Microsoft has issued an emergency patch to address a critical vulnerability in its ASP.NET Core framework, which could allow unauthenticated attackers to gain SYSTEM-level privileges on devices running Linux or macOS applications. This vulnerability, identified as CVE-2026-40372, impacts versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package, an essential component…
A nation-state-sponsored Advanced Persistent Threat (APT) group known as Harvester has allegedly developed a new backdoor dubbed GoGra, designed to infiltrate and monitor Linux systems in India and Afghanistan. This group has been active since at least June 2021 and initially targeted Windows platforms primarily across South Asia, but recent…
June 03, 2021
Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.
With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.
Recurring Vulnerabilities: A Persistent Challenge in Cybersecurity June 3, 2021 Software vulnerabilities continue to plague organizations across the globe, as evidenced by the fact that Microsoft has addressed between 55 and 110 vulnerabilities every month this year. Alarmingly, 7% to 17% of these identified vulnerabilities have been classified as critical,…
June 03, 2021
Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.
With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.
Feb 23, 2013
Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…
Microsoft Falls Victim to Cyber Attack Date: February 23, 2013 In a significant cybersecurity breach, Microsoft has confirmed that it has become the latest target of a sophisticated cyber attack, affecting a limited number of its computers, including those within its Mac software division. The company reported that these systems…
Feb 23, 2013
Microsoft has confirmed that it is the latest target of a cyber attack, with a small number of its computers, including some within its Mac software division, infected by malware. The company noted that the malicious software shares similarities with those used in recent attacks on Facebook and Apple. Microsoft provided limited details about the breach, stating, “We have no evidence of customer data being affected and our investigation is ongoing.” During the investigation, it was determined that a small number of computers had been compromised employing tactics documented by other organizations. “This type of cyber attack is not unexpected for Microsoft and other companies facing persistent and determined adversaries,” the company remarked. Last week, Apple reported its…
Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website
On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”
Security Flaw in Microsoft Edge Could Have Exposed User Data Across Websites June 28, 2021 Microsoft recently issued updates to its Edge browser addressing two critical security vulnerabilities. Among these is a significant security bypass flaw that has raised concerns regarding the potential for malicious actors to inject and execute…
Microsoft Edge Vulnerability Could Have Allowed Hackers to Access Your Data on Any Website
On June 28, 2021, Microsoft released updates for the Edge browser addressing two security flaws, one of which involves a critical security bypass vulnerability. This flaw could potentially allow hackers to inject and execute arbitrary code across all websites. Identified as CVE-2021-34506 (CVSS score: 5.4), the issue is rooted in a universal cross-site scripting (UXSS) vulnerability that occurs when the browser’s automatic translation feature, powered by Microsoft Translator, is used. The vulnerability was discovered and reported by Ignacio Laurence along with Vansh Devgan and Shivam Kumar Singh from CyberXplore Private Limited. CyberXplore researchers explained, “Unlike conventional XSS attacks, UXSS exploits client-side vulnerabilities in the browser or extensions to create an XSS condition and run malicious code.”
On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.
Researchers Disclose PoC Exploit for Critical Windows RCE Vulnerability On June 30, 2021, news emerged regarding the brief online availability of a proof-of-concept (PoC) exploit linked to a critical remote code execution (RCE) vulnerability in the Windows Print Spooler service. This vulnerability, cataloged as CVE-2021-1675, was identified as potentially allowing…
On June 30, 2021, a proof-of-concept (PoC) exploit for a remote code execution vulnerability in the Windows Print Spooler, identified as CVE-2021-1675, was temporarily posted online before being removed. This security flaw, which Microsoft addressed in a Patch Tuesday update on June 8, 2021, could allow remote attackers to gain complete control over affected systems. The Print Spooler component, responsible for managing printer operations and loading drivers, poses significant risks due to its wide attack surface and high privilege level that enables the dynamic loading of third-party binaries. Shortly after the initial patch, Microsoft updated its assessment of the vulnerability’s impact from an elevation of privilege to remote code execution (RCE) and increased the severity rating.
On July 2, 2021, Microsoft confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability in the Windows Print Spooler differs from a previously addressed issue in its recent Patch Tuesday update. The company has observed active attempts to exploit this flaw, tracked under CVE-2021-34527, with a severity rating of 8.8 on the CVSS scale. All Windows versions are affected by this vulnerability. Microsoft stated, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.” Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create accounts with full user rights.
Microsoft Alerts on Critical Vulnerability Exploited in the Wild On July 2, 2021, Microsoft confirmed a severe vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler. Unlike a previous issue resolved in its Patch Tuesday update, this vulnerability is distinct and currently under active exploitation attempts. Microsoft has designated this flaw…
On July 2, 2021, Microsoft confirmed that the “PrintNightmare” remote code execution (RCE) vulnerability in the Windows Print Spooler differs from a previously addressed issue in its recent Patch Tuesday update. The company has observed active attempts to exploit this flaw, tracked under CVE-2021-34527, with a severity rating of 8.8 on the CVSS scale. All Windows versions are affected by this vulnerability. Microsoft stated, “A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations.” Successful exploitation could allow attackers to execute arbitrary code with SYSTEM privileges, enabling them to install programs, manipulate data, or create accounts with full user rights.
Microsoft Releases Urgent Patch for Critical PrintNightmare Vulnerability in Windows
Microsoft has issued an emergency out-of-band security update to address a critical zero-day vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler service. This flaw, tracked as CVE-2021-34527 (with a CVSS score of 8.8), enables remote threat actors to execute arbitrary code and potentially seize control of affected systems. The issue impacts all supported versions of Windows, and the company recently reported active exploitation attempts targeting this vulnerability. According to the CERT Coordination Center, the Windows Print Spooler service does not adequately restrict access to functionalities that allow users to add printers and drivers, thus enabling a remote authenticated attacker to execute arbitrary code with SYSTEM privileges. Notably, PrintNightmare encompasses both remote code execution and local privilege escalation vectors that could be exploited in various attacks.
Microsoft Releases Critical Emergency Patch for PrintNightmare Vulnerability July 7, 2021 Microsoft has announced the urgent deployment of an out-of-band security update aimed at addressing a severe zero-day vulnerability identified as “PrintNightmare.” This flaw, which impacts the Windows Print Spooler service, enables remote threat actors to execute arbitrary code, potentially…
Microsoft Releases Urgent Patch for Critical PrintNightmare Vulnerability in Windows
Microsoft has issued an emergency out-of-band security update to address a critical zero-day vulnerability, dubbed “PrintNightmare,” affecting the Windows Print Spooler service. This flaw, tracked as CVE-2021-34527 (with a CVSS score of 8.8), enables remote threat actors to execute arbitrary code and potentially seize control of affected systems. The issue impacts all supported versions of Windows, and the company recently reported active exploitation attempts targeting this vulnerability. According to the CERT Coordination Center, the Windows Print Spooler service does not adequately restrict access to functionalities that allow users to add printers and drivers, thus enabling a remote authenticated attacker to execute arbitrary code with SYSTEM privileges. Notably, PrintNightmare encompasses both remote code execution and local privilege escalation vectors that could be exploited in various attacks.
Storm-0501 Exploits Entra ID for Azure Data Exfiltration and Deletion in Hybrid Cloud Attacks
August 27, 2025
Ransomware / Cloud Security
The financially motivated threat actor known as Storm-0501 has been observed enhancing its tactics to carry out data exfiltration and extortion attacks in cloud environments. “Unlike traditional on-premises ransomware that relies on deploying malware to encrypt essential files across compromised network endpoints and negotiating for a decryption key, cloud-based ransomware represents a significant change,” noted the Microsoft Threat Intelligence team in a report shared with The Hacker News. “Utilizing cloud-native capabilities, Storm-0501 swiftly exfiltrates substantial data volumes, deletes data and backups within the victim’s environment, and demands ransom—all without conventional malware deployment.” Storm-0501 was initially documented by Microsoft nearly a year ago, focusing on its hybrid cloud ransomware attacks against sectors such as government, manufacturing, transportation, and law enforcement in the U.S.
Storm-0501 Leveraging Entra ID in Sophisticated Hybrid Cloud Attacks August 27, 2025 Ransomware / Cloud Security A financially motivated threat actor known as Storm-0501 has intensified its focus on cloud environments, employing advanced strategies for data exfiltration and extortion. Unlike traditional ransomware that typically employs malware to encrypt files across…
Storm-0501 Exploits Entra ID for Azure Data Exfiltration and Deletion in Hybrid Cloud Attacks
August 27, 2025
Ransomware / Cloud Security
The financially motivated threat actor known as Storm-0501 has been observed enhancing its tactics to carry out data exfiltration and extortion attacks in cloud environments. “Unlike traditional on-premises ransomware that relies on deploying malware to encrypt essential files across compromised network endpoints and negotiating for a decryption key, cloud-based ransomware represents a significant change,” noted the Microsoft Threat Intelligence team in a report shared with The Hacker News. “Utilizing cloud-native capabilities, Storm-0501 swiftly exfiltrates substantial data volumes, deletes data and backups within the victim’s environment, and demands ransom—all without conventional malware deployment.” Storm-0501 was initially documented by Microsoft nearly a year ago, focusing on its hybrid cloud ransomware attacks against sectors such as government, manufacturing, transportation, and law enforcement in the U.S.
