login.microsoftonline.com
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
-
Microsoft patches SharePoint flaw that could let authenticated attackers run code
Microsoft has patched a SharePoint remote code execution flaw tracked as CVE-2026-45659, saying an authenticated attacker with Site Member access could exploit it. The update covers several SharePoint Server versions.
-
Microsoft disrupts malware-signing service tied to ransomware groups
Microsoft said it disrupted a malware-signing service that abused its Artifact Signing platform to issue more than 1,000 fraudulent certificates used by ransomware gangs and other cybercriminals.
-
US commerce unit expands AI model testing agreements with Google, Microsoft and xAI
A US commerce unit has signed agreements with Google DeepMind, Microsoft and xAI to test frontier AI models before release, joining earlier deals with Anthropic and OpenAI as Washington weighs broader oversight.
-
Microsoft warns of exploited zero-click Windows flaw exposing sensitive data
Microsoft and CISA said attackers are exploiting CVE-2026-32202, a zero-click Windows flaw that can expose sensitive information. The issue stems from an incomplete fix for an earlier vulnerability linked to Russian espionage activity.
-
Microsoft says Windows Shell flaw was actively exploited after patch
Microsoft said a Windows Shell spoofing flaw was actively exploited after patching, with researchers linking the issue to an incomplete fix and a zero-click path that could expose NTLM credentials.
-
Microsoft patches critical ASP.NET Core flaw that could enable privilege escalation
Microsoft has issued an out-of-band fix for a critical ASP.NET Core vulnerability, CVE-2026-40372, that could let attackers elevate privileges and forge protected payloads under specific conditions.
-
Microsoft patches active SharePoint flaw in record 169-vulnerability update
Microsoft released patches for 169 vulnerabilities, including an actively exploited SharePoint spoofing flaw and a critical Windows IKE remote code execution bug. CISA added the SharePoint issue to its known exploited list.
-
New VENOM phishing attacks target Microsoft logins of senior executives
A new phishing-as-a-service platform called VENOM has been targeting Microsoft credentials of senior executives since at least last November, using personalized lures, QR codes and methods that can capture session tokens.
-
Microsoft issues emergency patch for Office zero-day CVE-2026-21509
Microsoft issued out-of-band patches for Office zero-day CVE-2026-21509, rated 7.8. Service-side protection covers newer builds and a registry workaround is provided for older Office versions. Federal agencies must remediate by February 16, 2026.
