Tag Microsoft

Weekly Cybersecurity Update: EY Data Leak, Bind 9 Issues, Chrome Vulnerability, and Aardvark Agent Insights

This week’s cybersecurity highlights draw attention to rising threats stemming from misconfigurations, software vulnerabilities, and sophisticated malware. The incidents outlined below require the immediate focus of IT teams and business executives. ISC has addressed CVE-2025-5470 in BIND 9, a denial-of-service vulnerability impacting versions 9.16.0 to 9.18.26. The vulnerability enables server…

Read MoreWeekly Cybersecurity Update: EY Data Leak, Bind 9 Issues, Chrome Vulnerability, and Aardvark Agent Insights

Top 30 Critical Security Vulnerabilities Frequently Targeted by Hackers

In a recent joint advisory, intelligence agencies from Australia, the U.K., and the U.S. have highlighted critical vulnerabilities that were actively exploited during 2020 and 2021. This report underscores how swiftly threat actors can capitalize on publicly disclosed weaknesses in software, posing a significant risk to various organizations worldwide. The…

Read MoreTop 30 Critical Security Vulnerabilities Frequently Targeted by Hackers

Experts Suggest Chinese Hackers May Be Behind Multiple Attacks on Israel

A significant cybersecurity threat has emerged from a Chinese cyber espionage group known as UNC215, which has been stealthily targeting Israeli government entities and IT infrastructure since at least 2019. The group is notable for disguising its operations as Iranian hackers to evade detection, complicating forensic investigations aimed at tracing…

Read MoreExperts Suggest Chinese Hackers May Be Behind Multiple Attacks on Israel

Researchers Discover OS Downgrade Vulnerability Affecting Microsoft Windows Kernel

New Vulnerability Risks Driver Signature Enforcement on Windows Systems A recently uncovered attack method exposes vulnerabilities in Microsoft’s Driver Signature Enforcement (DSE) on fully updated Windows systems, enabling potential OS downgrade attacks. This breakthrough allows cybercriminals to load unsigned kernel drivers, paving the way for the deployment of custom rootkits.…

Read MoreResearchers Discover OS Downgrade Vulnerability Affecting Microsoft Windows Kernel

Hackers Utilize Morse Code in Phishing Attacks to Bypass Detection

Microsoft has reported a sophisticated year-long phishing campaign characterized by a remarkable ability to evade detection. The attackers exhibited a pattern of altering their obfuscation and encryption strategies approximately every 37 days, employing various techniques, including Morse code, to obscure their activities while extracting user credentials. The phishing attempts typically…

Read MoreHackers Utilize Morse Code in Phishing Attacks to Bypass Detection

Two Windows Vulnerabilities, Including a Zero-Day, Actively Exploited

Researchers have identified that two critical vulnerabilities in Windows operating systems are currently being exploited in widespread cyberattacks. One of these vulnerabilities is a zero-day flaw that has remained active since 2017, while the second is a significant bug that Microsoft has struggled to patch effectively. The zero-day vulnerability was…

Read MoreTwo Windows Vulnerabilities, Including a Zero-Day, Actively Exploited

Microsoft Confirms Data Leak Affecting Over 65,000 Companies Due to Server Misconfiguration

This week, Microsoft confirmed a significant security breach involving the inadvertent exposure of sensitive information belonging to thousands of customers. The incident stemmed from a security misconfiguration that left an endpoint publicly accessible on the internet without authentication, allowing potential unauthorized access to business transaction data. The company described the…

Read MoreMicrosoft Confirms Data Leak Affecting Over 65,000 Companies Due to Server Misconfiguration

Microsoft Alert: Extensive Phishing Campaigns Exploit Open Redirects

Microsoft has issued a stark warning concerning an extensive credential phishing campaign that exploits open redirector links in email communications. This tactic aims to deceive users into visiting malicious sites while circumventing traditional security measures. According to a report from the Microsoft 365 Defender Threat Intelligence Team, attackers combine these…

Read MoreMicrosoft Alert: Extensive Phishing Campaigns Exploit Open Redirects

Microsoft Alerts on Chinese Botnet Exploiting Router Vulnerabilities for Credential Theft

Microsoft Uncovers Chinese Botnet Targeting Organizations with Evasive Password Spray Attacks Microsoft has reported the activity of a Chinese threat actor known as Storm-0940, which is employing a sophisticated botnet identified as Quad7. This botnet has been linked to a series of highly evasive password spray attacks aimed at stealing…

Read MoreMicrosoft Alerts on Chinese Botnet Exploiting Router Vulnerabilities for Credential Theft