Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft's March Patch Tuesday update.

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks.

For a change, there's little in this month's Patch Tuesday that should cause panic, according to security experts.

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

ESET researchers have traced the reactivation of Sednit’s advanced implant team to a 2024 case in Ukraine, where a keylogger named SlimAgent was deployed.During that operation, BeardShell, a second ...

Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are ...

Microsoft is aware of public disclosure of two of today’s Patch Tuesday vulnerabilities, but without evidence of exploitation in the wild for any (yet), so there are no Microsoft additions to CISA’s ...

New hacking cluster exploits web servers and Mimikatz to infiltrate Asian infrastructure for long-term espionage in aviation, ...

In a welcome relief for sysadmins, Microsoft released security updates for just 79 vulnerabilities in this month’s Patch Tuesday yesterday, including two publicly disclosed zero-days. Microsoft ...

Latest update brings type-checking adjustment for function expressions in generic calls, as TypeScript moves toward Go rewrite.

The long-running Russian military hacking group tracked as Fancy Bear and APT28 has been wielding a new, "high-end custom arsenal" of custom ...