Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63...

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below - CVE-2019-17571 CVSS score: 9.8 - A code injection vulnerability in SAP Quotation Management...

June 2025 Patch Tuesday: Microsoft Fixes 66 Bugs, Including Active 0-Day

June 2025 Patch Tuesday fixes 66 bugs, including a zero-day in WebDAV. Update Windows, Office, and more now to block active threats...

PT-2025-15500

Name of the Vulnerable Software and Affected Versions: Windows Kerberos affected versions not specified Description: The issue is related to improper input validation in Windows Kerberos, allowing an unauthorized attacker to elevate privileges over a network. Microsoft has released patches in Apr...

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 CVSS score: 8.6 - Microsoft Bing Remote Code Execution Vulnerability...

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a...

NetBIOS Response BadTunnel Brute Force Spoof (NAT Tunnel)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Response "BadTunnel" Brute Force Spoof NAT Tunnel', 'Description' = %q This module listens for a NetBIOS name request and then continuous...

You Should Update Apple iOS and Google Chrome ASAP

Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more...

A week in security (December 11 – December 17)

Last week on Malwarebytes Labs: PikaBot distributed via malicious search ads Chrome starts the countdown to the end of tracking cookies Apple to introduce new feature that makes life harder for iPhone thieves Recently-patched Apache Struts vulnerability used in worldwide attacks ALPHV ransomware...

A week in security (June 12 - 18)

Last week on Malwarebytes Labs: MOVEit discloses THIRD critical vulnerability Fake security researchers push malware files on GitHub LockBit ransomware advisory from CISA provides interesting insights Microsoft fixes six critical vulnerabilities in June Patch Tuesday Update Chrome now! Google fix...

A week in security (March 7 – March 13)

Last week on Malwarebytes Labs: The struggle to reduce bug-fixing time is real Update now! Mozilla patches two actively exploited vulnerabilities Google takes on Docs notification spammers When fake dating profiles try the military approach Azure AutoWarp brings automation headaches RagnarLocker...

What’s New in InsightVM: Q2 2021 in Review

The world is changing rapidly. We hear that phrase a lot. Throughout Q2 though, it really is true. Vaccines have been rolling out, to varying success depending on the part of the world, but there is optimism. As Rapid7 offices begin to open up to our hard-working team members around the globe, we...

Microsoft Exchange Hackers Also Breached European Banking Authority

The European Banking Authority EBA on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal da...

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency CISA has issued an emergency directive warning of "active exploitation" of the vulnerabilities. T...

Citrix Interoperability Validation

Microsoft Product Updates Microsoft Security Patch Validation Reports 2025| 2024| 2023 ---|---|--- January| January| January February| February| February March| March| March April| April| April May| May| May | June| June | July| July | August| August | September| September | October| October |...

PT-2020-2696 · Microsoft · Visual Studio Code +2

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: A remote code execution issue exists when the Python extension loads workspace settings from a notebook file. This is due to insufficient input validation, which can allow an...

The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue

Update 11/04/2019: There have been several public reports of active exploitation of CVE-2019-0708, commonly referred to as “BlueKeep.” Preliminary reports indicate that the vulnerability is being exploited by adversaries who are leveraging access to compromised systems to install cryptocurrency...

This Week in Security News: Phishing Campaigns and a Biometric Data Breach

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about ever-increasing amounts of phishing campaigns and how Trend Micro caught 2.4 million attacks of this type — a 59% increase from...

Microsoft Patches A Pair of Zero-Days Under Active Attack

Microsoft has addressed 77 vulnerabilities in its July Patch Tuesday update, with 15 of them rated as critical and two known to be under active exploit; and Adobe issued a small group of updates, with surprisingly none for Acrobat Reader or Flash. Eleven of the critical bugs are for scripting...

Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw

Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol RDP—two weeks after Microsoft releases the security patch. If exploited, the vulnerability cou...