Microsoft Trusted Signing service abused to code-sign malware
Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. [...]
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. [...]
Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. [...]
Google Aims to Match Microsoft Defender With $32B Buy of Wiz's Cloud Security TechGoogle's plan to buy cloud security firm Wiz for $32 billion highlights its drive to compete with Microsoft Defender and expand multi-cloud protection, and will put pressure on AWS to respond. Forrester Analyst Andras Cser says Wiz will likely remain independent for now, easing integration hurdles.
Open Power AI Consortium Members Include Nvidia and MicrosoftTech giants and utility providers on Thursday formed an alliance to harness artificial intelligence for a more resilient power grid. More than two dozen organizations are participating in the Open Power AI Consortium led by the Electric Power Research Institute.
Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users' emails. [...]
Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware. [...]
A security researcher has observed threat actors exploiting vulnerabilities in a driver used by CheckPoint’s ZoneAlarm antivirus to bypass Windows security measures
Trend Research encounters new versions of the Albabat ransomware, which appears to target Windows, Linux, and macOS devices. We also reveal the group’s use of GitHub to streamline their ransomware operation.
Two malicious VSCode Marketplace extensions were found deploying in-development ransomware from a remote server, exposing critical gaps in Microsoft's review process. [...]
Also: France Temporarily Lifts Pavel Durov's Travel Ban Amid Telegram ProbeThis week, Paragon Solutions spread through WhatsApp, France suspended Pavel Durov's travel ban, Vapor malware hit 60M Android users, state-backed hackers exploit a Windows flaw, Western Alliance Bank exposed customers data, Apple fixed a passwords bug, and a sperm bank exposed customer information.
Microsoft has lifted an upgrade block that prevented Asphalt 8: Airborne players from upgrading their systems to Windows 11 24H2 due to compatibility issues. [...]
Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity
Trend Micro uncovered a method that nation-state threat actors are using to target victims via the Windows .Ink shortcut file extension.
Microsoft is investigating an ongoing outage preventing Outlook on the web users from accessing their Exchange Online mailboxes. [...]
Microsoft has fixed a bug causing the March 2025 Windows cumulative updates to mistakenly uninstall the AI-powered Copilot digital assistant from some Windows 10 and Windows 11 systems. [...]
Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT
The sneaky malware packs capabilities for system reconnaissance as well as credential and cryptocurrency theft.
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...]
Largest Cybersecurity Deal of All-Time Aims to Boost AI-Driven Multicloud SolutionsGoogle Cloud plans to acquire cloud security leader Wiz for $32 billion, integrating its AI-powered security capabilities to better protect companies across multiple cloud environments. The deal reinforces protections across multicloud environments, including AWS, Microsoft Azure, and Google Cloud.