cybersecurity

If you’ve been keeping an eye on industrial control system (ICS) vulnerabilities, here’s a new one for your radar: Schneider Electric has reported a serious vulnerability affecting its Accutech Manager software. With a CVSS v3 score of 7.5—indicating high severity—this vulnerability isn’t...

What’s Happening in the Cloud? Hold onto your keyboards, WindowsForum readers—because 20,000 Microsoft Azure accounts in the European manufacturing sector have fallen victim to a targeted phishing campaign. That’s right, 20,000 accounts! According to researchers from Palo Alto Networks’ Unit 42...

When it comes to securing sensitive data in the cloud, Azure Key Vault has been Microsoft’s go-to service for protecting keys and secrets. But what happens when the very policies meant to secure your vault open doors for attackers? A newly discovered configuration flaw in Azure Key Vault’s...

The US Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant leap in enhancing cloud security for federal agencies. Enter Binding Operational Directive (BOD) 25-01: a mandatory directive designed to lock down vulnerabilities and secure Microsoft cloud environments in a...

In a chilling demonstration of how well-coordinated phishing campaigns can wreak havoc, attackers recently targeted corporate Microsoft Azure environments by wielding malicious DocuSign PDF files. These attacks, according to Palo Alto Networks' Unit 42, aimed at infiltrating European automotive...

Welcome to another cyber war zone update, where phishing tactics are cranking up the sophistication scale. This time, we’re diving into the lurking shadows of a major phishing campaign that weaponizes HubSpot’s Free Form Builder to target Microsoft Azure credentials, wreaking havoc across...

Heads up, Windows users — the Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two newly-added vulnerabilities that deserve everyone’s immediate attention. These vulnerabilities target two major software platforms: Adobe ColdFusion and Windows Kernel-Mode Driver...

In a laudable achievement for the cybersecurity realm, Torvald Johnson of Performanta was recently distinguished as a Microsoft Most Valuable Professional (MVP) in Security Copilot. If this news doesn’t make your metaphorical firewalls burst with pride, let’s break it down. This accolade not...

It’s a classic phishing tale, but this time, the stakes are raised higher than ever. Cybercriminals are trawling the depths of email inboxes with sophisticated phishing campaigns, targeting one of the most foundational tools for modern businesses—Microsoft Azure. What’s worse? They’re luring...

Picture this: over 600 million ransomware, phishing, and identity attacks hitting the internet every single day. That’s the alarming reality Microsoft encounters firsthand through its vast telemetry network. For businesses shrugging their shoulders at the onslaught of cyber threats, it might be...

In a noteworthy revelation, security researchers recently unveiled critical vulnerabilities within Microsoft's Azure Data Factory—a service often celebrated for its ability to seamlessly orchestrate data pipelines. Coupled with Apache Airflow, a popular open-source workflow scheduler, these...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) just dropped a bombshell directive—Binding Operational Directive (BOD) 25-01. What’s it all about? Simply put: U.S. federal agencies are now on notice to up their cybersecurity game in the cloud, starting with Microsoft 365. This...

The Hidden Threat Lurking in Legitimate Platforms A phishing campaign with a particularly devious strategy has emerged, targeting Microsoft's Azure account users through an exploitation of HubSpot, a popular customer relationship management (CRM) platform. This campaign focuses on industries...

In a sweeping cybersecurity move that has Windows and cloud professionals buzzing, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued its very first binding operational directive for 2025—BOD 25-01. The target? Microsoft 365 and its ecosystem. This isn’t just a casual...

In what feels like a digital love letter to tech enthusiasts, the latest developments across industries are brimming with AI-driven upgrades, cybersecurity challenges, enterprise solutions, and futuristic gadgets. Let's buckle up for a journey that includes QuickBooks' AI revolution, the magic...

The Cybersecurity and Infrastructure Security Agency (CISA) has stepped up its game to ensure the safety of federal systems. In its latest directive, the agency has rolled out a binding operational directive that orders all U.S. federal civilian agencies to align their Microsoft 365 cloud...

In a decisive move to combat cyber espionage and safeguard critical communications infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) has issued its latest guidance: "Mobile Communications Best Practice Guidance". This targeted advisory, published on December 18, 2024...

When we think of phishing, we traditionally imagine poorly executed emails riddled with typos that even the most casual observer could spot as fraudulent. But let’s be crystal clear: phishing isn’t what it used to be. Welcome to "HubPhish," an advanced phishing initiative targeting 20,000...

Something the first nine months of 2024 will be remembered for? Internet outages hit hard and fast, wreaking havoc on our increasingly digital lives. Ookla—yes, the same folks behind Speedtest—has just dropped a revealing report on major global service disruptions using data from their brilliant...

The realm of cybersecurity is getting a major shake-up, and if you’re an organization running on Microsoft 365, it's time to buckle up and take notice. The Cybersecurity and Infrastructure Security Agency (CISA), a U.S. federal body charged with guarding national digital infrastructure, has...