Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft bug bounty expands to critical flaws across online services

Security Tool/Service
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft expanded its bug bounty program to pay for critical vulnerabilities that directly affect any of its online services, increasing incentives to surface flaws before attackers exploit them. The program now covers issues in Microsoft, third-party, and open-source code when they impact those services. New services are now in scope as soon as they are released, widening coverage across Microsoft's online footprint.

Related Happenings

Microsoft extends Windows 10 ESU consumer coverage through October 2027

Security Tool/Service
H score11 First: 25.06.2026 21:29 Last: 25.06.2026 21:29 Sources 1

About this happening: **Microsoft** quietly extended the **Windows 10 Extended Security Updates (ESU)** program for **personal devices** by **one additional year**, keeping critical security update cov...

Microsoft hit by cyberattack

Incident
H score68 First: 09.06.2026 18:42 Last: 09.06.2026 18:42 Sources 1

About this happening: A **Microsoft** GitHub repository removal incident in **June 2026** disrupted **continuous integration pipelines** and briefly broke **Azure/functions-action** workflows used by d...

Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office

Trend
H score19 First: 19.05.2026 17:00 Last: 19.05.2026 17:00 Sources 1

About this happening: Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...

Microsoft May 2026 Patch Tuesday release

Security Patch Release
H score44 First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Latest development: 01.06.2026 15:30

Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.

Microsoft security patch release for CVE-2026-41089

Security Patch Release
H score43 First: 13.05.2026 00:46 Last: 13.05.2026 00:46 Sources 1

About this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...

Timeline

  1. 11.12.2025 18:00 2 articles · 7mo ago

    Microsoft expands bug bounty coverage for critical service-impacting vulnerabilities

    Initial Disclosure

    Microsoft expanded its bug bounty program to pay security researchers for critical vulnerabilities with a direct, demonstrable impact on Microsoft online services, including issues in third-party and open-source dependencies. New services are now in scope as soon as they are released, broadening coverage across Microsoft's online service footprint.

    Show sources