All CosmicBytez Labs articles tagged #Microsoft, across news, security advisories, how-to guides, and projects.
Security researcher Chaotic Eclipse released LegacyHive, a proof-of-concept exploit for a Windows User Profile Service privilege escalation vulnerability, just hours after Microsoft's July 2026 Patch Tuesday release.
Microsoft has detailed three distinct attack paths used by actors aligned with ShinyHunters to infiltrate corporate Salesforce environments over the past year — none of which required exploiting any vulnerability in the Salesforce platform itself.
Microsoft's July 2026 Patch Tuesday fixes CVE-2026-56155, an actively exploited privilege escalation flaw in Active Directory Federation Services. Attackers exploit overly permissive ACLs on the DKM container to forge SAML tokens and compromise hybrid identity infrastructure. CISA added it to KEV with a July 28 federal deadline.
Varonis has launched Breach at the Beach, a free hands-on Capture the Flag competition designed to teach defenders how attackers abuse Microsoft Entra ID through realistic attack scenarios — from privilege escalation to lateral movement across identity systems.
Researcher 'Nightmare-Eclipse' published a proof-of-concept exploit for a Windows Defender vulnerability in early June after dropping several other...
A new ransomware strain dubbed 'GodDamn' is leveraging a Microsoft-signed malicious kernel driver through the Bring Your Own Vulnerable Driver technique...
Microsoft has patched a Windows Defender zero-day vulnerability dubbed RoguePlanet after researcher 'Nightmare-Eclipse' released a working...
Microsoft has dissected GigaWiper, a destructive Windows backdoor that combines three distinct destructive capabilities — full disk wiping, fake...
Cisco Talos has uncovered ARToken, a Phishing-as-a-Service platform affiliated with EvilTokens that weaponizes Microsoft's OAuth device code flow to...
A critical open redirect vulnerability in Microsoft 365 Copilot rated CVSS 9.3 enables unauthenticated attackers to perform privilege escalation over the...
CISA added CVE-2026-45659 to its Known Exploited Vulnerabilities catalog, confirming active in-the-wild exploitation of a high-severity SharePoint...
CISA has added a high-severity Microsoft SharePoint Server remote code execution vulnerability to its Known Exploited Vulnerabilities catalog following...
The Microsoft Defender vulnerability CVE-2026-33825 was actively exploited as a zero-day by ransomware groups before Microsoft had the chance to release a...
CISA has confirmed that ransomware gangs are actively exploiting BlueHammer, a Microsoft Defender privilege escalation vulnerability previously used in...
Microsoft uncovered a fake Perplexity AI Chrome extension that silently captured every search query and address bar keystroke, routing the data to an...
Microsoft and Europol dismantled both StealC and Amadey simultaneously in a single RICO filing — the first time a court-authorized takedown has targeted...
Zscaler researchers exposed 'Edgecution', a rogue Microsoft Edge extension that exploits Chrome's Native Messaging protocol to escape the browser sandbox...
A two-week joint operation by Microsoft and Europol dismantled three major malware-as-a-service platforms — StealC, Amadey, and SocGholish — seizing 326...
A coordinated law enforcement operation backed by Bitdefender, Bitsight, ESET, and Microsoft has dismantled the infrastructure powering Amadey and StealC,...
Microsoft, Europol, and international law enforcement partners have dismantled infrastructure supporting the Amadey malware loader and StealC infostealer...
A malicious Microsoft Edge extension dubbed 'Edgecution' abused the Native Messaging API to escape the browser sandbox and deliver a Python backdoor used...
Microsoft and Europol jointly targeted the full CaaS supply chain, seizing 300+ servers and disrupting SocGholish, Amadey, and StealC malware infrastructure.
Microsoft has patched the AutoJack vulnerability chain in AutoGen Studio, its AI agent prototyping interface, which allowed attackers to manipulate agents...
Microsoft has confirmed Windows 11 version 26H2 as the next feature update, with devices running 24H2 and 25H2 able to upgrade via a lightweight...
Microsoft's June 2026 Patch Tuesday addressed nearly 200 security vulnerabilities — the highest single-month patch count in the company's history —...
Microsoft has attributed a 88-minute automated supply chain attack against 142 Mastra AI npm packages — with over 1.1 million combined weekly downloads —...
A bug introduced by June 2026 security updates causes Windows to display internal $R filenames instead of original filenames in the Recycle Bin deletion...
Microsoft researchers have detailed AutoJack, a novel exploit chain that turns AI browsing agents into delivery vehicles for remote code execution by...
Microsoft Threat Intelligence has exposed a cryptocurrency clipboard-hijacking campaign active since February 2026 that spreads via malicious USB LNK...
Security researchers have uncovered a DragonForce ransomware attack deploying a new Go-based backdoor that uses Microsoft Teams relay infrastructure for...
Microsoft has confirmed it is developing a security patch for the RoguePlanet zero-day vulnerability in Windows Defender, disclosed publicly last week,...
North Korean state-sponsored group APT37 (ScarCruft) is conducting spear-phishing campaigns impersonating Microsoft Account security notifications to...
DragonForce ransomware operators deployed a custom implant called Backdoor.Turn to camouflage command-and-control communications inside legitimate...
Researchers disclosed SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows attackers to steal sensitive data from a...
This week's security roundup covers Google's controversial security team layoffs, Europol's dismantling of the AudiA6 ransomware crypto laundering...
Microsoft has released a patch for CVE-2026-42897, an Exchange Server zero-day that has been under active exploitation since at least May 14, 2026. The...
Anonymous researcher Chaotic Eclipse released a PoC exploit for a new Microsoft Defender zero-day named RoguePlanet. The race condition flaw grants SYSTEM...
Microsoft's June 2026 Patch Tuesday is the largest single release on record, fixing 206 vulnerabilities across its software portfolio — including three...
Microsoft's June 2026 Patch Tuesday fixes three actively exploited Windows zero-days: two SYSTEM privilege escalation flaws and a BitLocker bypass...
A critical out-of-bounds read and write vulnerability in the Chromium V8 engine allows remote attackers to execute arbitrary code inside a sandbox via a...
Microsoft's GitHub presence has become the latest target of the self-replicating Miasma supply chain worm, with 73 repositories across Azure, Azure-Samples…
Chinese espionage group UNC5221 is actively using the Brickstorm backdoor alongside two newly discovered malware families — Plenet and AgentPSD — to maintain…
A single development-mode setting left in production code bypassed Android protections designed to prevent unauthorized apps from accessing Microsoft account…
Microsoft announced Coreutils for Windows at Build 2026, bringing widely used Linux command-line utilities — ls, grep, cat, awk, and more — to Windows as…
Following intense backlash from the security research community over Microsoft's removal of GitHub researcher accounts and statements labeling zero-day…
After a disgruntled security researcher published several unpatched zero-day exploits in recent weeks, Microsoft seemingly indicated that criminal charges…
Microsoft publicly condemned unauthorized zero-day disclosures as 'never justifiable' after a security researcher published working proof-of-concept...
Microsoft condemns uncoordinated public zero-day disclosure, urging the security community to adopt CVD after removing a researcher's GitHub account.
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems where domain controller lookups fail after installing the KB5087537 May 2026.
Microsoft has released updates fixing CVE-2026-45659, a CVSS 8.8 remote code execution vulnerability in SharePoint Server that requires no specialized.
The FBI has published an advisory on Kali365, a Telegram-based phishing-as-a-service platform that captures legitimate OAuth tokens to gain persistent...
Microsoft has disclosed two Windows Defender vulnerabilities under active exploitation in the wild, including CVE-2026-41091 — a privilege escalation flaw...
Microsoft has issued emergency patches for two Windows Defender vulnerabilities that were actively exploited as zero-days before fixes were available....
Microsoft has disrupted a malware-signing-as-a-service operation that exploited the company's Artifact Signing service to produce fraudulent code-signing...
A zero-day XSS vulnerability in Microsoft Exchange Server (CVE-2026-42897) is being actively exploited in the wild, allowing attackers to compromise...
A new Windows kernel privilege escalation zero-day dubbed MiniPlasma, released by researcher Chaotic Eclipse, grants SYSTEM-level access on fully patched...
Microsoft is reversing course on a controversial Edge browser behavior that loaded all saved passwords into process memory in cleartext at startup — a...
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed MiniPlasma that lets attackers gain...
The Tycoon2FA phishing-as-a-service platform has added device-code phishing to its arsenal and abuses Trustifi click-tracking URLs to bypass Microsoft 365...
A security researcher claims Microsoft silently patched an Azure Backup for AKS vulnerability after rejecting his disclosure report — issuing no CVE and...
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions actively being targeted...
On day two of Pwn2Own Berlin 2026, competitors demonstrated 15 unique zero-day vulnerabilities and collected $385,750 in awards, successfully exploiting...
Microsoft shared mitigations for a high-severity Exchange Server vulnerability being actively exploited that allows threat actors to execute arbitrary...
An anonymous researcher has publicly disclosed two new unpatched Windows zero-days — YellowKey enabling BitLocker bypass and GreenPlasma targeting CTFMON...
Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities including nine critical flaws — but for the first time in two years, not a single...
Microsoft's May 2026 Patch Tuesday delivers security updates for 120 vulnerabilities across Windows, Edge, Office, Azure, and more — with no zero-days...
Microsoft's May 2026 Patch Tuesday addresses 138 security vulnerabilities across its product portfolio, including 30 rated Critical — with notable DNS...
A cybersecurity researcher has published proof-of-concept exploits for two unpatched Windows vulnerabilities — YellowKey (BitLocker bypass) and...
Microsoft is testing a redesigned Run dialog for Windows 11 that brings dark mode support and improved performance over the legacy Win+R dialog that has...
CISA has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog — CVE-2024-1708 affecting ConnectWise ScreenConnect...
Following the April 2026 Patch Tuesday, Microsoft has made broadly available a new MDM policy setting that enables IT administrators to fully uninstall...
Microsoft patched 77 security vulnerabilities in March 2026 with no actively exploited zero-days, a welcome reprieve following February's five-zero-day...
Microsoft released patches for 167 security vulnerabilities in April 2026, including an actively exploited SharePoint Server zero-day and the publicly...
Microsoft is rolling out a revamped Windows Insider Program experience as part of broader plans to address performance and reliability concerns affecting...
Microsoft is rolling out passkey support for phishing-resistant passwordless authentication to Microsoft Entra-protected resources from Windows devices...
Microsoft is rolling out Windows Update improvements that give users more control over how updates are installed while reducing disruption from frequent...
A critical privilege escalation vulnerability in Microsoft Partner Center allows an authorized attacker to elevate their privileges over a network,...
A critical server-side request forgery vulnerability in Microsoft Dynamics 365 (Online) allows an unauthenticated remote attacker to perform spoofing over...
Microsoft is rolling out a new Efficiency Mode for Microsoft Teams that automatically throttles CPU and memory usage on hardware-constrained devices,...
More than 1,300 internet-facing Microsoft SharePoint servers remain unpatched against a spoofing vulnerability exploited as a zero-day, with active...
Microsoft released out-of-band updates to address critical issues affecting Windows Server systems that emerged after the installation of April 2026 Patch...
Microsoft's April 2026 Patch Tuesday addressed 169 CVEs — the second-largest monthly update in company history — including one actively exploited...
Microsoft's April 2026 Patch Tuesday addresses a record 169 security vulnerabilities including a SharePoint zero-day actively exploited in the wild, 8...
Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot would have allowed unauthenticated attackers to exfiltrate sensitive CRM...
This week's threat roundup covers an unpatched Microsoft Defender zero-day, active SonicWall brute-force campaigns, a 17-year-old Excel RCE vulnerability...
Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities that allow attackers to gain SYSTEM or elevated...
Huntress is warning that threat actors are actively exploiting three privilege escalation vulnerabilities in Microsoft Defender — codenamed BlueHammer,...
Microsoft has suspended developer accounts used to maintain several prominent open-source projects without prior notice or a quick reinstatement path,...
An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...
Microsoft has raised the alarm over Medusa ransomware's unprecedented operational speed, with the group now exploiting zero-day vulnerabilities before...
Microsoft says the financially motivated cybercrime group Storm-1175, linked to China, has exploited N-day and zero-day vulnerabilities in high-velocity...
A security researcher operating under the aliases 'Chaotic Eclipse' and 'Nightmare-Eclipse' has publicly released exploit code for an unpatched Windows...
Microsoft warns that Medusa ransomware operators are exploiting zero-day vulnerabilities approximately one week before public disclosure, enabling the...
Microsoft has formally attributed Medusa ransomware zero-day attacks to Storm-1175, a China-based financially motivated cybercriminal group that has...
Microsoft Defender researchers have documented a stealthy PHP web shell technique that uses HTTP cookies as a covert command-and-control channel on Linux...
Microsoft has begun automatically upgrading unmanaged Windows 11 Home and Pro devices from 24H2 to 25H2, removing user choice from the update process for...
A critical server-side request forgery vulnerability in Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over...
CISA added actively exploited Zimbra Collaboration Suite and Microsoft SharePoint vulnerabilities to its Known Exploited Vulnerabilities catalog on March...
Microsoft has published a multi-step recovery procedure for Samsung Galaxy Book 4 laptops running Windows 11 24H2/25H2 where the Samsung Galaxy Connect...
Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area, reversing a bundling...
A cyberattack on medical technology giant Stryker remotely wiped tens of thousands of employee devices using only legitimate Microsoft tools — no malware...
Microsoft is investigating a new bug affecting Samsung laptops after the February 2026 security update — some users are unable to access their C: drive...
Microsoft has pushed an out-of-band hotpatch (KB5084597) to Windows 11 Enterprise devices to address three integer-overflow RCE flaws in RRAS, one rated...
An international coalition led by Europol and Microsoft has taken down Tycoon2FA, a phishing-as-a-service platform responsible for 87.5 million phishing...
An actively exploited protection mechanism failure in the Windows MSHTML (Trident) engine allows attackers to bypass browser security zones and shell...
An actively exploited zero-day in Microsoft Word allows attackers to bypass OLE protections and execute malicious Office documents silently, without...
Microsoft's February 2026 Patch Tuesday addresses roughly 60 vulnerabilities including six actively exploited zero-days across Windows, Office, and Azure...
A maximum-severity code injection vulnerability in Microsoft's Semantic Kernel Python SDK allows authenticated attackers to execute arbitrary code through...
Indian conglomerate Adani announces a massive $100 billion investment to develop renewable energy-powered AI data centers across India, partnering with...
Microsoft's Defender team tracked over 50 unique prompt injection payloads from 31 companies using 'Summarize with AI' buttons to manipulate chatbot...
Multiple high-severity command injection vulnerabilities discovered in GitHub Copilot extensions for VS Code, Visual Studio, and JetBrains could allow...
Microsoft's February 2026 Patch Tuesday addresses 60 vulnerabilities including 6 actively exploited zero-days and 3 publicly disclosed issues, with...
Microsoft 365 admin center is experiencing degraded access across North America, just days after a major Azure infrastructure outage knocked out VMs, AKS,...
Actively exploited Windows Shell vulnerability bypasses SmartScreen protection, allowing malicious files to execute without security warnings. Patch...
A server-side request forgery vulnerability in Exchange Server is being chained with deserialization flaws for unauthenticated remote code execution....
CISA has updated the Known Exploited Vulnerabilities catalog with four actively exploited flaws including Microsoft Office and SmarterMail vulnerabilities.
New AI-powered threat detection and automated incident response capabilities coming to Microsoft 365 E5 subscribers this quarter.
Microsoft reveals adversaries using AI for automated vulnerability discovery, phishing campaigns, and malware generation. AI-crafted phishing emails...
Microsoft's first security update of 2026 addresses 114 vulnerabilities including three zero-days. One flaw is actively exploited in the wild with CISA...