LIVE 151 articles · 10 today ↺ Refresh
Topic: Microsoft-focused security intelligence — aggregated, filtered and scored for IT security professionals.
Search:
Technology:
SecScore:
Showing 151 articles from 22 feeds
Microsoft SecScore ●●●○○ 01.06. 16:36
Microsoft investigates Office Apps, Teams file access issues
Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]
BleepingComputer
Microsoft SecScore ●●●●● 01.06. 15:04
Investigating suspicious AI workflows in Microsoft Entra Agent ID: Agent’s user account
Entra ID agent users can send malicious content to human users via Microsoft Teams. Here’s what to look out for.
Red Canary
APT SecScore ●●●●● 01.06. 14:30
Critical Windows Netlogon RCE flaw now exploited in attacks
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attack…
BleepingComputer
Advisory SecScore ●●●○○ 01.06. 14:01
Webinar tomorrow: From alert to resolution in network incident response
Network incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident r…
BleepingComputer
Microsoft SecScore ●●●○○ 01.06. 12:59
Microsoft fixes KB5089549 Windows security update install issues
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]
BleepingComputer
CVE SecScore ●●●○○ 01.06. 10:42
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 01.06. 10:42
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 01.06. 10:41
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
Information published.
MSRC Advisories
Breach SecScore ●●○○○ 01.06. 10:22
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is i…
Troy Hunt
Microsoft SecScore ●●●●● 01.06. 08:32
Zentraler Katalog für APIs und KI-Assets: Azure API Center Portal jetzt verfügbar
Das von Azure verwaltete Portal ermöglicht Entwicklungsteams das unternehmensweite Entdecken, Testen und Verwalten von Programmierschnittstellen sowie modernen KI-Komponenten.
MS Techwiese
CVE SecScore ●●●○○ 31.05. 10:41
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
Information published.
MSRC Advisories
Advisory SecScore ●●●○○ 31.05. 10:41
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
MSRC Advisories
Advisory SecScore ●●●○○ 31.05. 10:41
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
MSRC Advisories
Advisory SecScore ●●●○○ 31.05. 10:40
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:40
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:40
CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:39
CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:04
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:03
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:02
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:02
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:02
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:02
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:02
CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:02
CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:02
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:01
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:01
CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:01
CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:01
CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c
Information published.
MSRC Advisories
CVE SecScore ●●●○○ 31.05. 10:01
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
Information published.
MSRC Advisories
CVE SecScore ●●●●○ 30.05. 20:02
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]
BleepingComputer
CVE SecScore ●●●●○ 30.05. 08:41
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS…
The Hacker News
Microsoft SecScore ●●●○○ 30.05. 02:06
Malicious npm packages abuse dependency confusion to profile developer environments
A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportun…
Microsoft Security
Microsoft SecScore ●●●○○ 29.05. 18:00
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. The post Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection appeared first on Microsoft Sec…
Microsoft Security
CVE SecScore ●●●●○ 29.05. 16:39
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network usi…
The Hacker News
Microsoft SecScore ●●●○○ 29.05. 09:45
Die wichtigsten News der Kalenderwoche 22/2026: Azure, KI und mehr
Was hat sich in der vergangenen Woche für Developer und IT-Pros getan? Was waren die wichtigsten Ankündigungen? Gab es neue Lernressourcen? Unser TechWiese-Team hat jede Menge Links für dich zusammengestellt.
MS Techwiese
Microsoft SecScore ●●●○○ 29.05. 05:04
Typosquatted npm packages used to steal cloud and CI/CD secrets
The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report details the attack chain, detection opportunities, and mitigation guidance to hel…
Microsoft Security
APT SecScore ●●●●○ 28.05. 17:26
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver a credential-stealing malware family dubbed EKZ Infostealer. "…
The Hacker News
Ransomware SecScore ●●●○○ 28.05. 17:00
The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propag…
Microsoft Security
CVE SecScore ●●●○○ 28.05. 15:53
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and …
The Hacker News
CVE SecScore ●●●○○ 28.05. 15:44
Microsoft’s stance on zero day exploits is a dumpster fire of their own making
DoublePulsar
Breach SecScore ●●●○○ 28.05. 15:33
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed in…
The Hacker News
Ransomware SecScore ●●○○○ 28.05. 12:00
2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 World Cup: Discussing The World’s Biggest G…
Unit 42
Ransomware SecScore ●●●●○ 28.05. 09:22
Kemper - 269,299 breached accounts
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environ…
HaveIBeenPwned
Malware SecScore ●●●○○ 27.05. 18:10
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from…
The Hacker News
Microsoft SecScore ●●●○○ 27.05. 14:58
Investigating suspicious AI workflows in Microsoft Entra Agent ID: Autonomous agents
Read our primer on how to detect and respond to an autonomous agent escalating privileges and persisting in your Entra ID tenant
Red Canary
Malware SecScore ●●●○○ 27.05. 13:48
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign…
The Hacker News
Malware SecScore ●●●○○ 27.05. 09:45
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique exte…
The Hacker News
Microsoft SecScore ●●●●● 27.05. 08:00
Azure Files: Native Entra-ID-Authentifizierung für SMB-Dateifreigaben
Die allgemeine Verfügbarkeit von Entra-Only-Identitäten für Azure Files SMB ermöglicht cloudnativen, identitätsbasierten Dateizugriff ohne Active Directory.
MS Techwiese
Microsoft SecScore ●●●○○ 26.05. 23:35
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post From poisoned search results to GPU minin…
Microsoft Security
CVE SecScore ●●●●● 26.05. 13:49
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerabil…
The Hacker News
Microsoft SecScore ●●○○○ 26.05. 08:40
Ganzheitliche Performance für anspruchsvolle Azure-IaaS-Workloads
Ein aufeinander abgestimmtes Zusammenspiel von Compute, Storage und Netzwerk verhindert Engpässe und sichert konsistente Leistung für KI, Cloud-Native und geschäftskritische Systeme.
MS Techwiese
Blog SecScore ●○○○○ 26.05. 00:52
Welcoming the Bhutanese Government to Have I Been Pwned
Today, we welcome the 45th government onboarded to Have I Been Pwned&#x2019;s free gov service: Bhutan. The Bhutan Computer Incident Response Team, BtCIRT, now has access to monitor Bhutanese government domains against …
Troy Hunt
CVE SecScore ●●●○○ 25.05. 16:13
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking ol…
The Hacker News
CVE SecScore ●●●●○ 25.05. 14:02
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the explo…
The Hacker News
Malware SecScore ●●●○○ 25.05. 07:59
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious pa…
The Hacker News
Malware SecScore ●●●○○ 23.05. 18:07
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages we…
The Hacker News
Microsoft SecScore ●●●○○ 22.05. 19:00
Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms
Microsoft has been recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving the highest scores in both the current offering and strategy categories. The post Microsoft rec…
Microsoft Security
APT SecScore ●●●○○ 22.05. 18:53
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerber…
Microsoft Security
Microsoft SecScore ●●●○○ 22.05. 18:00
Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations
How Frontier firms secure AI at scale: read how Microsoft customers embed governance, identity, and cloud security to make protection an enabler of AI growth. The post Microsoft Security success stories: How St. Luke&#8…
Microsoft Security
APT SecScore ●●○○○ 22.05. 15:00
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns. The post Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns…
Unit 42
APT SecScore ●●●○○ 22.05. 12:00
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud appeared first…
Unit 42
Microsoft SecScore ●●●○○ 22.05. 09:21
Die wichtigsten News der Kalenderwoche 21/2026: Azure, SAP, KI und mehr
Was hat sich in der vergangenen Woche für Developer und IT-Pros getan? Was waren die wichtigsten Ankündigungen? Gab es neue Lernressourcen? Unser TechWiese-Team hat jede Menge Links für dich zusammengestellt.
MS Techwiese
Microsoft SecScore ●●●○○ 21.05. 18:00
What’s new in Microsoft Security: May 2026
Microsoft Security’s latest updates extend visibility, control, and protection across expanding ecosystems as organizations accelerate AI adoption. The post What’s new in Microsoft Security: May 2026 appeared first on M…
Microsoft Security
Malware SecScore ●○○○○ 21.05. 17:30
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21…
Unit 42
Microsoft SecScore ●●○○○ 21.05. 08:00
Cloud-Infrastruktur und autonome Prozesse: Microsoft und SAP erweitern Systemintegration
Eine vertiefte Plattform-Kopplung und agentenbasierte Workflows verbinden SAP-Geschäftsprozesse direkt mit der Microsoft-Cloud-Infrastruktur.
MS Techwiese
Breach SecScore ●●●●○ 21.05. 05:45
Windows93 / Myspace93 - 46,105 breached accounts
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k…
HaveIBeenPwned
Breach SecScore ●●●○○ 20.05. 19:48
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kube…
Microsoft Security
CVE SecScore ●●●●● 20.05. 14:00
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2008-4250 Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537 Micro…
CISA Advisories
Malware SecScore ●○○○○ 20.05. 12:00
Tracking TamperedChef Clusters via Certificate and Code Reuse
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate and Code Reuse appe…
Unit 42
Microsoft SecScore ●●○○○ 20.05. 08:00
Architektur-Trends im Wandel: Azure Cosmos DB im Zentrum moderner KI-Workloads
Drei fundamentale technologische Verschiebungen definieren die Daten- und Anwendungsarchitektur für datenintensive KI-Systeme neu.
MS Techwiese
Microsoft SecScore ●●○○○ 19.05. 08:00
Neues bei PostgreSQL: Von Upstream-Beiträgen bis zu KI-Integrationen
Microsoft vertieft das Engagement im PostgreSQL-Ökosystem durch signifikante Upstream-Beiträge, KI-Integrationen und spezialisierte Deployment-Modelle.
MS Techwiese
Ransomware SecScore ●●●○○ 19.05. 02:00
WantToCry ransomware remotely encrypts files
Brute-force attempts against SMB services can be early signs of an attackCategories: Threat ResearchTags: Ransomware, WantToCry, SMB
Sophos X-Ops
Microsoft SecScore ●●○○○ 18.05. 14:24
Digitale Souveränität: Cloud, Compliance & Resilienz für Unternehmen
Dieses E-Book zeigt, warum digitale Souveränität zur zentralen Führungsaufgabe wird und welche Fragen Unternehmen jetzt stellen müssen, um Innovation, Compliance und Kontrolle in Balance zu bringen.
MS Techwiese
Microsoft SecScore ●●○○○ 18.05. 07:38
Azure Red Hat OpenShift: Plattform-Modernisierung und produktionsreife KI-Workflows
Neuigkeiten vom Red Hat Summit 2026 zu Virtualisierung, Zero-Trust-Sicherheit und GPU-Infrastruktur für den produktiven KI-Einsatz auf Azure.
MS Techwiese
Malware SecScore ●○○○○ 15.05. 12:00
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer&#039;s Evolved Tactics: Hiding in Plain Sight…
Unit 42
Microsoft SecScore ●●○○○ 15.05. 07:39
Microsoft Cloud & AI Frontier Week: Von der KI-Vision zur skalierbaren Umsetzung
Das fünftägige Digital-Event bietet IT-Pros und Developern praxisnahe Strategien für die Implementierung von Agentic AI und modernen Dateninfrastrukturen.
MS Techwiese
CVE SecScore ●●●●○ 14.05. 18:02
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN v…
Talos Intelligence
Blog SecScore ●○○○○ 14.05. 05:49
Welcoming the Bahamian Government to Have I Been Pwned
Today, we welcome the 44th government onboarded to Have I Been Pwned&#x2019;s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government dom…
Troy Hunt
Microsoft SecScore ●●○○○ 13.05. 07:38
Azure IaaS: Defense in Depth und Secure-by-Design-Prinzipien
Azure IaaS implementiert eine mehrschichtige Sicherheitsarchitektur basierend auf der Secure Future Initiative für umfassenden Schutz von Infrastruktur-Workloads.
MS Techwiese
CVE SecScore ●●●○○ 13.05. 02:00
May’s Patch Tuesday hauls out 132 CVEs
With advisories, this month’s count approaches 300 – though many are already in placeCategories: Threat Research, X-opsTags: Patch Tuesday, MICROSOFT PATCH TUESDAY
Sophos X-Ops
CVE SecScore ●●●○○ 12.05. 21:57
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”. 
Talos Intelligence
Microsoft SecScore ●●○○○ 12.05. 07:35
Microsoft Build 2026: Skalierbare KI-Systeme und -Agenten im Fokus
Die Microsoft Build 2026 rückt die Entwicklung und Skalierung von Agenten-Workflows sowie Multi-Model-Systemen für die globale Developer-Community in den Mittelpunkt.
MS Techwiese
Microsoft SecScore ●●●○○ 12.05. 00:00
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advanced Misuse Techniqu…
Unit 42
CVE SecScore ●●●●● 11.05. 16:05
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware
The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows …
The DFIR Report
Microsoft SecScore ●●●○○ 11.05. 07:32
Microsoft Agent 365: Zentrale Steuerungsebene für KI-Agenten offiziell verfügbar
Agent 365 ermöglicht die herstellerübergreifende Observability, Governance und Absicherung von KI-Agenten.
MS Techwiese
Microsoft SecScore ●●●○○ 08.05. 07:29
Die wichtigsten News der Kalenderwoche 19/2025: Azure, KI, Fabric und mehr
Was hat sich in der vergangenen Woche für Developer und IT-Pros getan? Was waren die wichtigsten Ankündigungen? Gab es neue Lernressourcen? Unser TechWiese-Team hat jede Menge Links für dich zusammengestellt.
MS Techwiese
Microsoft SecScore ●●●○○ 07.05. 10:24
Microsoft Cloud & AI Frontier Week 2026 – fünf Tage KI-Wissen auf Azure
KI skalieren, Daten vereinheitlichen, souverän in der Cloud agieren: Die Microsoft Cloud & AI Frontier Week bringt vom 22. bis 26. Juni 2026 spannende Sessions direkt auf deinen Rechner.
MS Techwiese
Microsoft SecScore ●●○○○ 07.05. 08:31
Offiziell verfügbar: Bring Your Own Model für Foundry Agent Service
Unternehmen können nun eigene Modell-Gateways wie Azure API Management direkt mit dem Foundry Agent Service verbinden.
MS Techwiese
CVE SecScore ●●●●● 07.05. 02:00
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticate…
Unit 42
Blog SecScore ●○○○○ 06.05. 02:14
Weekly Update 502
It&apos;s a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will be teenagers to their early 20s), consistently gaining access to the data of massiv…
Troy Hunt
CVE SecScore ●○○○○ 06.05. 01:00
Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years
Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux…
Unit 42
Microsoft SecScore ●●●○○ 04.05. 18:00
Azure IaaS: Defense in depth built on secure-by-design principles
Security for cloud infrastructure is no longer defined by a single control, product, or boundary. Modern threats target identity, software supply chains, control planes, networks, and data simultaneously. The post Azure…
Azure Security Blog
Microsoft SecScore ●●●○○ 04.05. 08:24
Azure Local 2604: Disaggregierte Architekturen und SAN-Support für die Sovereign Cloud
Das Update 2604 ermöglicht die unabhängige Skalierung von Compute- und Storage-Ressourcen sowie die Integration bestehender SAN-Infrastrukturen in Azure-konsistente Umgebungen.
MS Techwiese
Threat Intel SecScore ●○○○○ 02.05. 01:00
Essential Data Sources for Detection Beyond the Endpoint
Unit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42.
Unit 42
Breach SecScore ●○○○○ 01.05. 00:00
That AI Extension Helping You Write Emails? It’s Reading Them First
Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails?…
Unit 42
Microsoft SecScore ●●●○○ 30.04. 20:00
Enforcing trust and transparency: Open-sourcing the Azure Integrated HSM
As cloud workloads become more agentic and AI systems handle increasingly sensitive data, trust must be engineered directly into infrastructure. Azure Integrated HSM brings hardware‑enforced key protection into Azure, e…
Azure Security Blog
Microsoft SecScore ●●●○○ 30.04. 08:28
Effiziente Telemetrie-Erfassung mit der Azure Monitor Pipeline
Eine neue, zentralisierte Ingestion-Ebene optimiert Durchsatz, Ausfallsicherheit und Kosten für großflächige Observability-Szenarien.
MS Techwiese
Microsoft SecScore ●○○○○ 27.04. 08:25
Kostenoptimierung in der Cloud: Hilfreiche Prinzipien für moderne Workloads
Strategien zur effizienten Verwaltung von Cloud-Ausgaben und zur Maximierung von KI-Investitionen.
MS Techwiese
Microsoft SecScore ●●○○○ 24.04. 22:30
TGR-STA-1030: New Activity in Central and South America
Unit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42.
Unit 42
Microsoft SecScore ●●○○○ 24.04. 08:28
Microsoft Build 2026: KI, Agenten & Cloud-Trends für Developer
Ein Blick auf die Microsoft Build 2026 mit Sessions zu KI-Agenten, Cloud-Plattformen und moderner Softwareentwicklung – inklusive Keynote, Highlights und Teilnahmeoptionen.
MS Techwiese
Microsoft SecScore ●○○○○ 24.04. 08:21
Die wichtigsten News der Kalenderwoche 17/2026: GitHub, KI, Data und mehr
Was hat sich in der vergangenen Woche für Developer und IT-Pros getan? Was waren die wichtigsten Ankündigungen? Gab es neue Lernressourcen? Unser TechWiese-Team hat jede Menge Links für dich zusammengestellt. 
MS Techwiese
APT SecScore ●●●○○ 23.04. 17:50
Microsoft Vibing — capturing screenshots and voice samples without governance
DoublePulsar
Advisory SecScore ●○○○○ 23.04. 14:00
International cyber agencies share fresh advice to defend against China-linked covert networks
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
NCSC UK
Microsoft SecScore ●●○○○ 22.04. 08:25
Azure MCP Server 2.0 für agentenbasierte Cloud-Automatisierung
Das stabile Release von Azure MCP Server 2.0 ermöglicht den Betrieb als selbstghosteter, remote verwalteter Server für sichere agentische Workflows.
MS Techwiese
Microsoft SecScore ●●○○○ 20.04. 08:21
Effiziente Kostenoptimierung durch Smart Tier für Azure Blob und Data Lake Storage
Das Smart Tier reduziert den Verwaltungsaufwand für komplexe Lifecycle-Regeln und sorgt für eine höhere Vorhersehbarkeit der Speicherkosten.
MS Techwiese
Microsoft SecScore ●●●●○ 17.04. 07:53
Die wichtigsten News der Kalenderwoche 16/2026: Microsoft Azure, Quantum Computing und mehr
Was hat sich in der vergangenen Woche für Developer und IT-Pros getan? Was waren die wichtigsten Ankündigungen? Gab es neue Lernressourcen? Unser TechWiese-Team hat jede Menge Links für dich zusammengestellt.
MS Techwiese
Microsoft SecScore ●●●●○ 15.04. 12:40
Version 1.0: Microsoft Windows IKE - Kritische Schwachstelle gefährdet Windows VPN-Server
BSI
CVE SecScore ●●●●● 14.04. 23:47
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in…
Krebs on Security
APT SecScore ●●●○○ 07.04. 14:00
APT28 exploit routers to enable DNS hijacking operations
Russian cyber actor APT28 exploit vulnerable routers to hijack DNS, enabling adversary‑in‑the‑middle attacks and theft of passwords and authentication tokens.
NCSC UK
APT SecScore ●●●○○ 07.04. 14:00
UK exposes Russian military intelligence hijacking vulnerable routers for cyber attacks
New advisory warns cyber threat group APT28 have exploited vulnerable edge devices to support malicious operations.
NCSC UK
Microsoft SecScore ●●●○○ 01.04. 18:00
Azure IaaS: Keep critical applications running with built-in resiliency at scale
Azure IaaS provides foundational capabilities across compute, storage, and networking to help organizations stay resilient. The post Azure IaaS: Keep critical applications running with built-in resiliency at scale appea…
Azure Security Blog
Advisory SecScore ●●○○○ 30.03. 14:00
Vulnerability affecting F5 BIG-IP APM
The NCSC is encouraging UK organisations to mitigate an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager.
NCSC UK
Microsoft SecScore ●●●●○ 25.03. 12:10
Version 1.0: Microsoft SharePoint - Angreifer nutzen kritische Schwachstelle aktiv aus
BSI
Microsoft SecScore ●●●●○ 04.03. 18:00
Azure IaaS: Explore new resources for building a stronger, more efficient infrastructure
As organizations accelerate digital transformation, infrastructure decisions increasingly shape how quickly teams can adopt AI, how reliably applications operate at global scale, and how effectively businesses respond t…
Azure Security Blog
Advisory SecScore ●○○○○ 25.02. 13:00
Exploitation of Cisco Catalyst SD-WAN
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.
NCSC UK
Ransomware SecScore ●●●○○ 23.02. 15:09
Apache ActiveMQ Exploit Leads to LockBit Ransomware
Key Takeaways An audio version of this report can be found on&#160;Spotify,&#160;Apple,&#160;YouTube,&#160;Audible, &#38;&#160;Amazon.&#160; This intrusion began in mid-February 2024 after a threat actor exploited a vul…
The DFIR Report
Microsoft SecScore ●●●○○ 17.02. 17:00
Azure reliability, resiliency, and recoverability: Build continuity by design
Modern cloud systems are expected to deliver more than uptime. Customers expect consistent performance, the ability to withstand disruption, and confidence that recovery is predictable and intentional. The post Azure re…
Azure Security Blog
CVE SecScore ●●●○○ 13.02. 11:25
Version 1.3: Ivanti EPMM - Aktive Angriffe über Zero-Day Schwachstellen beobachtet
BSI
Breach SecScore ●○○○○ 10.12. 13:00
Mistaking AI vulnerability could lead to large-scale breaches, NCSC warns
NCSC raises alert on “dangerous” misunderstanding of emergent class of vulnerability in generative artificial intelligence (AI) applications.
NCSC UK
Ransomware SecScore ●○○○○ 21.11. 00:55
What organisations can learn from the record breaking fine over Capita’s ransomware incident
DoublePulsar
APT SecScore ●●●○○ 05.11. 08:00
Microsoft strengthens sovereign cloud capabilities with new services
We continue to adapt our sovereignty approach—innovating to meet customer needs and regulatory requirements within our Sovereign Public Cloud and Sovereign Private Cloud. We are announcing a new wave of capabilities, bu…
Azure Security Blog
Ransomware SecScore ●●●●○ 04.11. 22:30
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May of 2025 Cyjax repo…
The DFIR Report
APT SecScore ●○○○○ 03.11. 19:44
CyberSlop — meet the new threat actor, MIT and Safe Security
DoublePulsar
Microsoft SecScore ●●●○○ 03.11. 18:00
Enhancing software supply chain security with Microsoft’s Signing Transparency
Microsoft is announcing the preview of Signing Transparency to address software supply chain threats that traditional code signing alone cannot fully prevent, building on the Zero Trust principle of “never trust, always…
Azure Security Blog
Microsoft SecScore ●●●○○ 28.10. 11:20
Version 1.0: Microsoft Exchange - Gefährdung für zehntausende Server nach Support-Ende für Versionen 2016 und 2019
BSI
Microsoft SecScore ●●●○○ 27.10. 12:10
Version 1.1: Microsoft WSUS - Notfallupdate schließt kritische Schwachstelle mit Proof-of-Concept
BSI
Microsoft SecScore ●●●○○ 23.10. 12:01
Microsoft builds on Recall with Gaming Copilot — fails basic privacy tests
DoublePulsar
Microsoft SecScore ●●●○○ 14.10. 20:00
Oracle Database@Azure offers new features, regions, and programs to unlock data and AI innovation
Oracle Database@Azure adds new AI-ready features, expands to 33 regions, and launches new partner and migration programs. The post Oracle Database@Azure offers new features, regions, and programs to unlock data and AI i…
Azure Security Blog
CVE SecScore ●●●●● 04.08. 10:15
Version 1.2: Microsoft SharePoint - Massive Ausnutzung einer Zero-Day Schwachstelle
BSI
Microsoft SecScore ●●●●○ 01.07. 17:00
Building secure, scalable AI in the cloud with Microsoft Azure
Forrester Research shows how Azure helps enterprises scale generative AI securely, overcoming infrastructure and compliance challenges to unlock real business value. The post Building secure, scalable AI in the cloud wi…
Azure Security Blog
Microsoft SecScore ●●●○○ 05.06. 17:00
Enhance AI security with Azure Prompt Shields and Azure AI Content Safety
Defend your AI systems with Prompt Shields—a unified API that analyzes inputs to your LLM-based solution to guard against direct and indirect threats. The post Enhance AI security with Azure Prompt Shields and Azure AI …
Azure Security Blog
CVE SecScore ●●●○○ 19.05. 02:05
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Key Takeaways The DFIR Report Services Table of Contents: Case Summary In late June 2024, an unpatched Confluence server was compromised via CVE-2023-22527, a template injection vulnerability, first from IP address 45.2…
The DFIR Report
Microsoft SecScore ●●●●○ 14.01. 19:45
Version 1.0: Microsoft Windows - Kritische Schwachstelle in Windows OLE
BSI