A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at ...

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.

A security researcher frustrated with Microsoft has released the BlueHammer Windows zero-day exploit, telling the company, “I'm not explaining how this works.” ...

Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are ...

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft ...

A new report out today from Aim Security Ltd. reveals the first known zero-click artificial intelligence vulnerability that could have allowed attackers to exfiltrate sensitive internal data without ...

PCWorld reports that Microsoft issued emergency updates for a critical zero-day vulnerability (CVE-2026-21509) in Office that attackers exploited against Ukrainian authorities and EU institutions. The ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Update, August 10, 2025: This story, originally published on ...

Microsoft patched a high-severity GitHub vulnerability, CVE-2026-3854, within about two hours of disclosure, preventing any ...

Microsoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. WSUS is ...

Microsoft announced it is killing off its Privacy Protection VPN feature in the Microsoft Defender app at the end of the month to focus on other features. The tech ...