Microsoft’s April Patch Tuesday release includes fixes for 66 bugs, 24 of which are rated critical.

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware.

Malicious e-mail attachments used in this campaign don’t display any warnings when opened and silently install malware.

Hackers are exploiting three Microsoft Office vulnerabilities to spread the Zyklon HTTP malware .

An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed.

Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.

Microsoft releases a total of 57 security patches, part of its July Patch Tuesday, with 20 rated critical.

Zusy malware installs when victims hover over an opened PowerPoint file – no clicking needed.

The CIA is planting web beacons inside Microsoft Word documents to track whistleblowers, journalists and informants, according to WikiLeaks.

A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East. Researchers at Kaspersky Lab today published a report describing how attackers continue to flourish exploiting CVE-2015-2545, a remote code execution vulnerability where an attacker crafts an EPS image file...