News

If an attacker gets admin control over the on-premises Exchange server, they can forge authentication tokens or make API ...
July 21 (UPI) -- An investigation is underway after hackers used a security flaw in Microsoft software to internationally infiltrate agencies and businesses over the weekend.
Microsoft has urged its customers to be on high alert after discovering a dangerous vulnerability in hybrid Exchange ...
The researchers at Aim Security dubbed the flaw “EchoLeak.” Microsoft told Fortune that it has already fixed the issue in Microsoft 365 Copilot and that its customers were unaffected.
Microsoft has pointed the finger at three Chinese nation-state actors for exploiting the SharePoint vulnerabilities. Here's what we know about the security flaws and how to guard against future ...
Microsoft fixed 111 vulnerabilities, including a Windows Kerberos zero-day enabling full AD compromise via BadSuccessor.
Microsoft confirms Chinese hackers exploited a SharePoint flaw; Patches now available. Cloud-based Microsoft 365 not affected ...
Microsoft’s security advisory emphasizes that the emergency patches provide “more robust protections” compared to earlier fixes. CVE-2025-53770 offers enhanced security beyond the CVE-2025-49704 ...
Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control ...
UPDATED Microsoft has chosen not to tell customers about a recently patched vulnerability in M365 Copilot. The issue allowed ...
Parts of the federal enterprise are likely susceptible to the flaw that allows hackers to hijack on-premises versions of ...
Three Microsoft products were said to be affected: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Server 2016. SharePoint Online (Microsoft 365) is not affected.