Security Bulletin

Acquisition of warrants in August enabled the U.S. Department of Justice and FBI to remotely target PlugX-impacted systems with a self-destruct command that not only removed malware files and registry keys but also established a temporary script to...

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4...

In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.

In a whitepaper, the AI Red Team describes its methodology and offers guidance for security teams.

The patch dump is the largest from Microsoft in over half a decade.

Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.

The acquisition accelerates 1Password's ongoing efforts to expand the role of the password manager with secure SaaS management.

Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.

Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.

Security pros call any bypass of SIP security significant – advise teams to patch right away.

An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.