Cybercrime and APT Groups Exploiting WinRAR Bug
Exploitation of CVE-2025-8088 in the wild began before disclosure, with attacks confirmed as early as July 18, 2025.
All topics
Microsoft
13 Posts
Microsoft Releases Emergency Patch for CVE-2026-21509
The vulnerability (CVE-2026-21509) requires user interaction for an attack to succeed, with the most likely vector being an attacker sending a malicious Office file to a victim, who then opens it.
The RedVDS Takedown, Yet Another Chinese APT Emerges, and the StackWarp AMD Bug
This week, we talk about how Microsoft disrupted a long-running, large-scale cybercrime-as-a-service platform called RedVDS that has been active since 2019 and was used in high-volume phishing and BEC scams (1:00), then we discuss the research from Cisco Talos on another (!) Chinese APT called UAT-8837 that is targeting critical infrastructure organizations in North America […]
Microsoft Disrupts RedVDS Cybercrime Platform
The takedown marks a significant blow to the cybercrime-as-a-service ecosystem, which fuels large-scale, automated fraud.
Microsoft Warns of Exploited Windows Kernel Zero-Day
The important-severity flaw (CVE-2025-62215) has been exploited, said Microsoft.
Microsoft Fixes Actively Exploited Flaws in Patch Tuesday Release
Microsoft issued fixes for several actively exploited vulnerabilities in its latest patch Tuesday release.