Microsoft has warned of tax-themed phishing campaigns that abuse legitimate services to deploy malware and steal credentials. Techniques used include URL shorteners, QR codes, and phishing-as-a-service platforms to direct users to phishing sites. These campaigns also deliver remote access trojans and other malware. Microsoft has detected campaigns targeting thousands of U.S. organizations, particularly in the engineering, IT, and consulting sectors. The company advises organizations to use phishing-resistant authentication methods, browsers that block malicious websites, and network protection to guard against these attacks.

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild
Shadow Servers have identified 454 vulnerable SAP NetWeaver systems affected by a critical zero-day flaw, CVE-2025-31324, allowing unauthenticated file uploads and potential system compromise. Discovered