#microsoft
19 articles
Over 41 articles published between April 12 and June 1, 2026, tracked threats targeting Microsoft systems, with 7 critical and 20 high-severity incidents. Threat actors Secret Blizzard and Storm-2755 were observed, while critical vulnerabilities included CVE-2026-41089 (CVSS 9.8), CVE-2026-21643 (CVSS 9.1), and CVE-2026-40372 (CVSS 9.1). Affected sectors spanned enterprise, government, technology, and critical infrastructure, with global impact across Asia, Canada, Europe, and Japan.
CRITICALCVE-2026-41089: Windows Netlogon RCE Exploited in Wild
CVE-2026-41089 is a critical Windows Netlogon RCE now reported as exploited in the wild, with Microsoft CNA scoring it CVSS 9.8.
HIGHSecret Blizzard Upgrades Kazuar Backdoor Into P2P Botnet
Secret Blizzard evolved Kazuar into a modular P2P botnet with 150 config options, AMSI/ETW bypass, and silent-mode nodes. Microsoft details the three-module architecture.
HIGHMicrosoft Patches 120 Flaws in May 2026 Patch Tuesday Update
Microsoft's May 2026 Patch Tuesday fixes 120 vulnerabilities across Windows 11 25H2, 24H2, and 23H2. KB5089549 and KB5087420 include security fixes, Xbox mode, and batch file...
CRITICALMicrosoft Patches 137 Flaws, SSO Plugin Bug Rated Critical
CVE-2026-41103 in Microsoft SSO Plugin for Jira & Confluence allows privilege escalation via flawed authentication.
CRITICALMicrosoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege
Microsoft released out-of-band patches for CVE-2026-40372, a 9.1-CVSS privilege escalation flaw in ASP.NET Core affecting all supported versions.
HIGHWindows Snipping Tool Vulnerability Leaks NTLM Hashes via Malicious Links
CVE-2026-33829 in Windows Snipping Tool allows attackers to steal NTLMv2 hashes via malicious links. A public PoC exploit targets the ms-screensketch protocol to enable credential relay attacks.
HIGHThreat Actors Impersonate IT Helpdesk via Microsoft Teams to Deploy Quick Assist
Threat actors are using Microsoft Teams to impersonate IT helpdesk staff, tricking employees into installing Microsoft's own Quick Assist tool to grant attackers full remote control of corporate systems.
CRITICALMicrosoft Office Excel Flaw Exploited in Active Attacks
CISA orders federal agencies to patch CVE-2009-0238, a 17-year-old Microsoft Office Excel remote code execution flaw, by April 28, 2026, due to active exploitation.
HIGHMicrosoft Patches Windows win32kfull Local Privilege Escalation Vulnerability
Microsoft has patched a local privilege escalation vulnerability (CVE-2026-33104) in the Windows win32kfull driver, which could allow authenticated attackers to gain SYSTEM privileges. The flaw was disclosed by the Zero Day Initiative.
HIGHMicrosoft vcpkg OpenSSL Vulnerability Enables Local Privilege Escalation
A vulnerability (CVE-2026-34054) in the Microsoft vcpkg port of OpenSSL allows local attackers to escalate privileges on affected systems, earning a CVSS score of 7.8.
HIGHMicrosoft Windows Secure Kernel Double Free Vulnerability Enables Local
A double-free vulnerability (CVE-2026-26179) in the Microsoft Windows Secure Kernel allows local attackers to escalate privileges, potentially to SYSTEM. The flaw, rated 7.5 CVSS, requires an attacker to first execute high-privileged code.
HIGHMicrosoft Windows Snipping Tool Vulnerability Enables Remote Code Execution
A vulnerability (CVE-2026-32183) in the Microsoft Windows Snipping Tool allows remote attackers to execute arbitrary code via a malicious file or webpage, requiring only user interaction to trigger the exploit.
HIGHMicrosoft Patches Defender Zero-Day Allowing Local Privilege Escalation
Microsoft patches CVE-2026-33825, an 'Important' zero-day flaw in the Microsoft Defender Antimalware Platform that allows local attackers to escalate privileges to SYSTEM. The vulnerability was publicly disclosed on April 14, 2026.
HIGHMicrosoft Confirms Active Exploitation of SharePoint Zero-Day Spoofing Flaw
Microsoft warns that a critical spoofing vulnerability, CVE-2026-32201, in SharePoint Server is being actively exploited. The flaw allows attackers to bypass authentication and access sensitive data.
HIGHMicrosoft Edge WebView2 Runtime Abused for Proxy Execution and Defense Evasion
Offensive security researchers detail how the trusted Microsoft Edge WebView2 Runtime is being weaponized for proxy execution, allowing attackers to load malicious code under a legitimate, signed Microsoft process to evade detection.
HIGHCISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, Adobe
CISA added six vulnerabilities in Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities catalog, warning of active in-the-wild attacks requiring urgent patching.
HIGHMicrosoft Patches Exploited SharePoint Zero-Day Among 161 Vulnerabilities
Microsoft's April 2025 Patch Tuesday addresses 161 CVEs, including an actively exploited zero-day in SharePoint Server (CVE-2025-27088) and a critical RCE in Windows DNS (CVE-2025-27080).
HIGHCanadian Payroll Phishing Campaign Exploits Office 365 Search Poisoning
A financially motivated group is hijacking Office 365 search results to steal employee paychecks via phishing and account takeover.
HIGHVENOM PhaaS Platform Targets C-Suite Credentials in Sophisticated Campaign
A new phishing-as-a-service platform dubbed VENOM is being used to steal Microsoft credentials from senior executives via sophisticated, multi-stage email campaigns.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.