Microsoft Warns of Unpatched Office Vulnerability Leading to Data Breaches
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors
Sensitive information includes data whose exposure can enable identity theft, fraud, privacy violations, or targeted cyberattacks.
Search across headline titles and summaries.
Background for this topic.
Sensitive information is data whose unauthorized access, disclosure, alteration, or loss could harm people, organizations, or public interests. It can include personal identifiers, authentication secrets, financial and health records, proprietary business data, and information protected by law or contractual duty. Sensitivity depends on context: a data set may be restricted because of privacy obligations, competitive value, safety concerns, or national-security classification.
For security practitioners, the key issue is controlling the data throughout its lifecycle—from collection and use to storage, sharing, archiving, and deletion. Excessive privileges, exposed databases, insecure transfers, application logs, backups, and compromised accounts can all reveal sensitive data. Useful controls include data classification, least-privilege access, strong authentication, encryption in transit and at rest, retention limits, and monitoring for inappropriate access or transfer. A suspected exposure requires identifying what data was affected, preserving relevant evidence, containing access, and assessing privacy or regulatory notification duties.
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors
Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE)
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information
Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim's web browser and steal sensitive information from their account under specific circumstances