Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked
The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…
Sharepoint
Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among …
Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs
The cyber security firm reported in its latest annual report that their researchers found more than 30.4 million phishing emails last year.
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes
No zero-days this month, if you ignore the Edge RCE hole patched last week
June 2023 Patch Tuesday: Critical patches for Microsoft Windows, SharePoint, Exchange
For June 2023 Patch Tuesday, Microsoft has delivered 70 new patches but, for once, none of the fixed vulnerabilities are currently exploited by attackers nor were publicly known before today! Microsoft has previously fixed CVE-2023-3079, a type confusi…
Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932)
For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers in the wild. The two exploited bug…
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of MS O…
While governments pass privacy laws, companies struggle to change
Government agencies keep making new privacy rules while end users fall victim to malpractice and scams. Bill Tolson, VP of Compliance and eDiscovery at Archive360, has spent many years consulting with regulators and advising businesses on concrete step…
Microsoft plugs actively exploited zero-day hole (CVE-2023-21674)
To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild (CVE-2023-21674) and one (CVE-2023-21549) that’s been publicly disclosed. Both allow attackers to elev…
Penetration testing Sharepoint
Like any normal web application, Sharepoint may fall prey to OWASP Top 10 vulnerabilities with a special focus on XSS, mostly due to inadequate patching and misconfiguration. On this post, we focus on recon / what sharepoint is exposing. Google Dorks F…