Microsoft News Articles
Recent news articles refferecing the vendors vulnerabilities.
Play Ransomware Group Used Windows Zero-Day
Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.
2 days ago
Play ransomware exploited Windows logging flaw in zero-day attacks
The Play ransomware gangĀ has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems.
2 days ago

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
Play ransomware exploited CVE-2025-29824 zero-day in a U.S. breach before Microsoft patched it
2 days ago
Microsoft: April updates cause Windows Server auth issues
Microsoft says the April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers.
2 days ago
Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
At least two ransomware groups exploited the Windows zero-day CVE-2025-29824 before it was patched by Microsoft.
2 days ago
Windows "inetpub" security fix can be abused to block future updates
A recent Windows security update that creates an 'inetpub' folder has introduced a new weakness allowing attackers to prevent the installation of future updates.
2 weeks ago

Windows 11's crucial new 'inetpub' folder is laughably easy to hack
The inetpub folder in Windows is meant to be a security measure, but attackers can block it and cause all sorts of issues due to another vulnerability.
2 weeks ago

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, enable attackers to execute arbitrary code.
2 weeks ago

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation
A significant security flaw has been identified in the Windows Update Stack, exposing millions of Windows systems to the risk of unauthorized code execution and privilege escalation.Ā
2 weeks ago
Alarms sound over attacks via Microsoft NTLM vulnerability
Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.
3 weeks ago
Alarms sound over attacks via Microsoft NTLM vulnerability
Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.
3 weeks ago

Windows vulnerability with NTLM hash abuse exploited for phishing
A vulnerability in Windows that exposes NTLM hashes via .library-ms files is currently being actively exploited by hackers
3 weeks ago

CISA Warns of Active Exploitation of Windows NTLM Vulnerability
CISA alerted organizations to active exploitation of a newly disclosed Microsoft Windows vulnerability tracked as CVE-2025-24054.
3 weeks ago

CVE-2025-24054 Under Active AttackāSteals NTLM Credentials on File Download
Windows flaw CVE-2025-24054 actively exploited since March 19 to leak NTLM hashes via phishing attacks.
3 weeks ago
Fresh Windows NTLM Vulnerability Exploited in Attacks
A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.
3 weeks ago
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.
3 weeks ago
NTLM Hash Exploit Targets Poland and Romania Days After Patch
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild
3 weeks ago
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) - Help Net Security
CVE-2025-24054 has been exploited by threat actors in campaigns targeting government and private institutions in Poland and Romania.
3 weeks ago
Multiple Groups Exploit NTLM Flaw in Microsoft Windows
The attacks have been going on since shortly after Microsoft patched the vulnerability in March.
3 weeks ago

This Windows Vulnerability Lets Hackers Into Your PC in Just 300 Milliseconds
Hackers can get into your system almost faster than you can blink.
3 weeks ago

Windows NTLM Vulnerability Actively Exploit in the Wild to Hack Systems
A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide.
3 weeks ago

Hackers Exploiting Windows NTLM Spoofing Vulnerability in Wild to Compromise Systems
Cybercriminals have been actively exploiting a critical vulnerability in Windows systems, identified as CVE-2025-24054. This vulnerability leverages NTLM hash disclosure through spoofing techniques.
3 weeks ago

Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds
A critical vulnerability in Windows 11 allowed attackers to escalate from a low-privileged user to full system administrator rights in just 300 milliseconds.Ā
3 weeks ago

Microsoft Asks Windows 11 Users Not to Delete Mysterious āinetpubā Folder
A seemingly empty folder appearing on Windows systems after recent security updates has raised concerns among users, but Microsoft confirms it's an intentional security measure that should remain untouched.Ā
3 weeks ago

Microsoftās New Windows Update ā 1 Billion Users Warned: Do Not Delete
Don't delete this alarming new Windows folder ā here's why.
3 weeks ago
Don't delete inetpub folder. It's a Windows security fix
Canny Windows users who've spotted a mysterious folder on hard drives after applying last week's security patches for the operating system can rest assured ā it's perfectly benign. In fact, it's recommended...
4 weeks ago

No, itās not OK to delete that new inetpub folder
A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204
4 weeks ago
Microsoft Warns Millions Of Windows Users To Never Delete This Folder
You may have noticed a new folder in your root folder after applying the latest cumulative update.
4 weeks ago

Microsoftās New Windows Update ā 1 Billion Users Warned: Do Not Delete
Don't delete this alarming new Windows folder ā here's why.
4 weeks ago

Patch Tuesday: Ransomware crew using CVE-2025-29824 zero day
Patch Tuesday comes with ransomware exploit for CVE-2025-29824 and a fat Windows 10 delay. Technology companies have been targeted said Redmond.
1 month ago
Microsoft: Windows 'inetpub' folder created by security fix, donāt delete
Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty
1 month ago
Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed - Help Net Security
Hereās an overview of some of last weekās most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day
1 month ago
Microsoft: Zero-day bug used in ransomware attacks on US real estate firms
Microsoft published a blog post on Tuesday about the bug alongside its larger Patch Tuesday release, detailing how hackers exploited the vulnerability and used a strain of malware called PipeMagic before deploying ransomware on victims.
1 month ago
Microsoftās April 2025 bumper Patch Tuesday corrects 124 bugs | Com...
Microsoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ācriticalā.
1 month ago

Windows Active Directory Vulnerability Enables Unauthorized Privilege Escalation
Microsoft has urgently patched a high-risk security vulnerability (CVE-2025-29810) in Windows Active Directory Domain Services (AD DS).
1 month ago

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Windows zero-day CVE-2025-29824 exploited via PipeMagic malware escalated SYSTEM privileges, leading to targeted ransomware attacks.
Patch Tuesday, April 2025 Edition
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malwareā¦

Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.
Windows CLFS zero-day exploited in ransomware attacks
A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.
Exploitation of CLFS zero-day leads to ransomware activity | Microsoft Security Blog
Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released security updates to ...
Microsoft fixes 124 flaws, including one under active exploitation
An elevation of privilege vulnerability in the Windows Common Log File System was added to CISA's KEV list.

Microsoft patches zero-day actively exploited in string of ransomware attacks
Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) - Help Net Security
For April 2025 Patch Tuesday, Microsoft delivers fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) under active attack.
Microsoft: Windows CLFS zero-day exploited by ransomware gang
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims' systems.

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.
A Deep Dive into Water Gamayun's Arsenal and Infrastructure
Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines.

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

Windows MMC Framework Zero-Day Exploited to Execute Malicious Code
Trend Research has uncovered a sophisticated campaign by the Russian threat actor Water Gamayun, exploiting a zero-day vulnerability.

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code
A sophisticated campaign by Russian threat actors exploiting a critical zero-day vulnerability in the Microsoft Management Console (MMC).