A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning one of the most familiar programs on any PC into a potential entry point ...

CISA confirms active exploitation of CVE-2024-43468 in Microsoft Configuration Manager and urges immediate patching.

Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes, and there may be no ...

By putting conflicting metadata in LNK files, a researcher found four new ways to spoof targets, hide arguments, and run unintended programs in Windows Explorer.

Fixes For Actively Exploited FlawsMicrosoft has released security updates for Windows and Office to address vulnerabilities that the company said are being ...

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.

The vulnerability comes from the way Notepad handles Markdown hyperlinks. Attackers craft malicious .md files with embedded ...

Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK ...

The campaign exploits an Office vulnerability to deliver the modular XWorm RAT, chaining HTA, PowerShell, and in-memory .NET execution to sidestep detection and expand post-compromise control.

In today’s fast digital world, even simple actions can open doors to hidden threats. Microsoft has identified multiple ...

The time between vulnerability disclosure and exploitation has plunged 94% over the past five years as threat actors weaponize so-called “n-days,” according to a new Flashpoint study.

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.