MS Office
October Patch Tuesday: 61 bugs and one zero-day fixed
For its October Patch Tuesday, Microsoft has patched 61 vulnerabilities (27 of them critical) and one Office zero-day labeled as “important.” The zero-day The …
Spoofed IRS notice delivers RAT through link updating trick
The malware delivery trick involving updating links in Word documents is apparently gaining some traction: the latest campaign to use it likely takes the form of fake emails …
Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild
As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September …
Attackers turn to auto-updating links instead of macros to deliver malware
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …
Microsoft fixes 25 critical issues in August Patch Tuesday
The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be …
New PowerPoint malware delivery technique tested by spammers
A spam run detected by several security companies has attempted to deliver malware through an innovative technique: a link in a PowerPoint slideshow. The attack unfolds like …
MS Office zero-day is used to infect millions of users with Dridex
The still unpatched MS Office zero-day vulnerability publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking …
MS Office zero-day exploited in attacks – no enabling of macros required!
A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe – not even those who use a fully patched …
AKBuilder: A builder for exploit-laden Word documents
One doesn’t have to be a great coder to become a successful cybercriminal, as underground markets are filled with offerings that automate one or another step of an …
Post-pumpkin Patch Tuesday: What’s in store for November
There has been a lot of activity since October’s Patch Tuesday. During that short period of time, Oracle released its quarterly CPU, including an update for Java JRE; Adobe …
October Patch Tuesday: Changes, urgent updates and what’s coming next
The leaves aren’t the only things changing this October. Patch Tuesday is here and with it comes some interesting updates from big names in the software space. This month, …
Microsoft ends Tuesday patches
Yesterday was a big day for Patch Tuesday. It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches …
Featured news
Resources
Don't miss
- Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
- Notepad++ supply chain attack: Researchers reveal details, IoCs, targets
- Why boards must prioritize non-human identity governance
- Open-source attacks move through normal development workflows
- Product showcase: 2FAS Auth – Free, open-source 2FA for iOS