2170 items
Unread (2160) All Dismissed
HIGH
CVE-2026-39803 (CVSS 7.5) — Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthen...
NVD CVE-2026-39803 24d ago
HIGH
Microsoft shares mitigation for YellowKey Windows zero-day
BleepingComputer breachesransomwaresupply-chain +48 18d ago
INFO
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
The Hacker News 24d ago
INFO
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
The Hacker News 24d ago
HIGH
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News 24d ago
INFO
Zero-Day Exploit Against Windows BitLocker
rss:schneier 19d ago
INFO
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
The Hacker News 19d ago
INFO
The New Phishing Click: How OAuth Consent Bypasses MFA
The Hacker News 18d ago
INFO
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
SecurityWeek 18d ago
HIGH
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
SecurityWeek 18d ago
INFO
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
rss:darkreading 18d ago
HIGH
Cybercrime service disrupted for abusing Microsoft platform to sign malware
BleepingComputer 18d ago
INFO
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
The Hacker News 17d ago
INFO
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News 17d ago
INFO
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
SecurityWeek 17d ago
INFO
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
The Hacker News 17d ago
INFO
Microsoft warns of new Defender zero-days exploited in attacks
BleepingComputer 17d ago
INFO
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
SecurityWeek 17d ago
INFO
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
rss:darkreading 16d ago
INFO
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The Record 15d ago
INFO
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
BleepingComputer 12d ago
INFO
Microsoft: Domain Controller lookup may fail on Windows Server 2016
BleepingComputer 12d ago
INFO
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
SecurityWeek 11d ago
INFO
Microsoft Defender can now automatically isolate hacked endpoints
BleepingComputer 11d ago
INFO
Microsoft Issues Out-of-Band SharePoint Patch
rss:darkreading 11d ago
INFO
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
The Hacker News 11d ago
INFO
Windows 11 KB5089573 update released with performance improvements
BleepingComputer 11d ago
INFO
Microsoft fixes KB5089549 Windows security update install issues
BleepingComputer 5d ago
INFO
Microsoft confirms outage affecting MFA, My Sign-Ins platform
BleepingComputer 5d ago
INFO
Microsoft fixes outage affecting MFA setup, MySignIn service
BleepingComputer 5d ago
INFO
Microsoft says it will not pursue security researchers after zero-day backlash
The Record 5d ago
INFO
Microsoft investigates Office Apps, Teams file access issues
BleepingComputer 5d ago
INFO
Microsoft's Zero-Day Legal Threats Spark Backlash
rss:darkreading 5d ago
INFO
Microsoft Threatening Security Researcher
rss:schneier 4d ago
INFO
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
SecurityWeek 4d ago
INFO
Microsoft Exchange Online outage causes email delays, failures
BleepingComputer 4d ago
INFO
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
rss:darkreading 4d ago
INFO
Microsoft's Coreutils project brings Linux commands to Windows
BleepingComputer 4d ago
INFO
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
The Hacker News 4d ago
INFO
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
SecurityWeek 4d ago
INFO
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News 3d ago
INFO
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
The Hacker News 3d ago
INFO
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
rss:darkreading 3d ago
INFO
VS Code Vulnerability Allows One-Click GitHub Token Theft
SecurityWeek 3d ago
INFO
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
The Record 2d ago
INFO
Microsoft blames unexpected Windows driver updates on caching issue
BleepingComputer 2d ago
INFO
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The Hacker News 2d ago
INFO
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
The Hacker News 1d ago
INFO
Chinese APT deploys new malware to keep access to hacked networks
BleepingComputer 1d ago
INFO
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
The Hacker News 1d ago
INFO
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
rss:darkreading breachesmalwarethreat-actors 24d ago
INFO
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm
rss:darkreading breachesmalwarethreat-actors 24d ago
HIGH
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
The Hacker News supply-chainbreachesmalware +19 20d ago
INFO
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
rss:darkreading 26d ago
INFO
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
rss:darkreading 25d ago
INFO
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
The Hacker News 25d ago
INFO
[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
The Hacker News 24d ago
INFO
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
The Hacker News 22d ago
INFO
Can Laws Stop Deepfakes? South Korea Aims to Find Out
rss:darkreading 20d ago
INFO
Processes and Culture Top Reasons Behind Data Breaches
rss:darkreading 17d ago
INFO
When Identity is the Attack Path
The Hacker News 17d ago
INFO
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The Hacker News 16d ago
INFO
Meta settles school district lawsuit claiming addictive design harmed students' mental health
The Record 15d ago
INFO
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
The Hacker News 14d ago
INFO
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News 12d ago
INFO
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
The Hacker News 12d ago
INFO
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
SecurityWeek 10d ago
INFO
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
SecurityWeek 8d ago
INFO
California AG sues 23andMe over 2023 breach exposing health data
BleepingComputer 8d ago
INFO
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
SecurityWeek 3d ago
INFO
Chrome 149 Patches 429 Vulnerabilities
SecurityWeek 1d ago
INFO
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The Record 1d ago
HIGH
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
SecurityWeek breachesransomwaresupply-chain +4 18d ago
INFO
Most Remediation Programs Never Confirm the Fix Actually Worked
The Hacker News 24d ago
INFO
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
rss:darkreading 18d ago
INFO
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
rss:darkreading 15d ago
INFO
What 2026 DBIR Confirms: Attacks Are Living in the Browser
BleepingComputer 1d ago
INFO
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
rss:schneier analysispolicy 24d ago
HIGH
CVE-2024-47091 (CVSS 7.8) — Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2....
NVD CVE-2024-47091 25d ago
INFO
Attackers Weaponize RubyGems for Data Dead Drops
rss:darkreading breachesmalwarethreat-actors +2 24d ago
INFO
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
The Hacker News 25d ago
INFO
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
The Hacker News 25d ago
INFO
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
The Hacker News supply-chainbreachesmalware +19 1d ago
INFO
VoidStealer Malware Darts Past Google Chrome's Encryption
rss:darkreading 31d ago
INFO
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
The Hacker News 25d ago
INFO
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
rss:googleprojectzero 25d ago
INFO
Google&#8217;s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
SecurityWeek 17d ago
INFO
Google accidentally exposed details of unfixed Chromium flaw
BleepingComputer 16d ago
INFO
Google API Keys Remain Active After Deletion
rss:darkreading 16d ago
INFO
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
The Hacker News 10d ago
INFO
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
SecurityWeek 10d ago
INFO
US charges Google security engineer with Polymarket insider trading
BleepingComputer 9d ago
INFO
Google Chrome adds session cookie theft protection for all users
BleepingComputer 8d ago
INFO
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
The Hacker News 6d ago
INFO
Google fixes one actively exploited Android zero-day, 124 flaws
BleepingComputer 4d ago
INFO
Google adds Android protection against AI deepfake scam calls
BleepingComputer 4d ago
INFO
Malicious Notifications Could Trick Google Gemini Users
rss:darkreading 3d ago
INFO
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
The Hacker News 3d ago
INFO
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
The Hacker News 3d ago
INFO
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
The Hacker News 3d ago
INFO
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
The Hacker News 2d ago
INFO
Gemini Voice Assistant Hijacked via Messaging Notifications
SecurityWeek 2d ago
CRITICAL
CVE-2025-11159 (CVSS 9.1) — Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 da...
NVD CVE-2025-11159 25d ago
HIGH
CVE-2026-44301 (CVSS 8.1) — Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses No...
NVD CVE-2026-44301 25d ago
HIGH
CVE-2026-42844 (CVSS 8.8) — Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user wit...
NVD CVE-2026-42844 25d ago
INFO
Patch Tuesday, May 2026 Edition
Krebs breachesthreat-actors 25d ago
MEDIUM
CVE-2026-42191 (CVSS 6.5) — OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implement...
NVD CVE-2026-42191 25d ago
HIGH
CVE-2026-34653 (CVSS 8.7) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34653 25d ago
HIGH
CVE-2026-34652 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34652 25d ago
HIGH
CVE-2026-34651 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34651 25d ago
HIGH
CVE-2026-34650 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34650 25d ago
HIGH
CVE-2026-34649 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34649 25d ago
HIGH
CVE-2026-34648 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34648 25d ago
HIGH
CVE-2026-34647 (CVSS 7.4) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34647 25d ago
HIGH
CVE-2026-34646 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34646 25d ago
HIGH
CVE-2026-34645 (CVSS 7.5) — Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier...
NVD CVE-2026-34645 25d ago
CRITICAL
CVE-2026-44343 (CVSS 9.8) — WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities aff...
NVD CVE-2026-44343 25d ago
HIGH
CVE-2026-44166 (CVSS 7.6) — Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situati...
NVD CVE-2026-44166 25d ago
HIGH
CVE-2026-42831 (CVSS 7.8) — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local...
NVD CVE-2026-42831 25d ago
MEDIUM
CVE-2026-42348 (CVSS 5.9) — OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. Prior to 0.2.0-alpha.1, when ...
NVD CVE-2026-42348 25d ago
HIGH
CVE-2026-40420 (CVSS 8.8) — Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate pr...
NVD CVE-2026-40420 25d ago
HIGH
CVE-2026-40419 (CVSS 7.8) — Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
NVD CVE-2026-40419 25d ago
HIGH
CVE-2026-40418 (CVSS 7.8) — Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges ...
NVD CVE-2026-40418 25d ago
HIGH
CVE-2026-40417 (CVSS 7.8) — Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges...
NVD CVE-2026-40417 25d ago
CRITICAL
CVE-2026-40379 (CVSS 9.3) — Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized ...
NVD CVE-2026-40379 25d ago
HIGH
CVE-2026-40367 (CVSS 8.4) — Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute co...
NVD CVE-2026-40367 25d ago
HIGH
CVE-2026-40366 (CVSS 8.4) — Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40366 25d ago
HIGH
CVE-2026-40364 (CVSS 8.4) — Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an una...
NVD CVE-2026-40364 25d ago
HIGH
CVE-2026-40363 (CVSS 8.4) — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code local...
NVD CVE-2026-40363 25d ago
HIGH
CVE-2026-40362 (CVSS 7.8) — Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code...
NVD CVE-2026-40362 25d ago
HIGH
CVE-2026-40361 (CVSS 8.4) — Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40361 25d ago
HIGH
CVE-2026-40360 (CVSS 7.8) — Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information...
NVD CVE-2026-40360 25d ago
HIGH
CVE-2026-40359 (CVSS 7.8) — Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40359 25d ago
HIGH
CVE-2026-40358 (CVSS 8.4) — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
NVD CVE-2026-40358 25d ago
HIGH
CVE-2026-35438 (CVSS 8.3) — Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges ov...
NVD CVE-2026-35438 25d ago
HIGH
CVE-2026-35436 (CVSS 8.8) — Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized att...
NVD CVE-2026-35436 25d ago
INFO
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
The Hacker News supply-chainbreachesmalware 25d ago
HIGH
CVE-2026-32687 (CVSS 7.8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
NVD CVE-2026-32687 25d ago
HIGH BleepingComputer Wed, 20 May 2026 07:31:15 UTC
Microsoft shares mitigation for YellowKey Windows zero-day
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/
TL;DR AI
A highly publicized data breach at a major US retailer exposed sensitive customer data, including credit card numbers and addresses, of approximately 106 million customers. The breach is believed to have occurred between 2014 and 2017, and was disclosed to affected customers in October 2019. The breach compromised the credit card data, as well as other customer information, through a vulnerability in the retailer's point-of-sale system.
breachesransomwaresupply-chainmalwarezero-day
Read full story ↗
Related coverage (48)
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
The Hacker News 24d ago
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
The Hacker News 24d ago
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News 24d ago
Zero-Day Exploit Against Windows BitLocker
rss:schneier 19d ago
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
The Hacker News 19d ago
The New Phishing Click: How OAuth Consent Bypasses MFA
The Hacker News 18d ago
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
SecurityWeek 18d ago
Microsoft Disrupts Malware-Signing Service Run by &#8216;Fox Tempest&#8217;
SecurityWeek 18d ago
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
rss:darkreading 18d ago
Cybercrime service disrupted for abusing Microsoft platform to sign malware
BleepingComputer 18d ago
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
The Hacker News 17d ago
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
The Hacker News 17d ago
Microsoft Rolls Out Mitigations for &#8216;YellowKey&#8217; BitLocker Bypass
SecurityWeek 17d ago
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
The Hacker News 17d ago
Microsoft warns of new Defender zero-days exploited in attacks
BleepingComputer 17d ago
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
SecurityWeek 17d ago
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
rss:darkreading 16d ago
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks
The Record 15d ago
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
BleepingComputer 12d ago
Microsoft: Domain Controller lookup may fail on Windows Server 2016
BleepingComputer 12d ago
Anthropic Expands Claude&#8217;s Enterprise Security Governance With 28 New Integrations
SecurityWeek 11d ago
Microsoft Defender can now automatically isolate hacked endpoints
BleepingComputer 11d ago
Microsoft Issues Out-of-Band SharePoint Patch
rss:darkreading 11d ago
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
The Hacker News 11d ago
Windows 11 KB5089573 update released with performance improvements
BleepingComputer 11d ago
Microsoft fixes KB5089549 Windows security update install issues
BleepingComputer 5d ago
Microsoft confirms outage affecting MFA, My Sign-Ins platform
BleepingComputer 5d ago
Microsoft fixes outage affecting MFA setup, MySignIn service
BleepingComputer 5d ago
Microsoft says it will not pursue security researchers after zero-day backlash
The Record 5d ago
Microsoft investigates Office Apps, Teams file access issues
BleepingComputer 5d ago
Microsoft's Zero-Day Legal Threats Spark Backlash
rss:darkreading 5d ago
Microsoft Threatening Security Researcher
rss:schneier 4d ago
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
SecurityWeek 4d ago
Microsoft Exchange Online outage causes email delays, failures
BleepingComputer 4d ago
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
rss:darkreading 4d ago
Microsoft's Coreutils project brings Linux commands to Windows
BleepingComputer 4d ago
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
The Hacker News 4d ago
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
SecurityWeek 4d ago
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News 3d ago
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
The Hacker News 3d ago
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
rss:darkreading 3d ago
VS Code Vulnerability Allows One-Click GitHub Token Theft
SecurityWeek 3d ago
Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
The Record 2d ago
Microsoft blames unexpected Windows driver updates on caching issue
BleepingComputer 2d ago
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The Hacker News 2d ago
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
The Hacker News 1d ago
Chinese APT deploys new malware to keep access to hacked networks
BleepingComputer 1d ago
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
The Hacker News 1d ago