Phishing
The latest Phishing coverage — news, analysis, and updates from the WindowsNews.AI desk.
Windows 10 Still Runs on 53% of PCs: Your Urgent Migration Roadmap Before October 14
More than half of the world’s PCs—53% to be precise—are still running Windows 10, a staggering statistic just weeks before Microsoft officially retires the operating system on October 14, 2025....
Windows 11 Brings Third-Party Passkey Support and TPM-Backed Sync to Replace Passwords
Microsoft delivered one of its most significant security advances in recent memory on September 26, when it released a Windows 11 update that fundamentally rearchitects how users authenticate to apps...
Okta Exposes VoidProxy Phishing Service That Steals Session Cookies to Bypass MFA
A new industrialized phishing service named VoidProxy is arming cybercriminals with the ability to hijack Google and Microsoft accounts in real time, exfiltrating session cookies that bypass...
Critical Office Heap Overflow (CVE-2025-54910) Patched for Windows, Mac Fixes Still Pending
Microsoft has released security updates to patch a critical heap-based buffer overflow in Microsoft Office, tracked as CVE-2025-54910, that could allow attackers to execute arbitrary code after a...
CVE-2025-55243: OfficePlus Spoofing Flaw Exposes Data, Bypasses Scanners
Microsoft has published a security advisory for CVE-2025-55243, a spoofing vulnerability in Microsoft OfficePlus that can lead to the exposure of sensitive information and enable attackers to...
Windows NTLM Vulnerability Lets Attackers Escalate Privileges Over the Network — Patch Immediately
Microsoft is urging Windows administrators to patch a critical improper authentication vulnerability in NT LAN Manager (NTLM) that allows an authenticated attacker to elevate privileges over a...
Microsoft's Hidden PowerPoint Flaw: Why CVE-2025-54908 Evades Verification but Demands Action
A newly surfaced Microsoft advisory for CVE-2025-54908 warns of a use-after-free vulnerability in PowerPoint that could allow an unauthorized attacker to execute code locally. However, when security...
Microsoft Flags Critical Visio Heap Overflow – Urgent Patch for CVE-2025-54907 Underway
Microsoft has confirmed a dangerous heap-based buffer overflow in Microsoft Office Visio that lets attackers execute malicious code simply by convincing a user to open a rigged diagram file. The...
CVE-2025-54906: Microsoft Office Memory Bug Enables Code Execution via Malicious Docs – Patch Now
Microsoft has issued a security advisory for CVE-2025-54906, a critical memory-corruption vulnerability in Office that can lead to arbitrary code execution when a user opens or previews a specially...
Urgent Excel Security Fix: Use-After-Free Bug Opens Door to Code Execution — Mac LTSC Patches Delayed
Microsoft has issued a security advisory for CVE-2025-54903, a critical use-after-free vulnerability in Microsoft Excel that allows an attacker to execute code locally when a victim opens a...
CVE-2025-54902: Excel Out-of-Bounds Read Flaw Could Let Attackers Seize PCs—Mac Updates Still Missing
Microsoft has released a security update for a critical out-of-bounds read vulnerability in Excel that could allow remote code execution—but the patch is not yet available for Mac users. Tracked as...
Microsoft Patches Excel Vulnerability CVE-2025-54898: Out-of-Bounds Read Could Allow Code Execution
Microsoft has issued a security update for CVE-2025-54898, an out-of-bounds read vulnerability in Microsoft Excel that could be exploited by attackers to achieve local code execution when a user...