Tag Microsoft

Senator Criticizes Microsoft for Leaving Default Windows Settings Exposed to “Kerberoasting” Vulnerabilities

A leading U.S. senator has requested that the Federal Trade Commission (FTC) launch an inquiry into Microsoft, citing what he has termed “gross cybersecurity negligence.” This call to action stems from concerns regarding the company’s continued reliance on the outdated RC4 encryption method, which is set as the default in…

Read MoreSenator Criticizes Microsoft for Leaving Default Windows Settings Exposed to “Kerberoasting” Vulnerabilities

China-Linked Silk Typhoon Broadens Cyber Attacks to Target IT Supply Chains for Initial Access

The group known as Silk Typhoon—previously referred to as Hafnium—has shifted its focus from exploiting vulnerabilities in Microsoft Exchange servers to targeting the information technology (IT) supply chain. This change in strategy aims to gain initial access to corporate networks, according to the Microsoft Threat Intelligence team’s recent report. Silk…

Read MoreChina-Linked Silk Typhoon Broadens Cyber Attacks to Target IT Supply Chains for Initial Access

Hackers Breach 18 NPM Packages in Supply Chain Attack

Relevant topics include Third Party Risk Management, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Developer Compromised by Phishing Attack Involving a Malicious Email Authored by Akshaya Asokan (asokan_akshaya), David Perera (@daveperera) • September 9, 2025 Image: Shutterstock An attacker compromised 18 widely-used npm packages by embedding cryptocurrency theft malware after…

Read MoreHackers Breach 18 NPM Packages in Supply Chain Attack

Microsoft Acknowledges EncryptHub, the Hacker Connected to Over 618 Breaches, for Revealing Windows Vulnerabilities

Microsoft recently acknowledged an individual operating under the EncryptHub alias for uncovering and reporting two significant security vulnerabilities in Windows. This acknowledgment depicts a complex profile of a person straddling a legitimate cybersecurity career while engaging in cybercriminal activities. According to a detailed analysis by Outpost24 KrakenLabs, the individual behind…

Read MoreMicrosoft Acknowledges EncryptHub, the Hacker Connected to Over 618 Breaches, for Revealing Windows Vulnerabilities

Microsoft Addresses 125 Vulnerabilities, Including Exploited Windows CLFS Flaw

In recent developments, Microsoft has unveiled critical security patches addressing a staggering array of 125 vulnerabilities across its software platforms. Among these, one vulnerability has been identified as under active exploitation in the wild, raising significant alarms within the cybersecurity community. Of the reported vulnerabilities, 11 are designated as Critical,…

Read MoreMicrosoft Addresses 125 Vulnerabilities, Including Exploited Windows CLFS Flaw

Microsoft Alerts Hospitality Sector to ClickFix Phishing Campaign Using Fake Booking[.]com Emails

Microsoft has issued a warning regarding a phishing campaign specifically targeting the hospitality sector by masquerading as the online travel agency Booking.com. This campaign employs an advanced social engineering technique known as ClickFix to deliver malware designed to steal user credentials. According to Microsoft’s threat intelligence team, this activity has…

Read MoreMicrosoft Alerts Hospitality Sector to ClickFix Phishing Campaign Using Fake Booking[.]com Emails

Exploitation of Unpatched Windows Zero-Day Vulnerability by 11 State-Sponsored Threat Actors Since 2017

A recently identified unpatched vulnerability in Microsoft Windows has been exploited by a coalition of eleven state-sponsored hacking groups from nations including China, Iran, North Korea, and Russia. This ongoing cyber threat campaign, dating back to 2017, focuses on data theft, espionage, and financially motivated activities. The zero-day vulnerability, cataloged…

Read MoreExploitation of Unpatched Windows Zero-Day Vulnerability by 11 State-Sponsored Threat Actors Since 2017

Active Exploit: CVE-2025-24054 Targets NTLM Credentials During File Downloads

On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a medium-severity security vulnerability in Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog. This decision follows reports indicating that the flaw is actively being exploited in real-world scenarios. The vulnerability, identified as CVE-2025-24054, received a…

Read MoreActive Exploit: CVE-2025-24054 Targets NTLM Credentials During File Downloads