Rapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.

A Microsoft zero-day vulnerability that allows an unprivileged user to crash the Windows Remote Access Connection Manager ...

Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products.

The actively exploited zero-day bug — and the one therefore that needs high-priority attention — is CVE-2025-62221, which ...

Security has been a painful issue for Microsoft on several occasions in recent years. However, the tech giant is now ...

Proof-of-concept exploit created by Microsoft has apparently leaked to the Internet. Possible sources of the leak: Microsoft security partners or an employee An attack exploiting a recently patched ...

Ransomware operators have found a way to exploit a Microsoft Windows-signed driver from Paragon Partition Manager, posing a threat to system security. This allows attackers to deploy the driver with ...

Update, August 10, 2025: This story, originally published on August 7, has been updated with additional information following a demonstration of the shared service principal exploit at the Black Hat ...

U.S. CERT issued a brief warning on its Web site Monday stating that the organization was "aware of active exploitation using malicious Microsoft Access databases." The U.S. CERT is the operational ...

The tech giant says the information was ‘shared between customers and Microsoft in email.’ The Russian state-sponsored threat actor known as Midnight Blizzard has been trying to exploit information ...

New computer code that exploits a recently disclosed hole in Microsoft Corp.’s Internet Explorer Web browser is circulating on the Internet and could allow remote attackers to take full control of ...