it security

The Cybersecurity and Infrastructure Security Agency (CISA) has made an important update to its Known Exploited Vulnerabilities Catalog by adding two new vulnerabilities. This update is essential reading for IT administrators, security professionals, and even avid Windows users who want to keep...

Recent reports from cybersecurity watchdogs reveal a staggering attack on Microsoft 365 accounts. A massive botnet—compromising over 130,000 devices—is launching coordinated password spraying attacks, putting organizations that depend on Microsoft’s cloud services squarely in the crosshairs of...

In today’s fast-paced digital battlefield, cybercriminals are continually refining their tactics—and the latest assault is a prime example. A recent ITPro report reveals that threat actors are orchestrating a massive password spraying campaign targeting Microsoft 365 accounts. As Windows users...

In a bold move underscoring the increasing emphasis on cybersecurity within government infrastructure, New South Wales (NSW) has announced the appointment of Marie Patane as its new permanent cyber security chief. This decisive leadership change comes at a crucial time when regulators and...

In a bid to raise the bar on identity security, Microsoft is rolling out new, automatically deployed policies targeting a growing vulnerability: Device Code Flow attacks. Featured in the latest edition of Entra 🆔 News (#85), these updates mark another significant step in Microsoft’s ongoing...

On February 20, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued eight new advisories focused on vulnerabilities in Industrial Control Systems (ICS). Although these advisories primarily target industries using specialized control systems, the security lessons they offer...

In today's interconnected world, vulnerabilities can lurk in even the most niche systems. The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued an advisory that reveals a critical vulnerability within Carrier's Block Load software—a trusted HVAC load calculation program...

Microsoft’s latest security advisory has confirmed that an elevation of privilege vulnerability affecting Power Pages has been successfully mitigated. This issue, tracked as CVE-2025-24989, stemmed from an improper access control flaw—which, if left unaddressed, could have allowed unauthorized...

On February 19, 2025, Microsoft marked another milestone in its cybersecurity journey by being named a Leader in the 2025 Gartner® Magic Quadrant™ for Cyber-Physical Systems (CPS) Protection Platforms. This prestigious recognition underscores Microsoft’s steadfast commitment to protecting both...

Liongard Launches Beta for Real-Time M365 Monitoring In an era when cyber threats evolve by the minute, effective real-time security measures can make all the difference. Liongard—widely recognized as a leading Attack Surface Management (ASM) platform for IT service providers—has just unveiled...

Artificial Intelligence is rapidly reshaping the workplace, but its true potential only unfolds when organizations overcome entrenched communication barriers and older modes of IT operation. Recent discussions—such as the insightful webinar highlighted by CRN Australia featuring Paul Culmsee...

In today's rapidly evolving digital landscape, artificial intelligence is not just a futuristic buzzword—it’s an active transformative catalyst in modern workplaces. With tools like Microsoft Copilot leading the charge, organizations are discovering new ways to streamline workflows, boost...

In today’s ever-evolving cybersecurity landscape, attackers aren’t just content with infiltrating on-premises networks. Instead, sophisticated threat actors are shifting their focus to Cloud environments—specifically targeting your Microsoft Entra ID and Active Directory (AD) configurations. New...

In today’s ever-evolving cybersecurity landscape, vigilance remains paramount—even for industrial control systems. A recent advisory has sounded the alarm on a vulnerability affecting Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor devices. Although primarily deployed in the realm of...

A new alert on the Microsoft Security Response Center (MSRC) radar centers on the vulnerability dubbed CVE-2025-21359, identified as a Windows Kernel Security Feature Bypass. Though the official update guide offers minimal details beyond a terse “information published” message, the announcement...

Let’s dive into a cybersecurity issue that should have every Windows 11 user and enterprise administrator on high alert. Researchers have recently uncovered a sinister exploitation of IBM i Access Client Solutions (ACS), an essential tool for managing IBM i systems, which attackers have cleverly...

In the ever-evolving battle for securing digital infrastructures, particularly those sensitive enough to underpin critical industries, a vulnerability report such as this one is an urgent call to arms. Schneider Electric has recently disclosed two significant vulnerabilities in its EcoStruxure™...

Microsoft has flagged a critical new security vulnerability identifier, CVE-2025-21332, related to MapUrlToZone, a core feature in Windows security architecture. This flaw has been officially acknowledged by the Microsoft Security Response Center (MSRC) as of January 14, 2025. Here's a breakdown...

Microsoft recently disclosed a security vulnerability under CVE-2025-21360 that could allow an elevation of privilege attack within Microsoft AutoUpdate (MAU). For many, this app works silently in the background, ensuring your Microsoft Office apps or other Microsoft software stay updated. But...

Attention Windows users and system administrators: A newly disclosed vulnerability, identified as CVE-2025-21340, has emerged in Microsoft's Virtualization-Based Security (VBS). This sounds intimidating, right? Well, don’t worry—I’m here to break it down and explain why this vulnerability...