microsoft
Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware
New research has uncovered further links between the Black Basta and Cactus ransomware gangs, with members of both groups utilizing the same social engineering attacks and the BackConnect proxy malware for post-exploitation access to corporate networks. In January, Zscaler discovered a Zloader malware sample that contained what appeared to be a new DNS tunneling feature. Further research by […]
Broadcom fixes three VMware zero-days exploited in attacks
Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape […]
New Microsoft 365 outage impacts Teams, causes call failures
Microsoft is investigating a new Microsoft 365 outage that is affecting Teams customers and causing call failures. Since the incident started more than one hour ago, outage monitoring service Downdetector has received hundreds of reports, with affected users saying they’re also experiencing authentication problems. “Users may not be able to receive calls placed through Microsoft Teams-provisioned auto attendants and call […]
Microsoft confirms it’s killing off Skype in May, after 14 years
Microsoft has confirmed that the Skype video call and messaging service will be shut down in May, 14 years after replacing the Windows Live Messenger. A reader contacted GeekFeed, and shared that according to strings found in preview versions of Skype for Windows, the company will ask users to switch to Teams Free, with all their […]
Microsoft names cybercriminals behind AI deepfake network
Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content. An updated complaint identifies the individuals as Arian Yadegarnia from Iran (aka ‘Fiz’), Alan Krysiak of the United Kingdom (aka ‘Drago’), Ricky Yuen from Hong Kong, China […]
VSCode extensions with 9 million installs pulled over security risks
Microsoft has removed two popular VSCode extensions, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ from the Visual Studio Marketplace for allegedly containing malicious code. The two extensions are very popular, having been downloaded nearly 9 million times in total, with users now receiving alerts in VSCode that the extensions have automatically been […]
Windows 11 KB5052093 update released with 33 changes and fixes
Microsoft has released the February 2025 preview cumulative update for Windows 11 24H2, with 33 improvements and fixes for multiple issues, including SSH and File Explorer bugs and the volume jumping to 100% when waking the PC from sleep. KB5052093 is part of Microsoft’s monthly “optional non-security preview updates” schedule that lets Windows admins test new features, bug […]
Windows 10 KB5052077 update fixes broken SSH connections
Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH connections. When it first acknowledged the issue in November, the company said it affects a “limited number” of devices running Windows enterprise, IOT, and education editions, with Redmond […]
Microsoft tests ad-supported Office apps for Windows users
Microsoft has released ad-supported versions of its Office desktop apps, which have limited features but allow Windows users to edit their documents. While Microsoft allows customers to use Word, Excel, PowerPoint, and other Microsoft 365 apps for free with Office on the web, the company has not shared any information regarding these new ad-supported Office apps for […]
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it […]