Microsoft
Curated coverage and analysis in this editorial area.
Microsoft Refuses to Patch Windows Search URI Flaw Enabling NTLM Hash Theft
Huntress has disclosed an unpatched vulnerability in the Windows search: URI handler that allows attackers to steal NTLMv2 hashes via…
Cybanetix Launches Managed AI Service: AI-Native MDR Powered by Four-Vendor Stack
Cybanetix has unveiled its Managed AI Service, integrating NOMA, SentinelOne, Microsoft, and Exabeam under a unified 24/7 SOC with a s…
Microsoft Patched a Critical SharePoint RCE but Omitted the CVE from Official Documentation
CVE-2026-45659, a CVSS 8.8 SharePoint Server RCE, was missing from Microsoft’s May 2026 security update list. While the patch was dist…
Poisoned AI Chatbots: A New Vector for High-Performance GPU Cryptojacking
Microsoft has identified an active campaign that manipulates AI chatbot recommendations to distribute GPU-based cryptojacking malware…
Windows Hit by Post-Patch Tuesday Zero-Day Blitz
Security researcher Chaotic Eclipse has disclosed three new Windows zero-day vulnerabilities following the May 2026 Patch Tuesday. To…
YellowKey: Microsoft Issues Emergency Mitigations for BitLocker Bypass
Microsoft issued temporary mitigations on May 20 for CVE-2026-45585, a BitLocker bypass vulnerability exploited through the Windows Re…
CISA Adds Microsoft Defender DoS Flaw to KEV Catalog with June 3 Deadline
CISA has added CVE-2026-45498, a Denial of Service vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities catalog…
CVE-2026-41091: Microsoft Defender Engine Exploited for SYSTEM Privilege Escalation
A link-following vulnerability in the Microsoft Malware Protection Engine enables local privilege escalation to SYSTEM. An analysis of…
May 2026 Patch Tuesday: 137 Flaws and the Domain Controller Threat
Microsoft's May 2026 security update addresses 137 vulnerabilities, including 31 critical flaws. While no zero-days were reported, una…
M365 Phishing: How Kali365 and EvilTokens Bypass MFA Without Passwords
Two emerging Phishing-as-a-Service (PhaaS) platforms are leveraging device code phishing and OAuth consent abuse to hijack Microsoft 3…
Microsoft Defender Zero-Days Under Active Attack; CISA Mandates Patching by June 3
Microsoft has confirmed that two vulnerabilities in Microsoft Defender are being actively exploited in the wild. CISA has added both f…
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agent Workflows
Microsoft has unveiled two open-source security tools for AI agents: RAMPART, a Pytest-native framework for build-time testing, and Cl…