Articles tagged "Microsoft"

Found 136 articles

Actively Exploited

CISA has issued a warning about active exploitation of several vulnerabilities in on-premises SharePoint Server instances, specifically CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164. These vulnerabilities allow attackers to execute remote code and potentially steal sensitive data from affected systems. All supported versions of SharePoint Server, including the Subscription Edition, 2019, and 2016, are at risk. Organizations are advised to monitor their SharePoint Servers for unusual activities and to apply the latest patches from Microsoft. Additional vulnerabilities have been identified but are not yet known to be exploited, emphasizing the need for prompt updates and hardening measures to prevent possible breaches.

Read Original
Actively Exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, indicating they are being actively exploited in the wild. The vulnerabilities include two related to SonicWall SMA1000 Appliances, specifically a server-side request forgery and a code injection vulnerability. Additionally, there are two Microsoft vulnerabilities affecting Active Directory Federation Services and SharePoint Server, which involve insufficient access control and missing authentication for critical functions, respectively. These vulnerabilities pose significant risks, especially to federal agencies, as they can lead to total asset control by attackers post-exploitation. CISA's guidance encourages all organizations to prioritize remediation of these high-risk vulnerabilities to enhance their security posture.

Read Original
Critical
Siggen Backdoor Hits Windows Developers Via Infected Visual Studio Projects

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Researchers from Dr.Web have identified a new backdoor named Siggen that targets Windows developers. This malware spreads through infected Visual Studio projects and utilizes Steam for command and control (C2) operations. Once installed, it can steal sensitive information, including user credentials and cryptocurrency data. The incident poses a significant risk to developers who may unknowingly incorporate these malicious projects into their work, potentially compromising their systems and data. The use of a popular platform like Steam for C2 makes it a notable concern for the developer community and highlights the need for vigilance against such threats.

Read Original

A misconfigured Python web server used in a phishing operation targeting Microsoft 365 was discovered by Lexfo, a French cybersecurity firm. The server was left publicly accessible with directory listing enabled, allowing researchers to access a log file that contained the command used to run the server. This oversight led them to uncover not only the phishing toolkit but also two additional related operations. The exposed setup raises concerns about the security practices of attackers, as it can lead to further exploitation of users unaware of these phishing attempts. Organizations using Microsoft 365 should be vigilant and ensure their security measures are robust against such phishing schemes.

Read Original

Progress Software has advised ShareFile customers to shut down their Windows servers that run Storage Zone Controllers due to a credible external security threat. The company has temporarily restricted access to affected accounts as a precautionary measure while they investigate the situation. This warning raises concerns for businesses relying on ShareFile for secure file storage and collaboration, highlighting the potential risks associated with third-party services. Users are encouraged to take immediate action to protect their data until the issue is resolved. Progress is working closely with both internal and external security teams to address the threat effectively.

Read Original

Microsoft has rolled out a security update to address a serious vulnerability in its Malware Protection Engine, specifically CVE-2026-50656. This flaw, which affects Windows 10 and Windows 11, allows authenticated attackers to escalate their privileges to SYSTEM-level by exploiting improper link resolution before file access. The vulnerability was brought to light on June 10, and it poses a significant risk as it can be exploited with relatively low complexity. Users of affected systems should prioritize applying this update to safeguard their devices against potential attacks that could compromise system security.

+1 more
Read Original

Schneider Electric's PowerChute Serial Shutdown software has several vulnerabilities that could allow attackers to manipulate system files, inject malicious data, or gain unauthorized access to accounts. Versions 1.4 and earlier are affected by these security flaws, which include issues like improper path restrictions and output handling. If exploited, these vulnerabilities could disrupt services or expose sensitive information across critical sectors such as energy, healthcare, and transportation. Users of affected versions are urged to upgrade to version 1.5, which includes fixes for these issues. The vulnerabilities were disclosed recently, and it is crucial for organizations to address them promptly to mitigate potential risks.

Read Original

Microsoft is set to retire the Outlook Web Access (OWA) Light client in an upcoming update to Exchange Server. This lightweight version of the email client was designed for users with limited bandwidth or older devices. The discontinuation means that users relying on OWA Light will need to transition to the standard OWA client, which could impact their ability to access email if their devices or connections are not compatible. Microsoft has not yet specified a timeline for the retirement or provided detailed guidance on the transition process. This change could affect organizations with users who depend on the lighter version for remote access, potentially disrupting their workflow.

Read Original

Microsoft has addressed a significant vulnerability in its Defender software, identified as RoguePlanet (CVE-2026-50656). This flaw allows local attackers to escalate their privileges by exploiting the Malware Protection Engine, which is integral to Defender's malware scanning and removal functions. The vulnerability has a CVSS score of 7.8, indicating a high severity level. Users of Microsoft Defender should ensure they apply the latest security updates to protect against potential exploitation. This fix is crucial as it mitigates the risk of unauthorized access and control over affected systems, which could lead to further security breaches.

Read Original

Microsoft has addressed a significant vulnerability in its Defender antivirus software, dubbed RoguePlanet, which was made public nearly a month ago. This flaw, tracked as CVE-2026-50656, has a CVSS score of 7.8, indicating a high risk of privilege escalation. It affects the Microsoft Malware Protection Engine, specifically the 'mpengine.dll' component responsible for scanning and cleaning malware. If exploited, this vulnerability could allow attackers to gain SYSTEM privileges on affected systems, posing a serious security risk. Users of Microsoft Defender are urged to apply the latest security updates to protect their systems from potential exploitation.

Read Original

QuimaRAT is a new type of malware that can target multiple operating systems, including Windows, Linux, and macOS. It operates on a modular architecture, which means it can expand its capabilities through encrypted plugins that are delivered via a command-and-control infrastructure. This flexibility allows attackers to adapt the malware for various malicious purposes. The versatility of QuimaRAT raises concerns for users across different platforms, as it poses a significant risk to both personal and organizational security. Companies and individuals should be vigilant and consider implementing security measures to protect their systems from this evolving threat.

Read Original
Critical
Siemens SINEC OS

All CISA Advisories

Siemens has identified multiple vulnerabilities in its SINEC OS, particularly affecting the RUGGEDCOM RST2428P product. The issues stem from improper input validation, leading to potential allocation failures that could compromise system operations. Siemens has recommended users upgrade to version 4.0 or later to mitigate these risks. The vulnerabilities have been assigned CVE identifiers, indicating their recognition in the cybersecurity community. This situation is significant as it affects industrial control systems, which are critical for operational integrity and security.

+4 more
Read Original

A new phishing attack is exploiting the OAuth 2.0 Device Authorization Grant, commonly used for authenticating smart devices like TVs and printers. Attackers have created a fake Microsoft website that mimics the legitimate login process, tricking users into entering their credentials. This type of attack is particularly concerning as it targets users who may not be familiar with the intricacies of secure URL verification. As a result, anyone using devices that rely on OAuth for authentication could be at risk. Users are advised to be cautious and verify URLs carefully before entering sensitive information, especially when prompted by unexpected requests.

Read Original

Microsoft has addressed a bug that caused the Copilot Chat and related buttons to vanish from Classic Outlook for users with the Copilot Chat (Basic) license on Windows. This issue affected how users could access and utilize the Copilot features, potentially disrupting their workflow. The fix ensures that users can now regain access to these functionalities, which are designed to enhance productivity within Outlook. This is particularly important for organizations relying on these tools for efficient communication and task management. Users are encouraged to check their Outlook applications to confirm that the fix has been applied and that the Copilot features are functioning as intended.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in Microsoft SharePoint that is currently being exploited by attackers. This vulnerability, identified as CVE-2026-45659, allows for remote code execution, which means that hackers can run malicious code on affected systems. Organizations using SharePoint should take this threat seriously, as it could lead to unauthorized access and data breaches. Microsoft has already released a patch to address this issue, so it's crucial for users to apply the update as soon as possible to protect their systems from potential exploitation.

Read Original
Page 1 of 10Next