Phishing
The latest Phishing coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Patches Critical Excel Use-After-Free Flaw (CVE-2025-53735) That Executes Code via Malicious Spreadsheets
Microsoft has confirmed a serious use-after-free vulnerability in Microsoft Excel, tracked as CVE-2025-53735, that can allow attackers to execute arbitrary code on a victim’s machine simply by...
CVE-2025-53733: Patch Microsoft Word RCE Now – Numeric Conversion Flaw Exploited
Microsoft has published advisory CVE-2025-53733, warning of a remote code execution vulnerability in Microsoft Word that stems from an incorrect conversion between numeric types during document...
Critical Office Use-After-Free Bug (CVE-2025-53731) Lets Attackers Execute Code—Patch Now, Microsoft Warns
Microsoft’s Security Response Center has published a new advisory, CVE-2025-53731, confirming a critical use-after-free vulnerability in Microsoft Office that can let attackers execute arbitrary...
Microsoft Drops Limited Details on CVE-2025-25006 Exchange Spoofing Bug—Here’s How to Protect Your Network
Microsoft has posted a new Exchange Server vulnerability, CVE-2025-25006, with a terse description that points to a spoofing weakness in how the mail server handles special header elements. The...
Microsoft Discloses Critical PowerPoint Use-After-Free Flaw, CVE-2025-53761, Enabling Local Code Execution
Microsoft has issued a security advisory for a new use-after-free vulnerability in PowerPoint, tracked as CVE-2025-53761, that allows an unauthorized attacker to execute code locally. The flaw, which...
CVE-2025-53741: Microsoft Issues Emergency Excel Patch to Stop Remote Code Execution via Heap Overflow
Microsoft has disclosed a critical heap-based buffer overflow vulnerability in Excel, tracked as CVE-2025-53741, that can give attackers the ability to remotely execute code on a vulnerable machine...
Visio Under Fire: Microsoft Releases Patch for Use-After-Free Vulnerability CVE-2025-53730
Microsoft has disclosed a new use-after-free vulnerability in Visio, tracked as CVE-2025-53730, that allows an attacker to execute arbitrary code locally when a user opens a maliciously crafted...
Entra ID Anchors 2025 Windows SSO as Passkeys Rise and Pricing Models Diverge
Enterprise SSO buyers navigating Windows identity for 2025 are facing a landscape where Microsoft Entra ID cements its role as the central policy engine, phishing-resistant passkeys become the...
SendQuick Conexa Claims FIDO2 Server Certification, Paving the Way for Phishing-Resistant Windows Sign-Ins
SendQuick's Conexa authentication platform has achieved FIDO2 server certification from the FIDO Alliance, the company announced, positioning the multi-factor authentication platform as a...
HID’s New EPM and Crescendo Keys Take Aim at Passkey Deployment Headaches
HID Global is tackling the last mile of enterprise passkey adoption head-on with a new management service and refreshed hardware line. On August 5, the company unveiled Enterprise Passkey Management...
Sophisticated Microsoft 365 Phishing Attacks Exploit SVG Images and Trusted Tools to Steal Credentials
A new wave of phishing attacks targeting Microsoft 365 users is bypassing conventional email filters by weaponizing SVG image files and repurposing legitimate security tools as cloaking devices. The...
Poisoned Calendars, Hijacked Chips, and Stealthy Phishing: Inside the Latest Cybersecurity Onslaught
A single poisoned Google Calendar invite can now raise your smart blinds and start a Zoom call without your consent. That unsettling reality emerged at this year’s Black Hat conference, where...