phishing attacks

In recent months, a sophisticated phishing campaign has exploited Microsoft 365's Direct Send feature, targeting over 70 organizations across the United States. This attack method allows cybercriminals to impersonate internal users and deliver phishing emails that bypass traditional security...

A sophisticated phishing campaign has been exploiting Microsoft 365's Direct Send feature, targeting over 70 organizations across various sectors in the United States since May 2025. This attack underscores the evolving tactics of cybercriminals and highlights the need for organizations to...

A new wave of phishing attacks has cast a harsh spotlight on the security assumptions underlying Microsoft 365, as cybercriminals adapt with alarming speed to exploit lesser-known features. Over the past two months, a sophisticated campaign has targeted more than 70 organizations across critical...

Four days of total digital silence. That was the stark reality for the 20 million users of YES24, South Korea’s largest online bookstore, after a catastrophic ransomware attack forced the entire platform—website and app—offline. Orders for books, reservations for concerts, and access to digital...

Anubis ransomware has emerged as a formidable threat in the cybersecurity landscape, employing a destructive wiper module that ensures victims lose their data irretrievably, even if they comply with ransom demands. This evolution in ransomware tactics underscores the increasing sophistication...

The rapid ascent of DeepSeek-R1, an advanced large language model (LLM), has not only captivated the AI community but also attracted the attention of cybercriminals. These malicious actors are exploiting the model's popularity to distribute sophisticated malware targeting Windows users. This...

The cybersecurity landscape has once again been upended by the recent discovery and exploitation of a critical remote code execution (RCE) vulnerability found in Microsoft Windows’ implementation of WebDAV. This zero-day, tracked as CVE-2025-33053, has been actively leveraged by the notorious...

Organizations across the globe are contending with a staggering rise in highly advanced phishing attacks that specifically target Microsoft 365 and Google accounts. At the heart of this surge is the Adversary-in-the-Middle (AitM) technique—a significant evolution in cybercriminal methodology...

For millions of organizations, Microsoft Word remains an indispensable productivity tool woven deeply into the fabric of daily business. When a critical vulnerability arises in such a ubiquitous application, the reverberations are felt across sectors—prompting questions about data security...

A newly disclosed vulnerability, CVE-2025-47175, has sent ripples through the Windows and cybersecurity communities due to its potential impact on Microsoft PowerPoint—a staple of modern business, education, and government environments. This remote code execution vulnerability, classified as a...

When the news broke about CVE-2025-47173—a remote code execution vulnerability affecting Microsoft Office—the severity of the flaw reverberated across IT communities and enterprise environments worldwide. This security weakness, rooted in improper input validation by Microsoft Office...

A new zero-day vulnerability has been identified in Microsoft Word, tracked as CVE-2025-47169, which exposes millions of Windows users to the risk of remote code execution through a heap-based buffer overflow. The flaw, already listed by Microsoft in its official Security Update Guide...

Microsoft Office has again found itself at the center of a serious security conversation with the recent disclosure of CVE-2025-47167, a remote code execution (RCE) vulnerability that exploits a classic but devastating software weakness: type confusion. As cyber threats continue to evolve and...

Microsoft Office has long held a place of critical importance in the daily workflows of individuals, businesses, and institutions worldwide. Its ubiquity, however, also makes it a high-value target for cyber attackers seeking to exploit vulnerabilities for unauthorized access, data theft, or...

A recent massive data breach has exposed over 184 million user records, compromising sensitive information from major platforms such as Apple, Google, Meta, Microsoft, Instagram, and Snapchat. The breach includes emails, passwords, and authorization URLs, all stored in plain text, making them...

CVE-2025-24054: Technical Summary and Mitigation Guidance What Is CVE-2025-24054? CVE-2025-24054 is a critical security vulnerability affecting Microsoft Windows systems’ NTLM (New Technology LAN Manager) authentication. The flaw arises from an “external control of file name or path” weakness in...

Phishing attacks continue to evolve, leveraging not only increasingly sophisticated social engineering techniques but also the legitimate tools and platforms users trust every day. The most recent wave of attacks, as publicized by cybersecurity researchers and industry reports, reveals that...

Phishing attacks have long exploited trusted platforms to deceive users, and a recent campaign has brought to light a particularly insidious method: leveraging Google Apps Script to compromise Microsoft 365 accounts. This tactic underscores the evolving sophistication of cyber threats and the...

As phishing threats continue to evolve, attackers are leveraging increasingly sophisticated methods that use legitimate cloud platforms to disguise their malicious campaigns. Recent research has uncovered a worrying trend: the abuse of Google Apps Script as a vehicle for launching convincing...

As cyber threats targeting Microsoft 365 continue to evolve, organizations must remain vigilant to protect their critical data and maintain operational integrity. Recent analyses have identified several pressing security challenges that demand immediate attention. 1. Privilege Escalation...