The service became a prolific tool for cybercriminals in the past year, as it facilitated thousands of attacks involving credential theft, account takeovers, mass phishing and payment…

Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable.

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild.

The guide includes security advice previously shared by Microsoft, yet authorities felt it prudent to outline best practices for the critical and widely used technology.

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

The tech giant addressed a record-high number of defects for the year in its latest update.

Researchers said Thalha Jubair was a principal operator, leading or directing many attacks attributed to the hacker subset of The Com since 2022.

The company acted on a court order and collaborated with Cloudflare to seize RaccoonO365’s infrastructure, which was used to steal credentials from organizations in 94 countries.

The Oregon senator said Microsoft’s default settings for Windows and other products are enabling ransomware attacks, like the one against Ascension hospital system in 2024.