Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products.

Threat Groups Hijack Microsoft 365 Accounts Using OAuth Device Code Exploit Security researchers warn that threat groups are ...

Proof-of-concept exploit created by Microsoft has apparently leaked to the Internet. Possible sources of the leak: Microsoft security partners or an employee An attack exploiting a recently patched ...

Ransomware operators have found a way to exploit a Microsoft Windows-signed driver from Paragon Partition Manager, posing a threat to system security. This allows attackers to deploy the driver with ...

Forbes contributors publish independent expert analyses and insights. Lars Daniel covers digital evidence and forensics in life and law. The Black Basta ransomware group has begun targeting internal ...

U.S. CERT issued a brief warning on its Web site Monday stating that the organization was "aware of active exploitation using malicious Microsoft Access databases." The U.S. CERT is the operational ...

Attackers are exploiting a 6-year-old Microsoft Office remote code execution (RCE) flaw to deliver spyware, in an email campaign weaponized by malicious Excel attachments and characterized by ...

Update, August 10, 2025: This story, originally published on August 7, has been updated with additional information following a demonstration of the shared service principal exploit at the Black Hat ...

New computer code that exploits a recently disclosed hole in Microsoft Corp.’s Internet Explorer Web browser is circulating on the Internet and could allow remote attackers to take full control of ...

In an era where cloud-based solutions and artificial intelligence are the cornerstones of digital transformation, security vulnerabilities in these platforms can have far-reaching impacts. One such ...