ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges
Microsoft has disclosed a critical zero-day vulnerability in SQL Server that allows authenticated attackers to escalate their privileges to the highest administrative level on affected database systems. Tracked as CVE-20
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-da
CVE-2026-26148 - Microsoft Azure AD SSH Login extension for Linux Elevation of Privilege Vulnerability
CVE ID :CVE-2026-26148 Published : March 10, 2026, 6:18 p.m. | 56 minutes ago Description :External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate pr
CVE-2026-26113 - Microsoft Office Remote Code Execution Vulnerability
CVE ID :CVE-2026-26113 Published : March 10, 2026, 6:18 p.m. | 56 minutes ago Description :Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. Severity: 8.4
CVE-2026-26114 - Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE ID :CVE-2026-26114 Published : March 10, 2026, 6:18 p.m. | 56 minutes ago Description :Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a netwo
CVE-2026-26110 - Microsoft Office Remote Code Execution Vulnerability
CVE ID :CVE-2026-26110 Published : March 10, 2026, 6:18 p.m. | 56 minutes ago Description :Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execut
Hackers Attack Employees Over Microsoft Teams to Trick Them Into Granting Remote Access
A social-engineering campaign abusing Microsoft Teams and Windows Quick Assist is evolving again, with BlueVoyant warning that the attackers are now deploying a newly identified malware family called A0Backdoor after con
Microsoft Teams phishing targets employees with backdoors
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. [...]
Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer
Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex at
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer
CVE-2026-21536 - Microsoft Devices Pricing Program Remote Code Execution Vulnerability
CVE ID : CVE-2026-21536 Published : March 5, 2026, 11:16 p.m. | 28 minutes ago Description : Microsoft Devices Pricing Program Remote Code Execution Vulnerability Severity: 9.8 | CRITICAL Visit the link for more det
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing's AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware. [...]
CVE-2026-3224 - Microsoft Entra ID Azure AD Authentication Bypass Vulnerability
CVE ID : CVE-2026-3224 Published : March 3, 2026, 10:16 p.m. | 17 hours, 27 minutes ago Description : Authentication bypass in the Microsoft Entra ID (Azure AD) authentication mode in Devolutions Server 2025.3.15.0 an
CVE-2026-2628 - All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass
CVE ID : CVE-2026-2628 Published : March 3, 2026, 2:16 a.m. | 1 hour, 26 minutes ago Description : The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypa
PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation
A critical local privilege escalation (LPE) vulnerability affecting Microsoft Windows has recently come to light following the public release of a Proof-of-Concept (PoC) exploit. Tracked as CVE-2026-20817, this security
MSHTML Framework 0-Day Exploited by APT28 Hackers Before Feb 2026’s Patch Tuesday Update
A zero-day vulnerability in the Microsoft HTML (MSHTML) framework was actively exploited in the wild. The vulnerability, tracked as CVE-2026-21513, allows attackers to bypass security features and execute arbitrary files
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch
Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.
CVE-2023-23397
Currently trending CVE - Hype Score: 3 - Microsoft Outlook Elevation of Privilege Vulnerability
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday
A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CV
PoC Released for Windows Notepad Vulnerability that Enables Malicious Command Execution
Microsoft has patched a high-severity remote code execution (RCE) vulnerability in the modern Windows Notepad application, tracked as CVE-2026-20841, as part of its February 2026 Patch Tuesday release cycle. The flaw, ro