Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Microsoft Word
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)

A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly …

fire
Office exploits continue to spread more than any other category of malware

The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an …

Office 365
Escanor malware delivered in weaponized Microsoft Office documents

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT (Remote Administration Tool) advertised in Dark Web and Telegram …

biohazard
87% of the ransomware found on the dark web has been delivered via malicious macros

Venafi announced the findings of a dark web investigation into ransomware spread via malicious macros. Conducted in partnership with criminal intelligence provider Forensic …

Microsoft
Microsoft adds default protection against RDP brute-force attacks

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston of Enterprise and OS Security at …

Microsoft
Attackers are leveraging Follina. What can you do?

As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …

Microsoft Office
Microsoft Office apps are vulnerable to IDN homograph attacks

Microsoft Office apps – including Outlook – are vulnerable to homograph attacks based on internationalized domain names (IDNs). In practice, this means that users …

Microsoft support
Zero-day bug exploited by attackers via macro-less Office documents (CVE-2022-30190)

A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers …

fix
Windows Autopatch: Managed enterprise patching for Windows and Office

While IT administrators are mentally preparing themselves for yet another Patch Tuesday, Microsoft has announced Windows Autopatch: a new service that aims make the second …

Patch Tuesday
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)

The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server …

swirl
Attackers bypass Microsoft patch to deliver Formbook malware

Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file …

Patch Tuesday
Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)

It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools