In its February 2024 Patch Tuesday updates, Microsoft has issued fixes for 73 security vulnerabilities across its software ecosystem, including two zero-day flaws currently under active exploitation. Among these vulnerabilities, five have been categorized as Critical and 65 as Important, while three have a Moderate severity rating. This release also…
On Wednesday, Microsoft disclosed that a severe security vulnerability, identified as CVE-2024-21410, within its Exchange Server software has been actively exploited in the wild. This revelation came shortly after the tech giant released fixes during its monthly Patch Tuesday updates. With a CVSS score of 9.8, the flaw represents a…
On Tuesday, officials from the U.S. government formally accused the Russian government of orchestrating the significant SolarWinds supply chain compromise unveiled last month. This allegation came as part of a broader assessment conducted by multiple agencies, including the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency…
A recent data breach has compromised accounts within Microsoft’s Outlook email service, raising significant concerns for users. The incident was confirmed by Microsoft and reported by The Hacker News. Hackers gained unauthorized access to a customer support portal, allowing them to view certain account-related information for a subset of Outlook…
Understanding the Escalating Cybersecurity Threats for SMBs In an era where cybersecurity breaches dominate headlines, the visibility of these risks extends beyond large enterprises to encompass small and medium-sized businesses (SMBs) and the public at large. This growing awareness among SMBs highlights the pressing need to bolster their security measures.…
Microsoft has announced the launch of an open-access automation framework known as PyRIT, which stands for Python Risk Identification Tool. This framework aims to proactively identify risks associated with generative artificial intelligence (AI) systems. According to Ram Shankar Siva Kumar, the AI red team lead at Microsoft, this red teaming…
Data Privacy, Data Security, Fraud Management & Cybercrime Class Action Lawsuit Claims Web Trackers Misused Patient Data Marianne Kolbasuk McGee (HealthInfoSec) • December 2, 2025 Kaiser Permanente has agreed to pay up to $47.5 million to resolve class action litigation related to its website tracking activities. Kaiser Permanente has reached…
Recent cybersecurity intelligence has revealed that the infamous Lazarus Group has exploited a newly patched privilege escalation vulnerability in the Windows Kernel as a zero-day attack. This exploit allows the adversaries to gain kernel-level access, enabling them to disable crucial security software on affected systems. The vulnerability, identified as CVE-2024-21338…
On Wednesday, Microsoft provided additional insights into the methodologies employed by the attackers behind the SolarWinds breach, one of the most intricate cybersecurity incidents in recent history. This deeper understanding is crucial as cybersecurity firms endeavor to gain a more definitive grasp of the attack’s sophisticated nature. Describing the attackers…
