Microsoft has issued patches addressing 63 vulnerabilities in its software, including two actively exploited zero-day vulnerabilities: CVE-2025-21391, which allows attackers to delete crucial files, and CVE-2025-21418, which enables SYSTEM privilege escalation on Windows. The update affects several core products, including Microsoft Excel, Microsoft Office, and Windows CoreMessaging. In a related development, Thai authorities have arrested four Russian nationals believed to be leaders of the 8Base ransomware group, which has been linked to cyberattacks on multiple organizations, including 17 Swiss companies. This operation was part of a broader international crackdown on ransomware gangs. Additionally, the Russian-backed hacking group Sandworm has initiated a global operation named BadPilot, targeting critical sectors such as energy and telecommunications, exploiting eight known vulnerabilities. The FBI and CISA have also issued warnings regarding buffer overflow vulnerabilities, urging software developers to address these design defects to enhance cybersecurity.