Microsoft threat intelligence

From Cybersecurity Help – Microsoft’s April 2025 Patch Tuesday tackles over 130 bugs, including actively exploited zero-day

Microsoft said the zero-day flaw has been exploited in the Storm-2460 ransomware attacks to deploy the PipeMagic malware. Read More

Samir K April 9, 2025

News

From Security Week – Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities

[[{"value":"Using the Security Copilot tool, Microsoft discovered 20 critical vulnerabilities in widely deployed open-source bootloaders. The post Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities appeared first on SecurityWeek."}]] Read More

shaikh Saqib April 2, 2025

News

From Cyber Security News – Microsoft Warns of Cyber Attack Mimic Booking .com To Deliver Password Stealing Malware

Microsoft Threat Intelligence has identified an ongoing phishing campaign impersonating Booking.com to deliver credential-stealing malware. The campaign, which began in December 2024, targets hospitality organizations in North America, Oceania, Asia,…

shaikh Saqib March 14, 2025

News

From Security Week – Microsoft Warns of Hospitality Sector Attacks Involving ClickFix

[[{"value":"A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. The post Microsoft Warns of Hospitality Sector Attacks Involving ClickFix appeared…

shaikh Saqib March 13, 2025

News

From Dark Reading – GitHub-Hosted Malware Infects 1M Windows Users

Microsoft has identified a complex, malvertising-based attack chain that delivered Lumma and other infostealers to enterprise and consumer PC users; the campaign is unlikely the last of its kind. Read More

shaikh Saqib March 10, 2025

News

From Cyber Security News – 1 Million Devices Infected by Malwares Hosted on GitHub, Microsoft Warns

Microsoft Threat Intelligence detected a large-scale malvertising campaign in early December 2024 that infected nearly one million devices globally in an opportunistic attack designed to steal information. The campaign impacted…

shaikh Saqib March 10, 2025

News

From Security Week – Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks

[[{"value":"Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days. The post Exploited VMware ESXi Flaws Put Many at…

shaikh Saqib March 6, 2025

News

From Cyber Security News – 12 Chinese Hackers Charged For Cyber Attacks on U.S Treasury

The U.S. Department of Justice (DOJ) unsealed indictments today against 12 Chinese nationals linked to state-sponsored cyber espionage campaigns targeting the U.S. Treasury Department, religious organizations, media outlets, and critical…

shaikh Saqib March 6, 2025

News

From Cyber Security News – 41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks

Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks. Broadcom patched the vulnerability in…

shaikh Saqib March 6, 2025

Vulnerabilities

From Cybersecurity Help – New XCSSET malware variant discovered targeting macOS users

The XCSSET variant comes with several enhanced features that make it harder to detect and mitigate. Read More

shaikh Saqib February 19, 2025

News

From Cyber Security News – Hackers Abusing Microsoft Teams Meeting Invites to Trick Victims for Gaining Access

In a sophisticated cyberattack campaign, a threat actor identified as Storm-2372 has been leveraging Microsoft Teams meeting invites to execute “device code phishing” attacks. This campaign, observed since August 2024,…

shaikh Saqib February 17, 2025

News

From Cyber Security News – New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack, attributed to a group called…

shaikh Saqib February 14, 2025

News

From Dark Reading – Microsoft: Russia’s Sandworm APT Exploits Edge Bugs Globally

Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world. Read More

shaikh Saqib February 12, 2025

Vulnerabilities

From Cybersecurity Help – Sandworm APT targets Ukraine with trojanized Microsoft KMS activation tools

The attackers utilized a BACKORDER loader to deploy DarkCrystal RAT. Read More

shaikh Saqib February 12, 2025

Vulnerabilities

From Cybersecurity Help – North Korean Kimsuky adopted a new tactic to infiltrate targets

The new tactic involves the threat actor tricking individuals into executing PowerShell commands as administrators. Read More

shaikh Saqib February 12, 2025