zero-day vulnerabilities

Microsoft’s October Patch Tuesday landed as a watershed software-security event: the company shipped fixes for an extraordinarily large set of vulnerabilities — widely reported as between 167 and 175 CVEs in a single cycle — including multiple actively exploited zero‑day elevation‑of‑privilege...

Microsoft’s October Patch Tuesday arrived as a high‑stakes operational moment: the company shipped fixes for a large, cross‑cutting set of vulnerabilities while simultaneously closing the chapter on Windows 10 support, removing a legacy in‑box driver, and patching at least two zero‑day...

Microsoft’s October Patch Tuesday landed as a heavy-duty operational event: the industry is parsing a torrent of fixes — reported between roughly 167 and 175 distinct Microsoft CVEs depending on the tracker used — and administrators must now triage a set of high‑impact remote code execution...

Microsoft’s October Patch Tuesday delivers one of the largest security refreshes of the year, fixing a broad set of issues across Windows, Azure Entra, ASP.NET Core, SharePoint and related components — including two actively exploited local elevation-of-privilege zero-days and multiple critical...

A new high-severity security flaw in Microsoft Exchange Server hybrid deployments has placed organizations worldwide on high alert, raising the specter of a “total domain compromise” that can cascade from on-premises environments to Microsoft’s cloud. The bug, designated CVE-2025-53786, has not...

Microsoft’s latest update to the Windows Subsystem for Linux, version 2.5.10, has landed with little fanfare but significant impact, quietly delivering a targeted security fix for users running Linux binaries on Windows 11. This release underscores an evolving strategy at Microsoft, where rapid...

A newly disclosed vulnerability in Delta Electronics’ DIAView industrial automation management system has put critical infrastructure sectors on high alert, as experts warn of the significant risk posed by remotely exploitable path traversal flaws that could allow attackers to access or alter...

A newly disclosed exploit chain targeting Microsoft SharePoint servers is sending shockwaves across enterprise IT and cybersecurity circles, revealing a sophisticated blend of zero-day and known vulnerabilities that enable cyber attackers to gain near-total control of systems. Security agencies...

Here is a summary of the main points from the article on The Register regarding China's accusation against US intelligence: Chinese Claims: China has accused US intelligence agencies of exploiting a Microsoft Exchange zero-day vulnerability to steal defense-related data and control more than 50...

In April 2025, Chinese authorities in Harbin accused the U.S. National Security Agency (NSA) of conducting sophisticated cyberattacks during the February Asian Winter Games, targeting critical infrastructure such as energy, transportation, and defense institutions in Heilongjiang province. The...

In July 2025, Microsoft issued a critical alert regarding active cyberattacks targeting SharePoint servers used by businesses and government agencies for internal document sharing. These attacks exploit a previously unknown "zero-day" vulnerability, leaving tens of thousands of servers...

The recent revelation that the U.S. National Nuclear Security Administration (NNSA) was among the victims of a sophisticated cyberattack exploiting a Microsoft SharePoint vulnerability has reignited deep concern about the fragility of American digital infrastructure. The implications extend far...

A sweeping cyberattack exploiting a critical vulnerability in Microsoft’s SharePoint server software has rippled across the globe, compromising a broad array of government institutions and businesses in just a matter of days. Security officials and private researchers confirm that the breach’s...

Microsoft has recently issued an urgent alert regarding active cyberattacks targeting its on-premises SharePoint Server software. These attacks have exploited previously unknown vulnerabilities, compromising approximately 100 organizations worldwide, including government agencies and businesses...

A wave of unease swept through global IT circles following reports of a sophisticated cyber attack targeting Microsoft SharePoint servers—an incident confirmed by Microsoft itself and now reverberating across thousands of organizations worldwide. The scale, details, and implications of the...

In the wake of a sweeping and sophisticated cyberattack, security vulnerabilities in Microsoft’s on-premises SharePoint Server software have thrust the global spotlight squarely onto the tech giant’s patch management process and the broad-reaching consequences when that system falters. As news...

A significant cybersecurity incident has recently unfolded, targeting Microsoft SharePoint servers worldwide. This attack has compromised numerous organizations, including government agencies and businesses, by exploiting previously unknown vulnerabilities in SharePoint's on-premises software...

Microsoft’s recent alert regarding active attacks on its widely used SharePoint server software has triggered urgent concern across public and private sectors. The company, in close collaboration with agencies such as CISA (Cybersecurity and Infrastructure Security Agency), DOD Cyber Defense...

A critical zero-day vulnerability in Microsoft's on-premises SharePoint Server has been actively exploited by cybercriminals and nation-state actors, prompting urgent warnings from Microsoft and cybersecurity experts. This flaw, identified as CVE-2025-53770 and CVE-2025-53771, allows...

Microsoft has recently issued an urgent alert regarding active cyberattacks targeting its on-premises SharePoint Server software. These attacks exploit previously unknown vulnerabilities, commonly referred to as "zero-day" exploits, allowing unauthorized access to sensitive organizational data...