Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload. The file, which was signed using a valid certificate issued to CyberLink Corp., is hosted on legitimate update infrastructure owned by the organization.

Today, Microsoft released patches for 64 different vulnerabilities in Microsoft products, 14 vulnerabilities in Chromium affecting Microsoft Edge, and five vulnerabilities affecting Microsoft's Linux distribution, Mariner. Three of these vulnerabilities are already being exploited, and three have been made public before the release of the patches.

Une récente attaque de QRishing a été détectée par Vade. Découvrez l’attaque en détail et les mesures à prendre pour protéger votre entreprise.

The company later restored access to the chatbot, which is owned by OpenAI.

Microsoft will launch digital watermarking tools to combat deep fakes and offer services to political campaigns for cybersecurity and using AI.

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability

Microsoft is making big changes to its cybersecurity approach. It comes after major cloud attacks in recent years and will mean an overhaul to how software is built inside Microsoft.

Octo Tempest employs tactics that many of its targets aren't prepared for.

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.

Discover how we’re securing authentication and reducing NTLM usage in Windows.

Windows users have recently begun mass-reporting that Microsoft's Defender antivirus program, which is integrated into Windows 10 and 11 by default, is

Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token

Bethesda's roadmap for the fiscal years starting in 2020 and ending in 2024 has made its way online as part of the documents leaked from the FTC v. Microsoft case.

A software repository on GitHub dedicated to supplying open-source code and AI models for image recognition was left open to manipulation by bad actors thanks to an insecure URL.

Microsoft will pay legal damages on behalf of customers using its artificial intelligence (AI) products if they are sued for copyright infringement for the output generated by such systems, the company said on Thursday.

US tech giant will assume customers’ liability for material created by AI assistants in Word and coding tools

Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.

Results of Major Technical Investigations for Storm-0558 Key Acquisition

Rep. Don Bacon tweeted Monday that he had been notified by the FBI that his emails had been hacked.