Microsoft News Articles

Play Ransomware Group Used Windows Zero-Day

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

2 days ago

Play ransomware exploited Windows logging flaw in zero-day attacks

The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.

2 days ago

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization

Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it

2 days ago

Microsoft: April updates cause Windows Server auth issues

Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.

2 days ago

Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day

At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.

2 days ago

Windows "inetpub" security fix can be abused to block future updates

A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates.

2 weeks ago

Windows 11's crucial new 'inetpub' folder is laughably easy to hack

The inetpub folder in Windows is meant to be a security measure, but attackers can block it and cause all sorts of issues due to another vulnerability.

2 weeks ago

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, enable attackers to execute arbitrary code.

2 weeks ago

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation

A significant security flaw has been identified in the Windows Update Stack, exposing millions of Windows systems to the risk of unauthorized code execution and privilege escalation. 

2 weeks ago

Alarms sound over attacks via Microsoft NTLM vulnerability

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

3 weeks ago

Alarms sound over attacks via Microsoft NTLM vulnerability

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

3 weeks ago

Windows vulnerability with NTLM hash abuse exploited for phishing

A vulnerability in Windows that exposes NTLM hashes via .library-ms files is currently being actively exploited by hackers

3 weeks ago

CISA Warns of Active Exploitation of Windows NTLM Vulnerability

CISA alerted organizations to active exploitation of a newly disclosed Microsoft Windows vulnerability tracked as CVE-2025-24054.

3 weeks ago

CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download

Windows flaw CVE-2025-24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks.

3 weeks ago

Fresh Windows NTLM Vulnerability Exploited in Attacks

A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.

3 weeks ago

Windows NTLM hash leak flaw exploited in phishing attacks on governments

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.

3 weeks ago

NTLM Hash Exploit Targets Poland and Romania Days After Patch

An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild

3 weeks ago

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) - Help Net Security

CVE-2025-24054 has been exploited by threat actors in campaigns targeting government and private institutions in Poland and Romania.

3 weeks ago

Multiple Groups Exploit NTLM Flaw in Microsoft Windows

The attacks have been going on since shortly after Microsoft patched the vulnerability in March.

3 weeks ago

This Windows Vulnerability Lets Hackers Into Your PC in Just 300 Milliseconds

Hackers can get into your system almost faster than you can blink.

3 weeks ago

Windows NTLM Vulnerability Actively Exploit in the Wild to Hack Systems

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide.

3 weeks ago

Hackers Exploiting Windows NTLM Spoofing Vulnerability in Wild to Compromise Systems

Cybercriminals have been actively exploiting a critical vulnerability in Windows systems, identified as CVE-2025-24054. This vulnerability leverages NTLM hash disclosure through spoofing techniques.

3 weeks ago

Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds

A critical vulnerability in Windows 11 allowed attackers to escalate from a low-privileged user to full system administrator rights in just 300 milliseconds. 

3 weeks ago

Microsoft Asks Windows 11 Users Not to Delete Mysterious “inetpub” Folder

A seemingly empty folder appearing on Windows systems after recent security updates has raised concerns among users, but Microsoft confirms it's an intentional security measure that should remain untouched. 

3 weeks ago

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Don't delete this alarming new Windows folder — here's why.

3 weeks ago

Don't delete inetpub folder. It's a Windows security fix

Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured – it's perfectly benign. In fact, it's recommended...

4 weeks ago

No, it’s not OK to delete that new inetpub folder

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

4 weeks ago

Microsoft Warns Millions Of Windows Users To Never Delete This Folder

You may have noticed a new folder in your root folder after applying the latest cumulative update.

4 weeks ago

Microsoft’s New Windows Update — 1 Billion Users Warned: Do Not Delete

Don't delete this alarming new Windows folder — here's why.

4 weeks ago

Patch Tuesday: Ransomware crew using CVE-2025-29824 zero day

Patch Tuesday comes with ransomware exploit for CVE-2025-29824 and a fat Windows 10 delay. Technology companies have been targeted said Redmond.

1 month ago

Microsoft: Windows 'inetpub' folder created by security fix, don’t delete

Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty

1 month ago

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day

1 month ago

Microsoft: Zero-day bug used in ransomware attacks on US real estate firms

Microsoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims.

1 month ago

Microsoft’s April 2025 bumper Patch Tuesday corrects 124 bugs | Com...

Microsoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’.

1 month ago

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation

Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain Services (AD DS).

1 month ago

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

Windows zero-day CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.

Patch Tuesday, April 2025 Edition

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware…

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability

Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.

Windows CLFS zero-day exploited in ransomware attacks

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog

Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to ...

Microsoft fixes 124 flaws, including one under active exploitation

An elevation of privilege vulnerability in the Windows Common Log File System was added to CISA's KEV list.

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) - Help Net Security

For April 2025 Patch Tuesday, Microsoft delivers fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) under active attack.

Microsoft: Windows CLFS zero-day exploited by ransomware gang

Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems.

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.

A Deep Dive into Water Gamayun's Arsenal and Infrastructure

Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

Windows MMC Framework Zero-Day Exploited to Execute Malicious Code

Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability.

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

A sophisticated campaign by Russian threat actors exploiting a critical zero-day vulnerability in the Microsoft Management Console (MMC).