Vulnerable U logo
Vulnerable U
Sponsors
Subscribe
  • Vulnerable U
  • Topics
  • Microsoft

Microsoft

Mental HealthApacheMicrosoftcybercrimeMalwareChinaIranVulnerabilityLinuxAINewsIoTGovernmentHardwareAndroidRansomwareAppleRussiaNewsletterGoogledata breachGuides
MicrosoftMicrosoft
+2+2
Void Blizzard hackers raid NATO cloud tenants with Evilginx phishing
May 28, 2025

Void Blizzard hackers raid NATO cloud tenants with Evilginx phishing

The new Microsoft report links the Russia-backed group to cookie-theft proxies and mass mailbox exports across critical sectors in Europe and North America.

Matt Johansen
Matt Johansen
MicrosoftMicrosoft
+2+2
World’s Largest Infostealer Malware Disrupted: Lumma Stealer Crackdown
May 21, 2025

World’s Largest Infostealer Malware Disrupted: Lumma Stealer Crackdown

Microsoft Seizes 2,300 Lumma Stealer Domains in Global Takedown. Here's what you need to know.

Matt Johansen
Matt Johansen
MicrosoftMicrosoft
+1+1
Microsoft Disrupts Huge Malvertising Campaign
Mar 07, 2025

Microsoft Disrupts Huge Malvertising Campaign

Newsroom
Newsroom
MicrosoftMicrosoft
+1+1
Exploits Target Office CVE-2024-21413 Flaw Microsoft Patched a Year Ago
Feb 07, 2025

Exploits Target Office CVE-2024-21413 Flaw Microsoft Patched a Year Ago

The flaw can lead to remote code execution

Newsroom
Newsroom
MicrosoftMicrosoft
+1+1
Thousands of ASP.NET Sites at Risk from Publicly Exposed Machine Keys
Feb 06, 2025

Thousands of ASP.NET Sites at Risk from Publicly Exposed Machine Keys

Microsoft warns that over 3,000 publicly disclosed ASP.NET machine keys could enable ViewState code injection attacks, leading to remote code execution.

Matt Johansen
Matt Johansen
MicrosoftMicrosoft
+1+1
Zero-Click OLE RCE (CVE-2025-21298) - Microsoft Outlook Impacted
Jan 23, 2025

Zero-Click OLE RCE (CVE-2025-21298) - Microsoft Outlook Impacted

Simply previewing a malicious RTF file in Microsoft Outlook can trigger the exploit—no additional clicks needed.

Newsroom
Newsroom
MicrosoftMicrosoft
+1+1
Microsoft Patches CVE-2024-49138 Windows Zero Day
Dec 13, 2024

Microsoft Patches CVE-2024-49138 Windows Zero Day

The bug is in one of the drivers in Windows and is under active exploitation

Newsroom
Newsroom
MicrosoftMicrosoft
+2+2
Russian APT Secret Blizzard Piggybacks on Other Groups' Infrastructure
Dec 05, 2024

Russian APT Secret Blizzard Piggybacks on Other Groups' Infrastructure

The FSB-affiliated group has taken over other APT teams' C2 servers and tools

Newsroom
Newsroom
MicrosoftMicrosoft
+1+1
Russian Group RomCom Used Firefox, Windows Zero Days in Recent Attacks
Nov 26, 2024

Russian Group RomCom Used Firefox, Windows Zero Days in Recent Attacks

The RomCom attackers used two zero days to target companies worldwide

Newsroom
Newsroom
MicrosoftMicrosoft
+1+1
Microsoft Wants You to Hack Its AI
Nov 19, 2024

Microsoft Wants You to Hack Its AI

Microsoft is launching a new addition to its bug bounty program, along with a new, invitation-only hacking contest

Newsroom
Newsroom
MicrosoftMicrosoft
+1+1
Microsoft Fixes Exploited Windows Task Scheduler Bug
Nov 12, 2024

Microsoft Fixes Exploited Windows Task Scheduler Bug

Microsoft has fixed an important-severity EoP bug in Windows Task Scheduler (CVE-2024-49039), which is being exploited in attacks.

Newsroom
Newsroom
MicrosoftMicrosoft
+1+1
New Midnight Blizzard Campaign Uses RDP Files to Gain Access
Oct 29, 2024

New Midnight Blizzard Campaign Uses RDP Files to Gain Access

Microsoft researchers have identified a new spear-phishing campaign by Russian threat actor Midnight Blizzard.

Newsroom
Newsroom
Infosec's favorite weekly newsletter for news, tools, and tips with 28,000+ CISOs, founders, change-makers, and straight up hackers.

Vulnerable U

Infosec's favorite weekly newsletter for news, tools, and tips with 28,000+ CISOs, founders, change-makers, and straight up hackers.

Home

Posts

Authors

Sponsors

Sponsors

© 2025 Vulnerable U.

Privacy policy

Terms of use