Microsoft Uncovers New Malicious Campaign Targeting Developers
This campaign is an offshoot of the more familiar and pervasive fake job interview and phony tech worker scams that have been coming from North Korea for several years.
All topics
Microsoft
16 Posts
Six Zero Days From Microsoft, One From Apple, and a CSI: Cyber Throwback
This week was a cornucopia of zero days. We talk about the six (!) actively exploited vulnerabilities that Microsoft patched this week in its February update (2:46), then we discuss the one that Apple fixed in iOS 26.3, a vulnerability that has been used in what the company calls an “extremely sophisticated attack” against a few individuals (7:24). […]
Microsoft Fixes Six Exploited Bugs in February Patch Tuesday Updates
The exploited vulnerabilities in question exist across various products, from Microsoft Word to Windows Shell.
Cybercrime and APT Groups Exploiting WinRAR Bug
Exploitation of CVE-2025-8088 in the wild began before disclosure, with attacks confirmed as early as July 18, 2025.
Microsoft Releases Emergency Patch for CVE-2026-21509
The vulnerability (CVE-2026-21509) requires user interaction for an attack to succeed, with the most likely vector being an attacker sending a malicious Office file to a victim, who then opens it.
The RedVDS Takedown, Yet Another Chinese APT Emerges, and the StackWarp AMD Bug
This week, we talk about how Microsoft disrupted a long-running, large-scale cybercrime-as-a-service platform called RedVDS that has been active since 2019 and was used in high-volume phishing and BEC scams (1:00), then we discuss the research from Cisco Talos on another (!) Chinese APT called UAT-8837 that is targeting critical infrastructure organizations in North America […]