MS Office
April Patch Tuesday Forecast: Be aware of end-of-service issues and browser exploits
April Patch Tuesday is nearly here with two significant topics of concern. The first relates to end-of-service milestones and the second issue is browser exploits. Let’s start …
Phishers’ new trick for bypassing email URL filters
Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the …
January 2019 Patch Tuesday: 49 security patches, 7 critical
Microsoft’s first Patch Tuesday of 2019 includes 49 security patches, seven of which are listed as Critical. Of all the plugged security holes, none are reported as …
Word documents seemingly carrying videos can deliver malicious code instead
A feature that allows anyone to embed a video directly in a Word document can be easily misused to trick target users into downloading and running malware, Cymulate …
August Patch Tuesday forecast: Looking ahead after a frustrating July
Approaching August Patch Tuesday, we are supposed to be in the ‘dog days’ of summer where everything slows down. Unfortunately, July was full of CVEs and stability fixes with …
Microsoft plugs 56 vulns, including Office flaw exploited in attacks
As part of the January 2018 Patch Tuesday, Microsoft has released fixes for 56 CVE-listed vulnerabilities, including the Meltdown and Spectre flaws, and an Office bug actively …
Microsoft offers mitigation advice for DDE attacks scenarios
Microsoft has published a security advisorty containing DDE attack mitigation instructions for both users and admins. What’s a DDE attack? For a while now, attackers …
October Patch Tuesday: 61 bugs and one zero-day fixed
For its October Patch Tuesday, Microsoft has patched 61 vulnerabilities (27 of them critical) and one Office zero-day labeled as “important.” The zero-day The …
Spoofed IRS notice delivers RAT through link updating trick
The malware delivery trick involving updating links in Word documents is apparently gaining some traction: the latest campaign to use it likely takes the form of fake emails …
Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild
As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September …
Attackers turn to auto-updating links instead of macros to deliver malware
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …
Microsoft fixes 25 critical issues in August Patch Tuesday
The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be …
Featured news
Resources
Don't miss
- Brute-force attacks hammer Fortinet devices worldwide
- For $40, you can buy stolen police and government email accounts
- Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)
- AI security governance converts disorder into deliberate innovation
- Open-source flow monitoring with SENSOR: Benefits and trade-offs