Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

“Urgent reminder” tax scam wants to phish your Microsoft credentials

With tax season in full swing, we're seeing scammers flexing their social engineering muscles. Be prepared.

Malwarebytes
Open in Source
#web#microsoft#git#intel#pdf
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of

CVE-2025-21384: Azure Health Bot Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-26683: Azure Playwright Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online

Plus: Alleged Snowflake hacker will be extradited to US, internet restrictions create an information vacuum in Myanmar, and London gets its first permanent face recognition cameras.

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim’s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.

CVE-2025-2783: Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.93 3/26/2025 134.0.6998.177/.178

About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability

About Remote Code Execution – Veeam Backup & Replication (CVE-2025-23120) vulnerability. Veeam B&R is a client-server software solution for centralized backup of virtual machines in VMware vSphere and Microsoft Hyper-V environments. A deserialization flaw (CWE-502) lets an attacker run arbitrary code on a Veeam server. The necessary conditions: the Veeam server must be part of […]

EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware

The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,

DeepSeek users targeted with fake sponsored Google ads that deliver malware

With its growing popularity, sponsored Google search ads have started impersonating DeepSeek AI.