Microsoft has confirmed that a hacker who successfully exploits a zero-day SQL vulnerability could gain system administrator privileges. Here’s how to fix it.

Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, ...

A new report out today from Aim Security Ltd. reveals the first known zero-click artificial intelligence vulnerability that could have allowed attackers to exfiltrate sensitive internal data without ...

For a change, there's little in this month's Patch Tuesday that should cause panic, according to security experts.

Microsoft issues emergency patch for a critical WSUS flaw enabling remote code execution CVE-2025-59287 allows unauthenticated attackers to gain SYSTEM privileges without user interaction An ...

Security researchers warn that threat groups are exploiting Microsoft's OAuth device code authentication to bypass multi-factor protection and hijack enterprise accounts. The technique, with ...

A Windows Remote Desktop exploit is reportedly being sold on the dark web for $220,000, but Microsoft already patched the flaw.

Microsoft has released its March 2026 Patch Tuesday security updates, fixing at least 77 vulnerabilities across Windows operating systems and ...

Update, August 10, 2025: This story, originally published on August 7, has been updated with additional information following a demonstration of the shared service principal exploit at the Black Hat ...

Microsoft is once again in the cybersecurity spotlight, acknowledging Tuesday morning that hackers linked to China are among those exploiting vulnerabilities in on-premises SharePoint software, the ...

Microsoft announced new or improved AI security agents at Ignite. Security agent functionality is surfaced within Microsoft's relevant management portal. The agents are free to all Copilot Security ...

PCWorld reports that Microsoft issued emergency updates for a critical zero-day vulnerability (CVE-2026-21509) in Office that attackers exploited against Ukrainian authorities and EU institutions. The ...