11 threads tagged with “microsoft”
Microsoft published analysis of critical GenAI threats facing organizations. What's concerning: 66% of orgs are developing custom GenAI apps, 88% worry about indirect prompt injection, 80% cite data l…
Category: Research & Analysis / AI Security
Help Net Security's weekly summary highlighted multiple active threats: CVE-2025-59287 (WSUS RCE), CVE-2025-33073 (Windows SMB client), CVE-2025-61932 (Lanscope Endpoint Manager), and CVE-2025-54236 (…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities
Researchers at Datadog Security Labs discovered a new phishing method dubbed 'CoPhish' that abuses Microsoft Copilot Studio agents to deliver malicious OAuth consent requests. The attack leverages leg…
Category: Phishing / Cloud Security / Phishing
Security researchers have reported active exploitation of CVE-2025-59287 in Microsoft Windows Server Update Services (WSUS). The flaw allows unauthenticated remote code execution through deserializati…
Category: Vulnerabilities / Microsoft / Microsoft
CISA has added two major vulnerabilities—CVE-2025-54236 (Adobe Commerce / Magento) and CVE-2025-59287 (Microsoft WSUS)—to its Known Exploited Vulnerabilities catalog. Agencies are required to patch by…
Category: Vulnerabilities / Government / CISA
Microsoft's Security Update Guide details CVE-2025-59295, a Windows URL parsing vulnerability that can lead to remote code execution when a user interacts with a specially crafted link or file. The fl…
Category: Threat Alerts / Vulnerabilities & Exploits / Vendor Security Advisories
CISA added five security flaws to the Known Exploited Vulnerabilities (KEV) catalog, confirming real‑world exploitation. Highlights include Oracle E‑Business Suite SSRF (CVE-2025-61884) and RCE (CVE-2…
Category: Threat Alerts / Vulnerabilities & Exploits / Vulnerabilities & Exploits
Microsoft’s Digital Defense Report highlights the dominance of financially motivated threats, with over half of investigated incidents tied to extortion/ransomware and a surge in identity attacks driv…
Category: Industry News / Research & Tools / Research & Tools
Microsoft and F5 faced simultaneous critical incidents: Microsoft patched three actively exploited zero-days (CVE-2025-24990, CVE-2025-59230, CVE-2025-47827) while F5 confirmed source code theft in a …
Category: Threat Alerts / Vulnerabilities & Exploits / Zero-Day Exploits
Microsoft has patched CVE-2025-55320, an elevation-of-privilege flaw in Configuration Manager that allows SQL injection via the SyncToken method. Successful exploitation may lead to SYSTEM privileges.…
Category: Vulnerabilities & Exploits / Microsoft / Microsoft
Microsoft released fixes for 172 CVEs, including two zero-days under active exploitation: CVE-2025-24990 (Agere Modem driver removal due to exploitation) and CVE-2025-59230 (RasMan elevation-of-privil…
Category: Threat Alerts / Vulnerabilities & Exploits / Microsoft Patch Tuesday