Microsoft has reported a sophisticated year-long phishing campaign characterized by a remarkable ability to evade detection. The attackers exhibited a pattern of altering their obfuscation and encryption strategies approximately every 37 days, employing various techniques, including Morse code, to obscure their activities while extracting user credentials. The phishing attempts typically…
Researchers have identified that two critical vulnerabilities in Windows operating systems are currently being exploited in widespread cyberattacks. One of these vulnerabilities is a zero-day flaw that has remained active since 2017, while the second is a significant bug that Microsoft has struggled to patch effectively. The zero-day vulnerability was…
This week, Microsoft confirmed a significant security breach involving the inadvertent exposure of sensitive information belonging to thousands of customers. The incident stemmed from a security misconfiguration that left an endpoint publicly accessible on the internet without authentication, allowing potential unauthorized access to business transaction data. The company described the…
Microsoft has issued a stark warning concerning an extensive credential phishing campaign that exploits open redirector links in email communications. This tactic aims to deceive users into visiting malicious sites while circumventing traditional security measures. According to a report from the Microsoft 365 Defender Threat Intelligence Team, attackers combine these…
Microsoft Uncovers Chinese Botnet Targeting Organizations with Evasive Password Spray Attacks Microsoft has reported the activity of a Chinese threat actor known as Storm-0940, which is employing a sophisticated botnet identified as Quad7. This botnet has been linked to a series of highly evasive password spray attacks aimed at stealing…
Microsoft has recently issued a warning regarding an actively exploited zero-day vulnerability affecting Internet Explorer. This flaw is being utilized to compromise Windows systems by means of malicious Microsoft Office documents. Identified as CVE-2021-40444 with a CVSS score of 8.8, the vulnerability resides in MSHTML, a proprietary browser engine that…
Business Continuity Management / Disaster Recovery, Cloud Data Security & Resilience, Governance & Risk Management Azure Outage Occurs Just Days After Major AWS DNS Disruption Cal Harrison • October 29, 2025 Image: Shutterstock On October 29, Microsoft’s Azure cloud and Office 365 systems encountered a significant outage caused by a…
Microsoft Azure Suffers Major Outage Amid Configuration Issues Microsoft’s Azure cloud platform, along with its widely utilized 365 services and gaming platforms such as Xbox and Minecraft, experienced significant outages around noon Eastern time on Wednesday. The company attributed these disruptions to “an inadvertent configuration change.” This incident represents the…
Governance & Risk Management, Patch Management Significant Vulnerability in Windows Server Update Services Exposed Akshaya Asokan (asokan_akshaya) • October 28, 2025 Image: bluestork/Shutterstock Concerns are mounting over the exploitation of a flaw in Windows Server Update Services (WSUS), especially after Microsoft expedited a patch addressing an issue that permits unauthenticated…
