A new tool called 'Defendnot' tricks Windows into disabling Microsoft Defender by registering a fake antivirus product using an undocumented Windows Security Center API. Created by researcher es3n1n, it bypasses security features by injecting a dummy antivirus DLL into a trusted system process, effectively leaving devices without active protection. Microsoft Defender has flagged Defendnot as a threat, highlighting vulnerabilities in trusted system features.

Microsoft’s Copilot for M365 has a significant vulnerability that allows users to access files without leaving an audit log entry, posing serious security and compliance risks. Despite fixing the issue, Microsoft has chosen not to inform customers or disclose the vulnerability publicly, raising concerns about their transparency and responsibility regarding security practices. The article details the author’s frustrating experience reporting the vulnerability and highlights the implications for organizations relying on accurate audit logs.

A critical flaw in Microsoft Entra ID, involving undocumented actor tokens and a vulnerability in the Azure AD Graph API, allowed potential global access to any organization's tenant without leaving logs of the actions taken. Security researcher Dirk-jan Mollema discovered that these actor tokens could be exploited to impersonate users, including Global Administrators, leading to severe security risks. Microsoft has since patched the vulnerability and is in the process of deprecating the affected API service.

Recent attacks linked to Chinese hacking groups have exploited a zero-day vulnerability in Microsoft SharePoint, breaching numerous organizations globally. The vulnerabilities, identified as CVE-2025-49706 and CVE-2025-49704, were actively targeted by multiple threat actors, prompting Microsoft and CISA to release emergency patches and recommend immediate action for affected entities.

A flaw in Microsoft OneDrive's file picker has been discovered, which could potentially allow attackers to exploit the feature for unauthorized access to files. This vulnerability highlights the need for improved security measures within cloud storage services to protect user data from malicious activities.

A critical flaw in Microsoft's Windows Server Update Services (WSUS) has been exploited in the wild, with reports indicating that the vulnerability allows attackers to bypass security measures and execute arbitrary code. Despite the availability of patches, many systems remain unprotected due to insufficient updates, highlighting the urgency for organizations to address this issue promptly.

A new zero-click vulnerability named 'EchoLeak' has been discovered in Microsoft 365 Copilot, allowing attackers to exfiltrate sensitive data without user interaction. Although Microsoft has fixed the issue and there is no evidence of real-world exploitation, the flaw highlights significant risks associated with AI-integrated systems and emphasizes the need for improved security measures against such vulnerabilities.

Microsoft identified a macOS vulnerability, CVE-2025-31191, allowing attackers to escape the App Sandbox using security-scoped bookmarks without user interaction. The flaw could lead to unrestricted code execution on affected devices, enabling further malicious actions. A fix was provided by Apple in March 2025, and users are advised to apply security updates promptly.

Microsoft has acknowledged the contributions of a hacker known as Encrypthub for their role in improving the security of a vulnerability in its systems. This recognition highlights the growing trend of tech companies collaborating with ethical hackers to enhance cybersecurity measures.

Microsoft has discovered a vulnerability in macOS that allows attackers to bypass TCC protections, potentially exposing sensitive user data. This flaw could enable unauthorized access to applications that are typically restricted by macOS security measures. Users are advised to update their systems to mitigate the risk associated with this vulnerability.

A Windows vulnerability (CVE-2025-24054) rated as low exploitability by Microsoft was quickly weaponized by attackers within eight days, targeting government and enterprise entities in Poland and Romania. The flaw allows attackers to leak NTLM hashes through phishing tactics, enabling them to impersonate victims with minimal user interaction. Researchers emphasize the urgent need for organizations to apply patches promptly to mitigate risks associated with NTLM vulnerabilities.

Researchers have identified two Secure Boot exploits, with Microsoft addressing only one in its latest security update. The patched vulnerability, affecting over 50 device manufacturers, allows attackers with physical access to disable Secure Boot and potentially install malware before the operating system loads. The exploit's root cause lies in a critical vulnerability in firmware flashing tools used by DT Research, which were improperly authenticated for wider device compatibility.

A recently discovered zero-click vulnerability in Microsoft 365 Copilot could potentially expose sensitive user data without any interaction required from the user. This flaw highlights significant security concerns regarding AI integration in enterprise services, prompting calls for immediate remediation measures from Microsoft.

Microsoft issued an emergency security update for a critical vulnerability in SharePoint Server, known as CVE-2025-53770, which is actively being exploited by hackers to breach various organizations, including U.S. federal agencies. The flaw allows attackers to access and control compromised servers using a backdoor tool named "ToolShell," prompting urgent recommendations for organizations to take immediate protective measures beyond just patching.

Microsoft has confirmed that its Remote Desktop Protocol (RDP) allows users to log in with revoked passwords, a design choice intended to prevent user lockouts. This controversial decision means that even after changing a password, access can still be granted, leaving millions of users vulnerable without clear guidance or detection methods from Microsoft.

A newly discovered vulnerability in the Cursors component of Microsoft Windows allows hackers to execute arbitrary code on affected systems. This flaw, identified as CVE-2023-38831, can be exploited through specially crafted files, prompting urgent updates from Microsoft to mitigate potential attacks. Users are advised to patch their systems to safeguard against this security threat.