Category: Microsoft

Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers

Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers Security researchers have identified the first documented instance of a malicious Microsoft Outlook add-in being used against users in real-world scenarios. A compromised meeting scheduler named AgreeTo was used to steal over 4,000 Microsoft account credentials, credit card numbers, and answers to banking security questions.…

February 12, 2026
Microsoft releases Windows 11 26H1 for select and upcoming CPUs

Microsoft releases Windows 11 26H1 for select and upcoming CPUs Microsoft has announced Windows 11 26H1, but it’s not for existing PCs. Instead, it will ship on devices with Snapdragon X2 processors and possibly other rumored ARM chips.w […] Mayank Parmar Go to bleepingcomputer

February 11, 2026
Microsoft releases Windows 10 KB5075912 extended security update

Microsoft releases Windows 10 KB5075912 extended security update Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates. […] Lawrence Abrams Go to bleepingcomputer

February 11, 2026
Microsoft to shut down Exchange Online EWS in April 2027

Microsoft to shut down Exchange Online EWS in April 2027 Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after nearly 20 years. […] Sergiu Gatlan Go to bleepingcomputer

February 6, 2026
Microsoft is Giving the FBI BitLocker Keys

Microsoft is Giving the FBI BitLocker Keys Microsoft gives the FBI the ability to decrypt BitLocker in response to court orders: about twenty times per year. It’s possible for users to store those keys on a device they own, but Microsoft also recommends BitLocker users store their keys on its servers for convenience. While that…

February 4, 2026
Microsoft: January update shutdown bug affects more Windows PCs

Microsoft: January update shutdown bug affects more Windows PCs Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. […] Sergiu Gatlan Go to bleepingcomputer

February 3, 2026
Microsoft to disable NTLM by default in future Windows releases

Microsoft to disable NTLM by default in future Windows releases Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. […] Sergiu Gatlan Go to bleepingcomputer

January 31, 2026
Microsoft fixes Outlook bug blocking access to encrypted emails

Microsoft fixes Outlook bug blocking access to encrypted emails Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recent update. […] Sergiu Gatlan Go to bleepingcomputer

January 31, 2026
Windows 11 KB5074105 update fixes boot, sign-in, and activation issues

Windows 11 KB5074105 update fixes boot, sign-in, and activation issues Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. […] Sergiu Gatlan Go to bleepingcomputer

January 31, 2026
Microsoft links Windows 11 boot failures to failed December 2025 update

Microsoft links Windows 11 boot failures to failed December 2025 update Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025 security update, which left systems in an “improper state.” […] Lawrence Abrams Go to bleepingcomputer

January 30, 2026
Microsoft Teams New Feature to Flag Suspicious One-to-One Calls

Microsoft Teams New Feature to Flag Suspicious One-to-One Calls A new security feature is being added to Teams to help organizations detect and stop voice-based scams and phishing attacks. The new “Report a Call” button will allow users to flag suspicious one-to-one calls directly from their Teams call history. As use of Microsoft Teams calling…

January 30, 2026
Microsoft patches actively exploited Office zero-day vulnerability

Microsoft patches actively exploited Office zero-day vulnerability Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. […] Sergiu Gatlan Go to bleepingcomputer

January 27, 2026
Microsoft investigates Windows 11 boot failures after January updates

Microsoft investigates Windows 11 boot failures after January updates Microsoft is investigating reports that some Windows 11 devices are failing to boot with “UNMOUNTABLE_BOOT_VOLUME” errors after installing the January 2026 Patch Tuesday security updates. […] Lawrence Abrams Go to bleepingcomputer

January 26, 2026
Microsoft Releases Out-of-Band Update KB5078127 to Fix Windows 11 File System and Outlook Freezes

Microsoft Releases Out-of-Band Update KB5078127 to Fix Windows 11 File System and Outlook Freezes An out-of-band (OOB) cumulative update, KB5078127, to address critical file system compatibility issues affecting Windows 11 users. The update resolves widespread problems introduced by the January 13, 2026, security update (KB5074109) that caused application freezes and cloud storage failures across multiple…

January 26, 2026
Microsoft releases emergency OOB update to fix Outlook freezes

Microsoft releases emergency OOB update to fix Outlook freezes Microsoft has released emergency, out-of-band updates on Saturday for Windows 10, Windows 11, and Windows Server to fix an issue that prevented Microsoft Outlook classic from opening when using PSTs stored in cloud storage. […] Lawrence Abrams Go to bleepingcomputer

January 25, 2026
Malicious AI extensions on VSCode Marketplace steal developer data

Malicious AI extensions on VSCode Marketplace steal developer data Two malicious extensions in Microsoft’s Visual Studio Code (VSCode) Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers. […] Bill Toulas Go to bleepingcomputer

January 24, 2026
Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign

Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise Through Trusted Vendor The attack…

January 24, 2026
Microsoft Teams to add brand impersonation warnings to calls

Microsoft Teams to add brand impersonation warnings to calls Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. […] Sergiu Gatlan Go to bleepingcomputer

January 23, 2026
Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs

Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs Microsoft has released multiple emergency, out-of-band updates for Windows 10, Windows 11, and Windows Server to fix two issues caused by the January Patch Tuesday updates. […] Lawrence Abrams Go to bleepingcomputer

January 19, 2026
Microsoft: Some Windows PCs fail to shut down after January update

Microsoft: Some Windows PCs fail to shut down after January update Microsoft has confirmed a new issue that prevents Windows 11 23H2 devices with System Guard Secure Launch enabled from shutting down. […] Sergiu Gatlan Go to bleepingcomputer

January 16, 2026
Microsoft disrupts massive RedVDS cybercrime virtual desktop service

Microsoft disrupts massive RedVDS cybercrime virtual desktop service Microsoft announced on Wednesday that it disrupted RedVDS, a massive cybercrime platform linked to at least $40 million in reported losses in the United States alone since March 2025. […] Sergiu Gatlan Go to bleepingcomputer

January 15, 2026
Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network

Microsoft SQL Server Vulnerability Allows Attackers to Elevate Privileges over a Network Microsoft released security updates on January 13, 2026, addressing a critical elevation of privilege vulnerability in SQL Server that enables authorized attackers to bypass authentication controls and gain elevated system privileges remotely. Tracked as CVE-2026-20803, the vulnerability stems from missing authentication mechanisms for…

January 15, 2026
Microsoft: Windows 365 update blocks access to Cloud PC sessions

Microsoft: Windows 365 update blocks access to Cloud PC sessions Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. […] Sergiu Gatlan Go to bleepingcomputer

January 14, 2026
Microsoft is retiring ‘Send to Kindle’ in Word

Microsoft is retiring ‘Send to Kindle’ in Word Microsoft is retiring a feature that allowed you to send your documents to Kindle straight from Microsoft Word. […] Mayank Parmar Go to bleepingcomputer

January 11, 2026
Microsoft may soon allow IT admins to uninstall Copilot

Microsoft may soon allow IT admins to uninstall Copilot Microsoft is testing a new policy that allows IT administrators to uninstall the AI-powered Copilot digital assistant on managed devices. […] Sergiu Gatlan Go to bleepingcomputer

January 10, 2026
Microsoft cancels plans to rate limit Exchange Online bulk emails

Microsoft cancels plans to rate limit Exchange Online bulk emails Microsoft announced today that it has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. […] Sergiu Gatlan Go to bleepingcomputer

January 7, 2026
Microsoft Teams to let admins block external users via Defender portal

Microsoft Teams to let admins block external users via Defender portal Microsoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations to members of their organization via Teams. […] Sergiu Gatlan Go to bleepingcomputer

December 25, 2025
Microsoft Unveils Hardware-Accelerated BitLocker to Enhance Performance and Security

Microsoft Unveils Hardware-Accelerated BitLocker to Enhance Performance and Security Microsoft has announced hardware-accelerated BitLocker, a significant security enhancement designed to eliminate performance bottlenecks caused by encryption on modern high-speed NVMe drives. The new technology addresses growing concerns about CPU overhead as storage devices become faster, particularly for users running intensive workloads such as gaming and…

December 25, 2025
Microsoft Teams strengthens messaging security by default in January

Microsoft Teams strengthens messaging security by default in January Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious. […] Sergiu Gatlan Go to bleepingcomputer

December 24, 2025
Microsoft Is Finally Killing RC4

Microsoft Is Finally Killing RC4 After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued…

December 23, 2025
Microsoft confirms Teams is down and messages are delayed

Microsoft confirms Teams is down and messages are delayed Microsoft Teams is experiencing issues, with thousands reporting problems sending messages, including delays. […] Mayank Parmar Go to bleepingcomputer

December 20, 2025
Microsoft Teams Down – Users Face Messaging Delays and Service Disruptions Worldwide

Microsoft Teams Down – Users Face Messaging Delays and Service Disruptions Worldwide In a major disruption to remote work and collaboration, Microsoft Teams experienced a significant outage on Friday, affecting thousands of users across multiple regions. Reports of messaging delays, failed message deliveries, and issues with other service functions began surging around 2:30 PM ET…

December 20, 2025
Windows 10 OOB update released to fix Message Queuing (MSMQ) issues

Windows 10 OOB update released to fix Message Queuing (MSMQ) issues This month’s extended security update for Windows 11 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks. […] Mayank Parmar Go to bleepingcomputer

December 19, 2025
Microsoft: December security updates cause Message Queuing failures

Microsoft: December security updates cause Message Queuing failures Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites. […] Sergiu Gatlan Go to bleepingcomputer

December 15, 2025
A big finish to 2025 in December’s Patch Tuesday

A big finish to 2025 in December’s Patch Tuesday A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up Angela Gunn Go to sophos

December 12, 2025
Smashing Security podcast #447: Grok the stalker, the Louvre heist, and Microsoft 365 mayhem

Smashing Security podcast #447: Grok the stalker, the Louvre heist, and Microsoft 365 mayhem On this week’s show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire’s lawn and ends with Grok happily doxxing real people, mapping out…

December 11, 2025
Windows PowerShell now warns when running Invoke-WebRequest scripts

Windows PowerShell now warns when running Invoke-WebRequest scripts Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing. […] Sergiu Gatlan Go to bleepingcomputer

December 10, 2025
Microsoft releases Windows 10 KB5071546 extended security update

Microsoft releases Windows 10 KB5071546 extended security update Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws. […] Lawrence Abrams Go to bleepingcomputer

December 10, 2025
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. […] Lawrence Abrams Go to bleepingcomputer

December 10, 2025
Introducing Sophos Intelix for Microsoft Security Copilot

Introducing Sophos Intelix for Microsoft Security Copilot Elevating threat intelligence for all Security Copilot users. Doug Aamoth Go to sophos

December 6, 2025
Introducing Sophos Intelix for Microsoft 365 Copilot

Introducing Sophos Intelix for Microsoft 365 Copilot Bringing Sophos threat intelligence directly into Microsoft 365 Copilot. Doug Aamoth Go to sophos

December 6, 2025
Microsoft Defender portal outage disrupts threat hunting alerts

Microsoft Defender portal outage disrupts threat hunting alerts Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities, including threat hunting alerts. […] Sergiu Gatlan Go to bleepingcomputer

December 3, 2025
Microsoft says new Outlook can’t open some Excel attachments

Microsoft says new Outlook can’t open some Excel attachments Microsoft is working to resolve a known issue that prevents some users from opening Excel email attachments in the new Outlook client. […] Sergiu Gatlan Go to bleepingcomputer

December 2, 2025
Microsoft: Windows updates make password login option invisible

Microsoft: Windows updates make password login option invisible Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional. […] Sergiu Gatlan Go to bleepingcomputer

November 29, 2025
Microsoft to Block External Scripts in Entra ID Logins to Enhance Protections

Microsoft to Block External Scripts in Entra ID Logins to Enhance Protections Microsoft has announced a significant security upgrade to its Microsoft Entra ID authentication process, as part of the company’s broader Secure Future Initiative. Microsoft is updating its Content Security Policy (CSP) to block the execution of external scripts during user sign-ins. This proactive…

November 28, 2025
Microsoft: Exchange Online outage blocks access to Outlook mailboxes

Microsoft: Exchange Online outage blocks access to Outlook mailboxes Microsoft is investigating an Exchange Online service outage that is preventing customers from accessing their mailboxes using the classic Outlook desktop client. […] Sergiu Gatlan Go to bleepingcomputer

November 26, 2025
Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed

Microsoft Teams Introduces New Feature to Boost Performance and Startup Speed Microsoft has announced a significant update to the Teams Desktop Client for Windows that aims to enhance performance and reduce startup times for calling features. The update, detailed in the Message Center notification MC1189656 published on November 25, 2025, introduces a new process architecture…

November 26, 2025
Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely

Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune. The flaw stems from the tool connecting to dropped Azure Blob storage accounts that attackers could register and control. How…

November 25, 2025
Nvidia confirms October Windows updates cause gaming issues

Nvidia confirms October Windows updates cause gaming issues Nvidia has confirmed that last month’s security updates are causing gaming performance issues on Windows 11 24H2 and Windows 11 25H2 systems. […] Sergiu Gatlan Go to bleepingcomputer

November 22, 2025
Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop

Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop Microsoft has released an out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly. […] Sergiu Gatlan Go to bleepingcomputer

November 22, 2025
Thunderbird adds native support for Microsoft Exchange accounts

Thunderbird adds native support for Microsoft Exchange accounts Thunderbird 145 has been released with full native support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol. […] Bill Toulas Go to bleepingcomputer

November 19, 2025
Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools

Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools Microsoft announced two new Windows 11 recovery features today at the Ignite developer conference, called Cloud Rebuild and Point-in-Time Restore (PITR), that aim to reduce downtime and make it easier to recover from system failures or faulty updates. […] Lawrence Abrams Go to bleepingcomputer

November 19, 2025
Microsoft to integrate Sysmon directly into Windows 11, Server 2025

Microsoft to integrate Sysmon directly into Windows 11, Server 2025 Microsoft announced today that it will integrate Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools. […] Lawrence Abrams Go to bleepingcomputer

November 19, 2025
Microsoft Integrated Azure Firewall With AI-powered Security Copilot

Microsoft Integrated Azure Firewall With AI-powered Security Copilot Microsoft has enhanced its cloud security capabilities by integrating Azure Firewall with Security Copilot, an AI-powered security solution designed to help security teams work faster and more efficiently. This integration allows security analysts to investigate malicious network traffic using simple, natural-language questions rather than complex technical queries.…

November 19, 2025
Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal

Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal Microsoft unveiled significant enhancements to threat intelligence at Ignite 2025, bringing the Threat Intelligence Briefing Agent directly into the Defender portal. This integration marks a pivotal shift in how security teams approach cyber defense, moving from reactive responses to proactive threat anticipation. The Threat…

November 19, 2025
Advancing Cybersecurity for Microsoft Environments

Advancing Cybersecurity for Microsoft Environments From certified MDR services to open threat intelligence frameworks, Sophos is delivering the clarity, context, and confidence organizations need to stay ahead of evolving threats. Sally Adam Go to sophos

November 19, 2025
Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors

Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors Microsoft has released an emergency Windows 10 KB5072653 out-of-band update to resolve ongoing issues with installing the November extended security updates. […] Lawrence Abrams Go to bleepingcomputer

November 18, 2025
Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors

Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors Microsoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. […] Lawrence Abrams Go to bleepingcomputer

November 16, 2025
Microsoft fixes bug causing false Windows 10 end-of-support alerts

Microsoft fixes bug causing false Windows 10 end-of-support alerts Microsoft has resolved a bug causing incorrect Windows 10 end-of-support warnings on systems with active security coverage or still under active support after installing the October 2025 updates. […] Sergiu Gatlan Go to bleepingcomputer

November 13, 2025
November Patch Tuesday does its chores

November Patch Tuesday does its chores A cleanup month brings 63 patches… wait, no, 68… how about 61? Angela Gunn Go to sophos

November 13, 2025
Microsoft: Windows 11 23H2 Home and Pro reach end of support

Microsoft: Windows 11 23H2 Home and Pro reach end of support Microsoft has reminded customers today that systems running Home and Pro editions of Windows 11 23H2 have stopped receiving security updates. […] Sergiu Gatlan Go to bleepingcomputer

November 12, 2025
Microsoft releases KB5068781 — The first Windows 10 extended security update

Microsoft releases KB5068781 — The first Windows 10 extended security update Microsoft has released the KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support last month. […] Lawrence Abrams Go to bleepingcomputer

November 12, 2025
How to use the new Windows 11 Start menu, now rolling out

How to use the new Windows 11 Start menu, now rolling out The Windows Start menu is getting its first major redesign since 2021 and will be rolled out to everyone with the November 11 Patch Tuesday update. […] Mayank Parmar Go to bleepingcomputer

November 10, 2025
Drilling Down on Uncle Sam’s Proposed TP-Link Ban

Drilling Down on Uncle Sam’s Proposed TP-Link Ban The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to…

November 10, 2025
Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday

Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday With the first Patch Tuesday following Windows 10’s end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU) program to remain protected against newly discovered security vulnerabilities. […] Lawrence Abrams…

November 9, 2025
Microsoft testing faster Quick Machine Recovery in Windows 11

Microsoft testing faster Quick Machine Recovery in Windows 11 Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. […] Sergiu Gatlan Go to bleepingcomputer

November 8, 2025
Windows 11 Store gets Ninite-style multi-app installer feature

Windows 11 Store gets Ninite-style multi-app installer feature The Microsoft Store on the web now lets you create a multi-app install package on Windows 11 that installs multiple applications from a single installer. […] Mayank Parmar Go to bleepingcomputer

November 6, 2025
Cloudflare Scrubs Aisuru Botnet from Top Domains List

Cloudflare Scrubs Aisuru Botnet from Top Domains List For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says…

November 6, 2025
Microsoft: October Windows updates trigger BitLocker recovery

Microsoft: October Windows updates trigger BitLocker recovery Microsoft has warned that some systems may boot into BitLocker recovery after installing the October 2025 Windows security updates. […] Sergiu Gatlan Go to bleepingcomputer

November 5, 2025
Microsoft removing Defender Application Guard from Office

Microsoft removing Defender Application Guard from Office Microsoft plans to remove Defender Application Guard from Office by December 2027, starting with the February 2026 release of Office version 2602. […] Sergiu Gatlan Go to bleepingcomputer

November 5, 2025
Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code

Hackers Exploit OneDrive.exe Through DLL Sideloading to Execute Arbitrary Code A sophisticated attack technique that exploits Microsoft’s OneDrive application through DLL sideloading, allowing threat actors to execute malicious code while evading detection mechanisms. The attack leverages a weaponized version.dll file to hijack legitimate Windows processes and maintain persistence on compromised systems. DLL sideloading exploits Windows’…

November 5, 2025
Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks

Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. […] Sergiu Gatlan Go to bleepingcomputer

November 4, 2025
Windows 11 Build 26220.7051 released with “Ask Copilot” feature

Windows 11 Build 26220.7051 released with “Ask Copilot” feature Windows 11 Build 26220.7051 is now rolling out to testers in the Windows Insider Program, and there are at least three new features, including Ask Copilot in the taskbar. […] Mayank Parmar Go to bleepingcomputer

November 2, 2025
Windows 11 tests shared Bluetooth audio support, but only for AI PCs

Windows 11 tests shared Bluetooth audio support, but only for AI PCs If you have two headphones, speakers, earbuds, or any other Bluetooth hardware, you can now use both simultaneously on a Copilot+ PC. […] Mayank Parmar Go to bleepingcomputer

November 1, 2025
Microsoft Edge gets scareware sensor for faster scam detection

Microsoft Edge gets scareware sensor for faster scam detection Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. […] Sergiu Gatlan Go to bleepingcomputer

November 1, 2025
LinkedIn gives you until Monday to stop AI from training on your profile

LinkedIn gives you until Monday to stop AI from training on your profile If you live in the UK/EU/Canada/Hong Kong, LinkedIn has given you until Monday to stop AI from training on your profile. You have to opt-out if you don’t want this to happen to your data. Take action now, and tell your friends.…

October 31, 2025
Microsoft fixes Media Creation Tool broken on some Windows PCs

Microsoft fixes Media Creation Tool broken on some Windows PCs Microsoft has confirmed that the Windows 11 Media Creation Tool (MCT) is working again on Windows 10 22H2 and Windows 11 25H2 systems. […] Sergiu Gatlan Go to bleepingcomputer

October 30, 2025
Microsoft: DNS outage impacts Azure and Microsoft 365 services

Microsoft: DNS outage impacts Azure and Microsoft 365 services Microsoft is suffering an ongoing DNS outage affecting customers worldwide, preventing them from logging into company networks and accessing Microsoft Azure and Microsoft 365 services. […] Sergiu Gatlan Go to bleepingcomputer

October 30, 2025
Windows 11 KB5067036 update rolls out Administrator Protection feature

Windows 11 KB5067036 update rolls out Administrator Protection feature Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu. […] Lawrence Abrams Go to bleepingcomputer

October 29, 2025
Microsoft Sued for Allegedly Misleading Millions to Subscribe for Microsoft 365 Subscriptions

Microsoft Sued for Allegedly Misleading Millions to Subscribe for Microsoft 365 Subscriptions Australia’s competition regulator has filed legal proceedings against Microsoft for allegedly misleading approximately 2.7 million Australian consumers regarding subscription options and pricing for Microsoft 365 plans. The Australian Competition and Consumer Commission claims that Microsoft deliberately concealed the availability of cheaper alternative plans…

October 29, 2025
Windows will soon prompt for memory scans after BSOD crashes

Windows will soon prompt for memory scans after BSOD crashes Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). […] Sergiu Gatlan Go to bleepingcomputer

October 28, 2025
Critical WSUS flaw in Windows Server now exploited in attacks

Critical WSUS flaw in Windows Server now exploited in attacks Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. […] Sergiu Gatlan Go to bleepingcomputer

October 25, 2025
Windows Server emergency patches fix WSUS bug with PoC exploit

Windows Server emergency patches fix WSUS bug with PoC exploit Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. […] Sergiu Gatlan Go to bleepingcomputer

October 24, 2025
HP pulls update that broke Microsoft Entra ID auth on some AI PCs

HP pulls update that broke Microsoft Entra ID auth on some AI PCs HP has pulled an HP OneAgent software update for Windows 11 that mistakenly deleted Microsoft certificates required for some organizations to log in to Microsoft Entra ID, effectively disconnecting them from their company’s cloud environments. […] Lawrence Abrams Go to bleepingcomputer

October 24, 2025
Meet the new Clippy: Microsoft unveils Copilot’s “Mico” avatar

Meet the new Clippy: Microsoft unveils Copilot’s “Mico” avatar Today, Microsoft introduced Mico, a new and more personal avatar for the AI-powered Copilot digital assistant, which the company describes as human-centered. […] Sergiu Gatlan Go to bleepingcomputer

October 24, 2025
Windows 11 KB5070773 emergency update fixes Windows Recovery issues

Windows 11 KB5070773 emergency update fixes Windows Recovery issues Microsoft has released an emergency update to fix the Windows Recovery Environment (WinRE), which became unusable on systems with USB mice and keyboards after installing the October 2025 security updates. […] Sergiu Gatlan Go to bleepingcomputer

October 21, 2025
Microsoft: October updates break USB input in Windows Recovery

Microsoft: October updates break USB input in Windows Recovery Microsoft has confirmed that this month’s security updates disable USB mice and keyboards in the Windows Recovery Environment (WinRE), making it unusable. […] Sergiu Gatlan Go to bleepingcomputer

October 20, 2025
CISA: High-severity Windows SMB flaw now exploited in attacks

CISA: High-severity Windows SMB flaw now exploited in attacks CISA says threat actors are now actively exploiting a high-severity Windows SMB privilege escalation vulnerability that can let them gain SYSTEM privileges on unpatched systems. […] Sergiu Gatlan Go to bleepingcomputer

October 20, 2025
Microsoft lifts more safeguard holds blocking Windows 11 updates

Microsoft lifts more safeguard holds blocking Windows 11 updates Microsoft has removed two more compatibility holds preventing customers from installing Windows 11 24H2 via Windows Update. […] Sergiu Gatlan Go to bleepingcomputer

October 18, 2025
Microsoft fixes highest-severity ASP.NET Core flaw ever

Microsoft fixes highest-severity ASP.NET Core flaw ever Earlier this week, Microsoft patched a vulnerability that was flagged with the “highest ever” severity rating received by an ASP.NET Core security flaw. […] Sergiu Gatlan Go to bleepingcomputer

October 18, 2025
Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections

Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections Microsoft’s October Windows 11 updates have broken the “localhost” functionality, making applications that connect back to 127.0.0.1 over HTTP/2 no longer function properly. […] Lawrence Abrams Go to bleepingcomputer

October 17, 2025
Microsoft disrupts ransomware attacks targeting Teams users

Microsoft disrupts ransomware attacks targeting Teams users Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers. […] Sergiu Gatlan Go to bleepingcomputer

October 17, 2025
October Patch Tuesday beats January ’25 record

October Patch Tuesday beats January ’25 record Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party Angela Gunn Go to sophos

October 16, 2025
Final Windows 10 Patch Tuesday update rolls out as support ends

Final Windows 10 Patch Tuesday update rolls out as support ends In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final free update for the operating system as it reaches the end of its support lifecycle. […] Lawrence Abrams Go to bleepingcomputer

October 15, 2025
Microsoft: Exchange 2016 and 2019 have reached end of support

Microsoft: Exchange 2016 and 2019 have reached end of support Microsoft has reminded that Exchange Server 2016 and 2019 reached the end of support and advised IT administrators to upgrade servers to Exchange Server SE or migrate to Exchange Online. […] Sergiu Gatlan Go to bleepingcomputer

October 15, 2025
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws Today is Microsoft’s October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching! […] Lawrence Abrams Go to bleepingcomputer

October 15, 2025
Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code

Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code Microsoft has disclosed a critical remote code execution flaw in its Internet Information Services (IIS) platform, posing risks to organizations relying on Windows servers for web hosting. Tracked as CVE-2025-59282, the vulnerability affects the Inbox COM Objects handling global memory, stemming from a race condition…

October 15, 2025
Microsoft restricts IE mode access in Edge after zero-day attacks

Microsoft restricts IE mode access in Edge after zero-day attacks Microsoft is restricting access to Internet Explorer mode in Edge browser after learning that hackers are leveraging zero-day exploits in the Chakra JavaScript engine for access to target devices. […] Bill Toulas Go to bleepingcomputer

October 14, 2025
Microsoft investigates outage affecting Microsoft 365 apps

Microsoft investigates outage affecting Microsoft 365 apps Microsoft is investigating an ongoing incident that is preventing some customers from accessing Microsoft 365 applications. […] Sergiu Gatlan Go to bleepingcomputer

October 14, 2025
Windows 11 23H2 Home and Pro reach end of support in 30 days

Windows 11 23H2 Home and Pro reach end of support in 30 days Microsoft has reminded customers again today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving security updates next month. […] Sergiu Gatlan Go to bleepingcomputer

October 11, 2025