More results...
Active Directory domain join accounts are systematically exposing enterprise environments to compromise, even when administrators follow Microsoft’s official guidance. A comprehensive security analysis reveals that these specialized accounts inhe…
Tech giant faces hefty fines from consumer watchdog for allegedly trying to convince customers to pay more than needed for their Microsoft 365 subscriptionFollow our Australia news live blog for latest updatesGet our breaking news email, free app or da…
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About …
In files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews.
The post Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks appeared first on SecurityWeek.
Microsoft has rolled out a significant security enhancement to Windows File Explorer, automatically disabling the preview pane for files downloaded from the internet as part of security updates released on and after October 14, 2025. This proactive mea…
Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in which criminal and state-backed actors blurred the lines between cybercrime, esp…
Security researchers have discovered a sophisticated method that allows attackers to steal access tokens from Microsoft Teams, potentially granting unauthorized access to sensitive corporate communications, emails, and SharePoint documents. The attack …
A new phishing campaign is targeting Microsoft account holders by using a clever twist on OAuth authentication prompts. Instead of asking users to hand over their passwords directly, attackers are tricking people into granting permission to malicious a…
A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document. The AI then encoded the data into a malicious Mermaid diagram that, wh…