A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning ...

CISA confirms active exploitation of CVE-2024-43468 in Microsoft Configuration Manager and urges immediate patching.

Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes, and there may be no ...

By putting conflicting metadata in LNK files, a researcher found four new ways to spoof targets, hide arguments, and run unintended programs in Windows Explorer.

Fixes For Actively Exploited FlawsMicrosoft has released security updates for Windows and Office to address vulnerabilities that the company said are being ...

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws ...

The vulnerability comes from the way Notepad handles Markdown hyperlinks. Attackers craft malicious .md files with embedded ...

Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK ...

The time between vulnerability disclosure and exploitation has plunged 94% over the past five years as threat actors weaponize so-called “n-days,” according to a new Flashpoint study.

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.

Microsoft is patching nearly 60 CVEs in its February update for Windows 11, and six of them are zero day vulnerabilities.