LIVE 148 articles ↺ Refresh
Topic: Microsoft-focused security intelligence — aggregated, filtered and scored for IT security professionals.
Search:
Technology:
SecScore:
Showing 148 articles from 20 feeds
CVE SecScore ●○○○○ 21.05. 20:00
The art of being ungovernable
In this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can l…
Talos Intelligence
Microsoft SecScore ●●●○○ 21.05. 18:00
What’s new in Microsoft Security: May 2026
Microsoft Security’s latest updates extend visibility, control, and protection across expanding ecosystems as organizations accelerate AI adoption. The post What’s new in Microsoft Security: May 2026 appeared first on M…
Microsoft Security
Malware SecScore ●○○○○ 21.05. 17:30
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21…
Unit 42
CVE SecScore ●●●○○ 21.05. 16:00
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Fixed a typographical error. This is an information change only.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 16:00
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.
MSRC Advisories
APT SecScore ●●●○○ 21.05. 16:00
Chinese hackers target telcos with new Linux, Windows malware
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. [...]
BleepingComputer
CVE SecScore ●●●○○ 21.05. 15:09
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. [...]
BleepingComputer
CVE SecScore ●●●●● 21.05. 13:53
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.
Security Week
CVE SecScore ●●●●● 21.05. 12:55
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring syste…
The Hacker News
Microsoft SecScore ●●●○○ 21.05. 12:30
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything…
The Hacker News
CVE SecScore ●●●○○ 21.05. 10:39
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:03
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:03
CVE-2026-45736 ws: Uninitialized memory disclosure
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:03
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:03
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:03
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-40622 Another 'ghost domain names' attack variant
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-42534 Jostle logic bypass degrades resolution performance
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-41292 Long list of incoming EDNS options degrades performance
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-44608 Use after free and crash under special conditions in RPZ code
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-42959 Crash during DNSSEC validation of malicious content
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-32792 Packet of death with DNSCrypt
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:02
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information Disclosure
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 21.05. 10:01
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
Information published.
MSRC Advisories
CVE SecScore ●●●●● 21.05. 09:49
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
BleepingComputer
CVE SecScore ●●●●● 20.05. 23:19
Hackers bypass SonicWall VPN MFA due to incomplete patching
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. [...]
BleepingComputer
Breach SecScore ●●●○○ 20.05. 19:48
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kube…
Microsoft Security
CVE SecScore ●●●○○ 20.05. 19:06
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement…
The Hacker News
Microsoft SecScore ●●●○○ 20.05. 18:00
Securing the gaming culture of cultures
Read about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. The post Securing the gaming culture of cultures appeared first on Microsoft Security Blog.
Microsoft Security
CVE SecScore ●●●○○ 20.05. 17:39
Microsoft Rolls Out Mitigations for &#8216;YellowKey&#8217; BitLocker Bypass
The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for &#8216;YellowKey&#8217; BitLocker Bypass appeared firs…
Security Week
CVE SecScore ●●●○○ 20.05. 17:00
Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow
The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrie…
Microsoft Security
Ransomware SecScore ●●●●○ 20.05. 16:36
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromis…
The Hacker News
CVE SecScore ●●●●○ 20.05. 16:00
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
Today's changes were made in error and have been reverted. This is an informational change only.
MSRC Advisories
CVE SecScore ●●●●○ 20.05. 16:00
CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
The security impact for this vulnerability has been revised from Critical to Important. In addition, the CVSS vector and FAQs were modified. This change does not affect the available security updates. Customers should …
MSRC Advisories
APT SecScore ●●●○○ 20.05. 14:51
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&a…
The Hacker News
CVE SecScore ●●●●● 20.05. 14:00
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Micro…
CISA Advisories
CVE SecScore ●●●○○ 20.05. 13:38
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cyb…
The Hacker News
CVE SecScore ●●●○○ 20.05. 12:52
Exploit released for new PinTheft Arch Linux root escalation flaw
PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. [...]
BleepingComputer
Malware SecScore ●○○○○ 20.05. 12:00
Tracking TamperedChef Clusters via Certificate and Code Reuse
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate and Code Reuse appe…
Unit 42
CVE SecScore ●●●○○ 20.05. 10:40
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 20.05. 10:39
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Information published.
MSRC Advisories
CVE SecScore ●●●●● 20.05. 10:28
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. …
The Hacker News
CVE SecScore ●●●○○ 20.05. 10:01
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 20.05. 10:01
CVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 20.05. 10:01
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
Information published.
MSRC Advisories
APT SecScore ●●●○○ 19.05. 17:07
Exposing Fox Tempest: A malware-signing service operation
Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious cod…
Microsoft Security
CVE SecScore ●●●●○ 19.05. 16:56
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerabi…
The Hacker News
CVE SecScore ●●●●● 19.05. 16:00
CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best pra…
MSRC Advisories
Breach SecScore ●●●●○ 19.05. 13:30
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.&nbsp; The targets of the pl…
The Hacker News
CVE SecScore ●●●●○ 19.05. 11:23
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to re…
The Hacker News
CVE SecScore ●●●○○ 19.05. 10:47
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:47
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:47
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:46
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:44
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:43
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:42
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:40
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:40
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:40
CVE-2026-41604 Apache Thrift: Swift Range crash in skip()
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:39
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:39
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:39
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:01
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:01
CVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 19.05. 10:01
CVE-2025-0665 eventfd double close
Information published.
MSRC Advisories
APT SecScore ●●●○○ 19.05. 07:28
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them…
The Hacker News
Breach SecScore ●●●○○ 19.05. 06:54
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. …
The Hacker News
CVE SecScore ●●●○○ 19.05. 02:00
WantToCry ransomware remotely encrypts files
Brute-force attempts against SMB services can be early signs of an attackCategories: Threat ResearchTags: Ransomware, WantToCry, SMB
Sophos X-Ops
CVE SecScore ●●●●○ 19.05. 00:42
How Storm-2949 turned a compromised identity into a cloud-wide breach
Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operat…
Microsoft Security
Microsoft SecScore ●●●○○ 18.05. 18:00
How to better protect your growing business in an AI-powered world
See how built-in security helps keep your growing business running, protect customer trust, and support growth. The post How to better protect your growing business in an AI-powered world appeared first on Microsoft Sec…
Microsoft Security
CVE SecScore ●●●●○ 18.05. 15:50
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: …
The Hacker News
Malware SecScore ●●●○○ 18.05. 15:00
SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain
SHub Reaper bypasses Apple's Terminal mitigation, steals credentials and documents, and plants a persistent backdoor for continued access after infection.
SentinelOne
Phishing SecScore ●●●○○ 18.05. 15:00
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams un…
The Hacker News
CVE SecScore ●●●○○ 18.05. 12:54
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical f…
The Hacker News
CVE SecScore ●●●●● 18.05. 10:57
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attacke…
The Hacker News
CVE SecScore ●●●●○ 17.05. 13:57
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 …
The Hacker News
CVE SecScore ●●●○○ 16.05. 17:20
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goa…
The Hacker News
CVE SecScore ●●●●● 15.05. 14:00
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability This typ…
CISA Advisories
CVE SecScore ●○○○○ 15.05. 12:00
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer&#039;s Evolved Tactics: Hiding in Plain Sight…
Unit 42
CVE SecScore ●●●●● 15.05. 08:19
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score…
The Hacker News
CVE SecScore ●●●○○ 15.05. 07:28
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requirin…
The Hacker News
CVE SecScore ●●●●○ 14.05. 19:45
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries…
The Hacker News
CVE SecScore ●●●○○ 14.05. 18:07
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. H…
The Hacker News
CVE SecScore ●●●●○ 14.05. 18:02
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN v…
Talos Intelligence
Microsoft SecScore ●●●○○ 14.05. 18:00
Defense in depth for autonomous AI agents
As AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in depth for autonomous AI agents appeared first on Microsoft Securi…
Microsoft Security
APT SecScore ●●●○○ 14.05. 17:00
Kazuar: Anatomy of a nation-state botnet
Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, …
Microsoft Security
CVE SecScore ●●●●○ 14.05. 16:20
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by threat actors. Learn how exploitable misconfigurations lead to RCE and data leaks. The post Wh…
Microsoft Security
CVE SecScore ●●●●● 14.05. 13:40
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulner…
The Hacker News
CVE SecScore ●●●●● 14.05. 11:25
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative T…
The Hacker News
Blog SecScore ●○○○○ 14.05. 05:49
Welcoming the Bahamian Government to Have I Been Pwned
Today, we welcome the 44th government onboarded to Have I Been Pwned&#x2019;s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government dom…
Troy Hunt
CVE SecScore ●●●○○ 13.05. 20:11
The Convergence of Cloud Secrets & AI Risk
SentinelOne’s latest report examines the evolving 'secrets' threatscape, showing how modern cloud and AI infrastructures are being exploited.
SentinelOne
CVE SecScore ●●●●● 13.05. 15:46
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of…
The Hacker News
CVE SecScore ●●●○○ 13.05. 02:00
May’s Patch Tuesday hauls out 132 CVEs
With advisories, this month’s count approaches 300 – though many are already in placeCategories: Threat Research, X-opsTags: Patch Tuesday, MICROSOFT PATCH TUESDAY
Sophos X-Ops
CVE SecScore ●●●○○ 12.05. 21:57
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”. 
Talos Intelligence
Ransomware SecScore ●○○○○ 12.05. 12:00
State-sponsored actors, better known as the friends you don’t want
Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider.
Talos Intelligence
CVE SecScore ●●●○○ 12.05. 02:00
Sophos Endpoint in action: Blocking a novel supply chain attack
How the unique anti-exploitation capabilities included with Sophos Endpoint blocked a supply chain attack.Categories: Products &amp; ServicesTags: Endpoint, Sophos Endpoint, Exploits
Sophos X-Ops
CVE SecScore ●●●○○ 12.05. 00:00
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advanced Misuse Techniqu…
Unit 42
CVE SecScore ●●●●● 11.05. 16:05
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows …
The DFIR Report
CVE SecScore ●●●●● 07.05. 02:00
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticate…
Unit 42
CVE SecScore ●○○○○ 06.05. 02:14
Weekly Update 502
It&apos;s a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will be teenagers to their early 20s), consistently gaining access to the data of massiv…
Troy Hunt
CVE SecScore ●○○○○ 06.05. 01:00
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux…
Unit 42
APT SecScore ●●○○○ 05.05. 12:00
UAT-8302 and its box full of malware
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Eur…
Talos Intelligence
Microsoft SecScore ●●●○○ 04.05. 18:00
Azure IaaS: Defense in depth built on secure-by-design principles
Security for cloud infrastructure is no longer defined by a single control, product, or boundary. Modern threats target identity, software supply chains, control planes, networks, and data simultaneously. The post Azure…
Azure Security Blog
CVE SecScore ●○○○○ 02.05. 01:00
Essential Data Sources for Detection Beyond the Endpoint
Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42.
Unit 42
CVE SecScore ●○○○○ 01.05. 00:00
That AI Extension Helping You Write Emails? It’s Reading Them First
Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails?…
Unit 42
CVE SecScore ●●●○○ 30.04. 20:00
Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM
As cloud workloads become more agentic and AI systems handle increasingly sensitive data, trust must be engineered directly into infrastructure. Azure Integrated HSM brings hardware‑enforced key protection into Azure, e…
Azure Security Blog
APT SecScore ●●○○○ 29.04. 12:00
AI-powered honeypots: Turning the tables on malicious AI agents
Just as AI brings time-saving advantages to our lives, it brings similar advantages to threat actors. We can take the advantage back. This blog shows how generative AI can be used to rapidly deploy adaptive honeypot sys…
Talos Intelligence
Microsoft SecScore ●●○○○ 28.04. 15:23
Five defender priorities from the Talos Year in Review
With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the nois…
Talos Intelligence
Microsoft SecScore ●●○○○ 24.04. 22:30
TGR-STA-1030: New Activity in Central and South America
Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.
Unit 42
APT SecScore ●●●○○ 23.04. 17:50
Microsoft Vibing — capturing screenshots and voice samples without governance
DoublePulsar
Advisory SecScore ●○○○○ 23.04. 14:00
International cyber agencies share fresh advice to defend against China-linked covert networks
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
NCSC UK
CVE SecScore ●●●●○ 22.04. 18:44
Hypersonic Supply Chain Attacks: One Solution That Didn’t Need to Know the Payload
Learn how SentinelOne has stopped three recent zero-day supply chain attacks with AI-driven defense built for machine-speed threats.
SentinelOne
CVE SecScore ●●○○○ 20.04. 12:00
Fracturing Software Security With Frontier AI Models
Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching. The post Fracturing Software Security …
Unit 42
Phishing SecScore ●●●○○ 18.04. 00:35
Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: Escalation of Cyber Risk…
Unit 42
CVE SecScore ●●●○○ 17.04. 00:00
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware. The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 a…
Unit 42
CVE SecScore ●●●○○ 16.04. 21:33
Frontier AI Reinforces the Future of Modern Cyber Defense
As OpenAI and Anthropic advance frontier AI, SentinelOne delivers AI-native, machine-speed cyber defense at global scale.
SentinelOne
APT SecScore ●●●●○ 15.04. 00:59
Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack
On April 9, 2026, cpuid.com was actively serving malware through its own official download button. Threat actors had compromised the CPUID domain at the API level and were silently redirecting legitimate download reques…
SentinelOne
CVE SecScore ●●●●● 14.04. 23:47
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in…
Krebs on Security
CVE SecScore ●●●○○ 07.04. 14:00
UK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks
New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.
NCSC UK
CVE SecScore ●●●○○ 07.04. 14:00
APT28 exploit routers to enable DNS hijacking operations
Russian cyber actor APT28 exploit vulnerable routers to hijack DNS, enabling adversary‑in‑the‑middle attacks and theft of passwords and authentication tokens.
NCSC UK
Microsoft SecScore ●●●○○ 01.04. 18:00
Azure IaaS: Keep critical applications running with built-in resiliency at scale
Azure IaaS provides foundational capabilities across compute, storage, and networking to help organizations stay resilient. The post Azure IaaS: Keep critical applications running with built-in resiliency at scale appea…
Azure Security Blog
CVE SecScore ●●○○○ 30.03. 14:00
Vulnerability affecting F5 BIG-IP APM
The NCSC is encouraging UK organisations to mitigate an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager.
NCSC UK
CVE SecScore ●●●●○ 04.03. 18:00
Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure
As organizations accelerate digital transformation, infrastructure decisions increasingly shape how quickly teams can adopt AI, how reliably applications operate at global scale, and how effectively businesses respond t…
Azure Security Blog
CVE SecScore ●○○○○ 25.02. 13:00
Exploitation of Cisco Catalyst SD-WAN
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.
NCSC UK
CVE SecScore ●●●○○ 23.02. 15:09
Apache ActiveMQ Exploit Leads to LockBit Ransomware
Key Takeaways An audio version of this report can be found on&#160;Spotify,&#160;Apple,&#160;YouTube,&#160;Audible, &#38;&#160;Amazon.&#160; This intrusion began in mid-February 2024 after a threat actor exploited a vul…
The DFIR Report
Microsoft SecScore ●●●○○ 17.02. 17:00
Azure reliability, resiliency, and recoverability: Build continuity by design
Modern cloud systems are expected to deliver more than uptime. Customers expect consistent performance, the ability to withstand disruption, and confidence that recovery is predictable and intentional. The post Azure re…
Azure Security Blog
CVE SecScore ●○○○○ 10.12. 13:00
Mistaking AI vulnerability could lead to large-scale breaches, NCSC warns
NCSC raises alert on “dangerous” misunderstanding of emergent class of vulnerability in generative artificial intelligence (AI) applications.
NCSC UK
Ransomware SecScore ●○○○○ 21.11. 00:55
What organisations can learn from the record breaking fine over Capita’s ransomware incident
DoublePulsar
APT SecScore ●●●○○ 05.11. 08:00
Microsoft strengthens sovereign cloud capabilities with new services
We continue to adapt our sovereignty approach—innovating to meet customer needs and regulatory requirements within our Sovereign Public Cloud and Sovereign Private Cloud. We are announcing a new wave of capabilities, bu…
Azure Security Blog
Ransomware SecScore ●●●●○ 04.11. 22:30
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May of 2025 Cyjax repo…
The DFIR Report
APT SecScore ●○○○○ 03.11. 19:44
CyberSlop — meet the new threat actor, MIT and Safe Security
DoublePulsar
Microsoft SecScore ●●●○○ 03.11. 18:00
Enhancing software supply chain security with Microsoft’s Signing Transparency
Microsoft is announcing the preview of Signing Transparency to address software supply chain threats that traditional code signing alone cannot fully prevent, building on the Zero Trust principle of “never trust, always…
Azure Security Blog
Microsoft SecScore ●●●○○ 23.10. 12:01
Microsoft builds on Recall with Gaming Copilot — fails basic privacy tests
DoublePulsar
Microsoft SecScore ●●●○○ 14.10. 20:00
Oracle Database@Azure offers new features, regions, and programs to unlock data and AI innovation
Oracle Database@Azure adds new AI-ready features, expands to 33 regions, and launches new partner and migration programs. The post Oracle Database@Azure offers new features, regions, and programs to unlock data and AI i…
Azure Security Blog
Microsoft SecScore ●●●●○ 01.07. 17:00
Building secure, scalable AI in the cloud with Microsoft Azure
Forrester Research shows how Azure helps enterprises scale generative AI securely, overcoming infrastructure and compliance challenges to unlock real business value. The post Building secure, scalable AI in the cloud wi…
Azure Security Blog
Microsoft SecScore ●●●○○ 05.06. 17:00
Enhance AI security with Azure Prompt Shields and Azure AI Content Safety
Defend your AI systems with Prompt Shields—a unified API that analyzes inputs to your LLM-based solution to guard against direct and indirect threats. The post Enhance AI security with Azure Prompt Shields and Azure AI …
Azure Security Blog
CVE SecScore ●●●○○ 19.05. 02:05
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP address 45.2…
The DFIR Report