#microsoft-sharepoint-zero-day
#microsoft-sharepoint-zero-day

Privacy technologies

Microsoft faces fresh Windows Recall security concerns

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Information security

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Tech industry

Microsoft plans another out-of-band Windows fix

Microsoft is releasing an out-of-band update to fix installation errors from a problematic preview update.

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

21 hours ago

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other Vulnerabilities

Microsoft addressed 169 security flaws, including one actively exploited vulnerability, marking the second largest Patch Tuesday ever.

Privacy technologies

fromThe Verge

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Tech industry

Microsoft plans another out-of-band Windows fix

Microsoft is releasing an out-of-band update to fix installation errors from a problematic preview update.

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

more#microsoft

DevOps

fromAzure DevOps Blog

15 hours ago

One-click security scanning and org-wide alert triage come to Advanced Security - Azure DevOps Blog

New capabilities in Azure DevOps simplify application security with one-click CodeQL setup and a unified alerts experience for security teams.

Software development

1 hour ago

Security by Design prevents higher bills

Incorporating security during design reduces costs significantly compared to retrofitting security measures after development.

13 hours ago

Autovista blames ransomware for service disruption

"We know that getting this resolved quickly is important to you. Our top priority is to securely restore impacted applications, although we do not have a firm timeline on this yet."

EU data protection

Web frameworks

fromInfoQ

Empower Your Developers: How Open Source Dependencies Risk Management Can Unlock Innovation

Improving security in open-source dependencies is essential for effective risk management and innovation.

#cybersecurity

fromWIRED

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

fromYahoo Tech

Privacy technologies

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Information security

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

Information security

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

Cybersecurity developments include discussions on AI risks, new malware targeting crypto wallets, and collaboration among Japanese corporations to enhance security.

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

A severe vulnerability in EngageLab's EngageSDK affects cryptocurrency wallet apps, risking exposure of sensitive user information.

Silicon Valley

fromWIRED

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA added six security flaws to its KEV catalog due to evidence of active exploitation.

Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

A critical zero-day vulnerability in Adobe Acrobat Reader is actively exploited, alongside state-sponsored cyber threats targeting U.S. infrastructure.

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

Cybersecurity developments include discussions on AI risks, new malware targeting crypto wallets, and collaboration among Japanese corporations to enhance security.

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

A severe vulnerability in EngageLab's EngageSDK affects cryptocurrency wallet apps, risking exposure of sensitive user information.

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.

Software development

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.

Adobe finally patches PDF pest after months of abuse

Adobe released a patch for a critical zero-day vulnerability in Acrobat and Reader that allowed arbitrary code execution via malicious PDFs.

Adobe Patches Reader Zero-Day Exploited for Months

Adobe released emergency patches for a critical zero-day vulnerability in Acrobat and Reader that has been exploited for several months.

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe released emergency updates for a critical security flaw in Acrobat Reader that is actively exploited, allowing arbitrary code execution.

Information security

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

Information security

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

fromSecuritymagazine

McGraw Hill Data Breach Caused by Salesforce Misconfiguration

McGraw Hill experienced a data breach linked to a Salesforce misconfiguration, with ShinyHunters claiming to have stolen 45 million records.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

19 hours ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

12 hours ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

20 hours ago

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

12 hours ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

fromInfoQ

Information security

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

22 hours ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

fromTNW | Anthropic

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

22 hours ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

SAP Patches Critical ABAP Vulnerability

SAP released 20 new and updated security notes addressing critical vulnerabilities, including a severe SQL injection flaw with a CVSS score of 9.9.

15 hours ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Gadgets

Microsoft's latest update patches six zero-days and two critical flaws - but is it another buggy mess?

Information security

6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates

Gadgets

Microsoft's latest update patches six zero-days and two critical flaws - but is it another buggy mess?

Information security

6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

fromFinbold

Kraken insider extortion reveals remote work security blind spot

"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.

Information security

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

Two different attackers poisoned popular open source tools

Two major supply chain attacks in March compromised open source tools, stealing data from numerous organizations.

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A critical flaw in the EngageLab SDK allowed malicious apps to exploit trusted permissions, affecting over 50 million Android users.

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

fromNextgov.com

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

1 week ago

'BlueHammer' Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A security researcher released exploit code for a Windows zero-day vulnerability called BlueHammer, allowing privilege escalation without an official Microsoft patch.

1 week ago

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

3 weeks ago

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

3 weeks ago

Unknown attackers exploit another critical SharePoint bug

Unknown attackers are actively exploiting CVE-2026-20963, a critical Microsoft SharePoint deserialization vulnerability that enables unauthenticated remote code execution, prompting CISA to mandate federal agency patching within three days.

3 weeks ago

CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability

Microsoft SharePoint vulnerability CVE-2026-20963, a critical remote code execution flaw, is being exploited in the wild despite Microsoft's assessment indicating exploitation is less likely.

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

This month, over half (55%) of all Patch Tuesday CVEs were privilege escalation bugs, and of those, six were rated exploitation more likely across Windows Graphics Component, Windows Accessibility Infrastructure, Windows Kernel, Windows SMB Server, and Winlogon. We know these bugs are typically used by threat actors as part of post-compromise activity, once they get onto systems through other means (social engineering, exploitation of another vulnerability).

Information security

Microsoft Patches 83 Vulnerabilities

Microsoft released 83 vulnerability patches in March 2026, including one critical remote code execution flaw and several privilege escalation bugs requiring attention.

#zero-day-vulnerabilities

Critical Microsoft Excel bug weaponizes Copilot Agent

March's Microsoft Patch Tuesday released 83 CVEs with only two publicly known and none under active exploitation, including a critical zero-click Excel vulnerability that weaponizes Copilot Agent to exfiltrate data.

Information security

Google: Half of 2025's 90 Exploited Zero-Days Aimed at Enterprises

Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech | TechCrunch

Nearly half of tracked zero-day vulnerabilities in 2024 targeted enterprise devices, with security infrastructure like firewalls and VPNs being primary targets for hackers seeking corporate data access.

Information security

Google: Half of 2025's 90 Exploited Zero-Days Aimed at Enterprises

more#zero-day-vulnerabilities

Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech | TechCrunch

#microsoft-office

fromComputerworld

Information security

Fixes released for a serious Microsoft Office zero-day flaw

Information security

Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP

fromComputerworld

Information security

Fixes released for a serious Microsoft Office zero-day flaw

#microsoft-security-updates

Information security

Use Microsoft Office? Hackers can infect your PC with a malicious document - patch it ASAP

more#microsoft-office

Information security

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Information security

Microsoft's February Patch Tuesday Fixes 6 Zero-Days Under Attack

Information security

Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

more#microsoft-security-updates

Information security

Microsoft's February Patch Tuesday Fixes 6 Zero-Days Under Attack

#cve-2026-21509

Information security

Microsoft Issues Emergency Patch for Active Office Zero-Day

Information security

Office zero-day exploited, forces Microsoft OOB patch

Information security

Microsoft Issues Emergency Patch for Active Office Zero-Day

Information security

Office zero-day exploited, forces Microsoft OOB patch

more#cve-2026-21509

#microsoft-patch-tuesday

Information security

Microsoft reports six actively exploited zero days in Patch Tuesday

Information security

February Patch Tuesday: Microsoft drops six zero-days | Computer Weekly

Information security

Microsoft reports six actively exploited zero days in Patch Tuesday

more#microsoft-patch-tuesday

Information security

February Patch Tuesday: Microsoft drops six zero-days | Computer Weekly

Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users | TechCrunch

Microsoft released fixes for actively exploited Windows and Office zero-day vulnerabilities that enable one-click remote code execution and malware installation.

Phishing attacks abuse SharePoint, target energy orgs

Attackers used SharePoint-based phishing to steal credentials, compromise energy-sector email accounts, and send hundreds of phishing messages from hijacked inboxes.

Microsoft closes Teams leak that allowed access without authentication

A critical improper access control vulnerability in Microsoft Teams allowed unauthenticated attackers to obtain network information; Microsoft resolved it server-side with no user action required.

#ivanti-epmm

Information security

Ivanti Patches Exploited EPMM Zero-Days

Information security

Ivanti's January bad luck continues as 0-days hit customers

Information security

Ivanti Patches Exploited EPMM Zero-Days