Patch Tuesday: Microsoft Fixes 107 Vulnerabilities, Including 13 RCE Flaws
Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more,…
Microsoft
Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk
A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise…
Activists in Netherlands protest on roof of Microsoft site storing Israeli military data
Demonstration follows revelation firm’s servers holding huge collection of intercepted Palestinian phone callsActivists have staged a protest on the roof of a Microsoft datacentre in the Netherlands after revelations the Israeli military is storing lar…
Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability
The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed on the public internet, vulnerable to a critical security flaw designated CVE-2025-53786. This high-severity…
August 2025 Patch Tuesday forecast: Try, try, again
July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, s…
CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02 on August 7, 2025, requiring federal agencies to immediately address a critical vulnerability in Microsoft Exchange hybrid configurations that could allow …
Weaponizing Microsoft 365 Direct Send to Bypass Email Security Defenses
Security researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that exploits Microsoft 365’s Direct Send feature to infiltrate …
Microsoft Rolls Out Scalable Cybersecurity Playbook with SFI Patterns
Microsoft’s Secure Future Initiative (SFI) offers structured cybersecurity guidance to help organizations address complex challenges with proven security strategies.
‘Ghost Calls’ Attack Exploits Web Conferencing as Hidden Command-and-Control Channel
Security researchers have unveiled a sophisticated new attack technique called “Ghost Calls” that exploits popular web conferencing platforms to establish covert command-and-control (C2) channels, effectively turning trusted business commun…
New Microsoft Exchange Server Vulnerability Allows Unauthorized Admin Privilege Escalation
Microsoft has disclosed a high-severity security vulnerability affecting Exchange Server hybrid deployments that could allow attackers with administrative access to escalate privileges and potentially compromise an organization’s entire cloud and…