ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
New Windows 0-Click Vulnerability Exploited to Bypass Defender SmartScreen
A critical zero-click authentication coercion vulnerability, tracked as CVE-2026-32202, stemming from an incomplete patch for a Windows Shell security feature bypass actively weaponized by the Russian APT28 threat group.
Microsoft fixes Entra ID flaw enabling privilege escalation
Microsoft fixed a Microsoft Entra ID flaw where the Agent ID Administrator role could enable privilege escalation and account takeover. Microsoft addressed a flaw in Microsoft Entra ID that could let attackers take over
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administ
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32
Kritische RCE-Schwachstelle verbreitet sich über Microsoft-GitHub-Repository
Tenable entdeckt eine kritische Sicherheitslücke im Microsoft Repository „Windows-driver-samples“. Sie erlaubt Remote Code Execution und Zugriff auf Secrets. Durch einen manipulierten Issue-Workflow können Angreifer CI/C
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of
Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and a backdoor. [...]
Hackers Can Abuse Entra Agent ID Administrator Role to Hijack Service Principals
A critical scope overreach vulnerability was recently identified in the Microsoft Entra Agent Identity Platform. The newly introduced Agent ID Administrator role allowed accounts to hijack arbitrary service principals an
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Vi
CVE-2023-21529
Currently trending CVE - Hype Score: 2 - Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2026-35431 - Microsoft Entra ID Entitlement Management Spoofing Vulnerability
CVE ID :CVE-2026-35431 Published : April 23, 2026, 9:37 p.m. | 32 minutes ago Description :None Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline,
CVE-2026-32172 - Microsoft Power Apps Remote Code Execution Vulnerability
CVE ID :CVE-2026-32172 Published : April 23, 2026, 9:37 p.m. | 32 minutes ago Description :None Severity: 8.0 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and m
CVE-2026-24303 - Microsoft Partner Center Elevation of Privilege Vulnerability
CVE ID :CVE-2026-24303 Published : April 23, 2026, 9:37 p.m. | 32 minutes ago Description :None Severity: 9.6 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, a
CVE-2026-26150 - Microsoft Purview eDiscovery Elevation of Privilege Vulnerability
CVE ID :CVE-2026-26150 Published : April 23, 2026, 9:37 p.m. | 32 minutes ago Description :None Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and m
CVE-2026-33819 - Microsoft Bing Remote Code Execution Vulnerability
CVE ID :CVE-2026-33819 Published : April 23, 2026, 9:35 p.m. | 34 minutes ago Description :None Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline,
CVE-2026-33102 - Microsoft 365 Copilot Elevation of Privilege Vulnerability
CVE ID :CVE-2026-33102 Published : April 23, 2026, 9:35 p.m. | 34 minutes ago Description :None Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, a
CVE-2026-32210 - Microsoft Dynamics 365 (online) Spoofing Vulnerability
CVE ID :CVE-2026-32210 Published : April 23, 2026, 9:35 p.m. | 34 minutes ago Description :None Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, a
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other in
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. [...]
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a f