Security news aggregator

Latest coverage for Microsoft

Stay updated on Microsoft's security innovations, latest threats, and best practices in information protection on our dedicated cybersecurity tag.

67 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Microsoft is a multinational technology company known for its software, hardware, and cloud services. In the context of information security, attention to Microsoft is essential since its products, including Windows operating systems, Office suite, and Azure cloud services, are widely used across personal and enterprise environments, making them a frequent target for cyber threats.

Microsoft's information security implications involve the management of vulnerabilities, implementation of security updates, and the development of advanced protection mechanisms to safeguard against malware, ransomware, phishing attacks, and other cyber threats. Additionally, Microsoft provides a range of security tools and services designed to improve the security posture of organizations, emphasizing identity and access management, threat protection, information protection, and security management.

The focus here extends to news about Microsoft's security updates, advisories, breach incidents involving Microsoft products, as well as innovative security technologies released by the company. Staying informed on Microsoft-related security news helps users and administrators maintain robust defenses in a landscape where threats continually evolve to exploit any weaknesses in popular systems and services.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 67 Filtered view

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first flaw, tracked as CVE-2026-8398, […]

More from Security Affairs 29 May 2026, 1:14 a.m. Incident · 2 stories Actively exploited CVE-2026-8398 America CISA CVE Flaw Microsoft Tools Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May […]

More from Security Affairs 24 May 2026, 7:54 p.m. Incident · 2 stories Actively exploited CVE-2026-9082 America CISA CVE Critical Exchange Server Flaw Microsoft Patch Vulnerability

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit

More from The Hacker News 3 Feb 2026, 10:12 p.m. Actively exploited CVE-2026-21509 CVE Disclosure Flaw Hacking Malware Microsoft Microsoft Office Nation State Russia Threat Actor Ukraine Zscaler

If at first you don’t succeed, patch and patch again More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, just days after Microsoft pushed an emergency patch and the US Cybersecurity and Infrastructure Security Agency added the bug to its Known Exploited Vulnerabilities catalog.…

More from The Register 28 Oct 2025, 12:54 p.m. Actively exploited CVE-2025-59287 CVE Critical Google Intel Microsoft Patch Remote Code Execution Vulnerability

Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. [...]

More from Bleeping Computer 22 Oct 2025, 11:24 p.m. Actively exploited CVE-2025-53770 CVE China Finance Government Microsoft Service Provider Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation

More from The Hacker News 23 Jul 2025, 4:40 p.m. Actively exploited CVE-2025-49704 CVE-2025-49706 America CISA CVE China Exploit Flaw Microsoft Vulnerability
Trend Micro Research, News and Perspectives 10 months, 1 week ago

Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)

CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse.

More from Trend Micro Research, News and Perspectives 22 Jul 2025, 12:00 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 Abuse CVE Flaw Insight Microsoft Patch Remote Code Execution Unauthenticated Vulnerability

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. [...]

More from Bleeping Computer 21 Jul 2025, 4:41 p.m. Actively exploited CVE-2025-53770 CVE-2025-53771 0-Day CVE Compromise Flaw Microsoft Patch Remote Code Execution Vulnerability