Microsoft will offer up to $5 million in bounty awards at this year's Zero Day Quest hacking contest, which the company describes as the "largest hacking event in history." [...]

Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. [...]

Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. [...]

Microsoft has expanded its.NET bug bounty program and increased rewards to $40,000 for some.NET and ASP.NET Core vulnerabilities. [...]

Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. [...]

Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of …

A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain. [...]

Brave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy. [...]

Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. [...]

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks. [...]

Critical zero-day vulnerabilities in Microsoft SharePoint, tracked as CVE-2025-53770 and CVE-2025-53771, have been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. [...]

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. [...]

Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. [...]

Today is Microsoft's July 2025 Patch Tuesday, which includes security updates for 137 flaws, including one publicly disclosed zero-day vulnerability in Microsoft SQL Server. [...]

Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...]

Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. [...]

Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp. [...]

Microsoft has announced plans to periodically remove legacy drivers from the Windows Update catalog to mitigate security and compatibility risks. [...]

Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs. [...]

Microsoft acknowledged a new issue caused by the June 2025 security updates, causing the DHCP service to freeze on some Windows Server systems. [...]

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]

Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. [...]

Researchers have unearthed two publicly available exploits that completely evade protections offered by Secure Boot, the industry-wide mechanism for ensuring devices load only secure operating system images during the boot-up process. Microsoft is taking action to block one exploit and allowing the other one to remain a viable threat …

Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed. [...]

Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. [...]