Update Windows 10, 11 And Server Right Now

Microsoft has confirmed a zero-day vulnerability in the Windows Kernel that attackers have already exploited to gain system privileges. Act now.

4 weeks ago

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog.

1 month ago

CVE-2025-62215: Microsoft Patches Windows Kernel Zero-Day Vulnerability Under Active Exploitation | SOC Prime

Explore CVE-2025-62215 analysis, a critical Windows kernel zero-day under active exploitation, with the details on the SOC Prime blog.

1 month ago

Update now: November Patch Tuesday fixes Windows zero-day exploited in the wild

This month’s Windows update closes several major security holes, including one that’s already being used by attackers. Make sure your PC is up to date.

1 month ago

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft fixes 63 flaws, including an exploited Windows Kernel zero-day and a critical RCE bug.

1 month ago

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215) - Help Net Security

Microsoft fixed some 60+ vulnerabilities on this Patch Tuesday, among them an actively exploited Windows Kernel flaw (CVE-2025-62215).

1 month ago

Windows Kernel 0-Day Vulnerability Actively Exploited in the Wild to Escalate Privileges

Microsoft's exploitability index lists "Exploitation Detected," indicating real-world use despite the absence of public disclosure.​

1 month ago

Microsoft Patch Tuesday addresses 63 defects, including one actively exploited zero-day

Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild.

1 month ago

Patch Now: Microsoft Flags Zero-Day & Zero-Click Bugs

Security teams may have a less burdensome rollout in November after October's Goliath Patch Tuesday, but shouldn't wait on priority fixes.

1 month ago

Chinese hackers target Western diplomats using hard-to-patch Windows shortcut flaw

Chinese UNC6384 campaign cleverly exploits Windows .LNK vulnerability, security company finds.

Chinese hackers target European diplomatic agencies (including Italy)

Hackers from the China-linked UNC6384 group are conducting a cyberespionage campaign against European diplomatic and government agencies by exploiting a Windows vulnerability.

Microsoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages Unnoticed

Four Microsoft Teams flaws let attackers impersonate coworkers and manipulate chats before patches.

Darktrace’s Analysis of Post-Exploitation Activities on CVE-2025-59287

This blog details Darktrace’s analysis of the vulnerability, focusing on two US customer where active exploitation was detected.

Hackers Actively Scanning for TCP Port 8530/8531 Linked to WSUS Vulnerability CVE-2025-59287

WSUS infrastructure Network sensors collected from security organizations, in scans directed at TCP port 8530 and 8531.

WSUS security update has broken hotpatches on Windows Server 2025

A security update for WSUS has broken hotpatching on some Windows Server 2025 devices, causing registration issues.

WSUS security update has broken hotpatches on Windows Server 2025

A security update for WSUS has broken hotpatching on some Windows Server 2025 devices, causing registration issues.

Microsoft Patch for WSUS Vulnerability has Broken Hotpatching on Windows Server 2025

In a recent setback for Windows administrators, Microsoft's October 2025 security update addressing a critical vulnerability in Windows Server Update Services (WSUS) has inadvertently broken hotpatching functionality on a subset of Windows Server 2025 systems.

Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching

An out-of-band (OOB) security update that patches an actively exploited Windows Server Update Service (WSUS) vulnerability has broken hotpatching on some Windows Server 2025 devices.

Hackers Actively Scanning TCP Ports 8530/8531 for WSUS Vulnerability CVE-2025-59287

These scans represent a shift from research-related activities to what appears to be malicious reconnaissance efforts by threat actors searching for vulnerable systems.

Hackers Actively Scanning TCP Ports 8530/8531 for WSUS CVE-2025-59287

Security researchers have detected a spike in suspicious network traffic targeting Windows Server Update Services (WSUS) infrastructure worldwide.

Windows GDI Vulnerabilities Lead to RCE and Data Leaks - TechNadu

Check Point Research found three critical flaws in Windows GDI, including one for remote code execution. Microsoft has issued patches to fix them.

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks

Chinese threat actor exploiting an unpatched Windows shortcut vulnerability in fresh attacks targeting the diplomatic community in Europe.

Failure: Microsoft Failed to Fix Old Windows Vulnerability

This concerns a zero-day vulnerability identified as ZDI-CAN-25373, later changed to CVE-2025-9491. The old issue was ignored until March 2025, when Trend Micro specialists reported it. They noted that hackers have been aware of the system flaw for

Failure: Microsoft Failed to Fix Old Windows Vulnerability

This concerns a zero-day vulnerability identified as ZDI-CAN-25373, later changed to CVE-2025-9491. The old issue was ignored until March 2025, when Trend Micro specialists reported it. They noted that hackers have been aware of the system flaw for

New Warning As Microsoft Windows Attacks Confirmed — No Fix Available

Microsoft has no fix available, and the attacks are already underway. What Windows users need to know about CVE-2025-9491.

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491) - Help Net Security

A Windows vulnerability (CVE-2025-9491, aka ZDI-CAN-25373) that threat actors have been leveraging since 2017 continues to be exploited.

Windows zero-day actively exploited to spy on European diplomats

A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations.

Windows zero-day actively exploited to spy on European diplomats

A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. According to Arctic Wolf Labs, the attack chain begins...