In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log ...

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the ...

A new social engineering campaign is abusing fake CAPTCHA verification pages to trick Windows users into launching StealC information-stealing malware. The attack relies on compromised websites that ...

Each month, the team at Readiness analyzes the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. The company’s Patch Tuesday release for February ...

A threat actor with a sophisticated variant of the ClickFix attack is tricking users into installing malware on their systems. Unlike typical ClickFix scams that use fake security alerts or CAPTCHAs ...

To tackle that, Microsoft has started rolling out protections designed to prevent information disclosure attacks that could expose Kerberos service tickets using weak or legacy encryption, including ...

Pass The test ran successfully. Xfail The test was expected to fail and it failed. It must be properly justified and reported in an issue. Skip The test was not run. It must be properly justified and ...

Microsoft is finally ripping out one of the weakest links in its identity stack, cutting off a legacy cipher that attackers have abused for years to walk straight into corporate networks. The move ...

About time: Microsoft introduced support for the RC4 stream cipher in Windows 2000 as the default authentication algorithm for the Active Directory services. The system has been insecure for even ...