TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

CISA has added four Microsoft vulnerabilities to its Known Exploited Vulnerabilities catalog, giving federal agencies until April 27 to patch them. The flaws include a Windows privilege escalation bug (CVE-2025-60710), a Windows Common Log File System Driver flaw (CVE-2023-36424), a Microsoft Exchange Server RCE vulnerability (CVE-2023-21529) actively exploited by the Storm-1175 group deploying Medusa ransomware, and a Visual Basic for Applications insecure library loading bug (CVE-2012-1854) originally patched in 2012 but still being actively exploited. CISA also added two Adobe Acrobat/Reader vulnerabilities to the catalog, including one that had been exploited as a zero-day for months before a patch was released.

Ransomware scum, other crims exploit 4 old Microsoft bugs