Zero Day Quest 2026: $2.3 million awarded for vulnerability research

Protecting customers is at the core of Zero Day Quest. During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors. Together,...

K000154696: F5 Security Incident

We want to share information with you about steps we’ve taken to resolve a security incident at F5 and our ongoing efforts to protect our customers. In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from,...

Microsoft Bounty Program year in review: $17 million in rewards

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center MSRC, these security...

Trend Micro and CISA Secure-By-Design Pledge

Trend’s support reaffirms dedication to safeguarding products and customers...

Microsoft Bounty Program Year in Review: $16.6M in Rewards

We are excited to announce that this year the Microsoft Bounty Program has awarded $16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center MSRC. Each year we identify over a thousand potential...

CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry

A new vulnerability has been discovered in the Ivanti Standalone Sentry and patches remediating this vulnerability are available now. This vulnerability impacts all supported versions 9.17.0, 9.18.0, and 9.19.0. Older versions are also at risk. There is a patch available now via the standard...

Human Error: Casio ClassPad Data Breach Impacting 148 Countries

By Waqas If you are a Casio ClassPad customer, it is strongly recommended that you change your ClassPad password immediately to protect yourself. This is a post from HackRead.com Read the original post: Human Error: Casio ClassPad Data Breach Impacting 148 Countries...

Threat Roundup for September 22 to September 29

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Sept. 22 and Sept. 29. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Windows 11 and 10’s Snipping Tools Vulnerable to Data Exposure

By Waqas Microsoft has stated that they are aware of the issue and are investigating, adding that they will take action to help keep customers protected. This is a post from HackRead.com Read the original post: Windows 11 and 10s Snipping Tools Vulnerable to Data Exposure...

Threat Roundup for March 10 to March 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Microsoft threat intelligence presented at CyberWarCon 2022

At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates Microsoft Threat Intelligence...

Cisco stands on guard with our customers in Ukraine

As the Russia-led invasion intensifies, Ukraine is being attacked by bombs and bytes. Cisco is working around the clock on a global, company-wide effort to protect our customers there and ensure that nothing goes dark. Cisco Talos has taken the extraordinary step of directly operating security...

3.1M Neiman Marcus Customer Card Details Breached

Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just...

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center MSTIC alongside the Microsoft Security Response Center MSRC has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits CVE-2021-31979 and CVE-2021-33771. Private-sector offensiv...

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...

Threat Roundup for February 19 to February 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 19 and Feb. 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Threat Roundup for February 12 to February 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 12 and Feb. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Threat Roundup for January 29 to February 5

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 29 and Feb. 5. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threatsx we've observed by highlighting key behavioral characteristics...

Sophisticated cybersecurity threats demand collaborative, global response

Microsoft’s response to Solorigate Since December, the United States, its government, and other critical institutions including security firms have been addressing the world’s latest serious nation-state cyberattack, sometimes referred to as ‘Solorigate’ or ‘SUNBURST.’ As we shared earlier this i...

Threat Roundup for January 15 to January 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 15 and Jan. 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...