#microsoft

Using the API Connections for Azure Logic Apps, a security researcher found unauthenticated users could access sensitive data of other customers.

Phishing remained the top initial access method in Q2 2025, while ransomware incidents see the emergence of new Qilin tactics.

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

The National Treasury of South Africa is among the half-dozen known victims in South Africa — along with other nations — of the mass compromise of on-premises Microsoft SharePoint servers.

OpenShift confidential containers (CoCo) is now generally available for Microsoft Azure. You can extend the security capabilities of Red Hat OpenShift by using OpenShift confidential containers, which allows you to deploy and manage confidential workloads with enhanced data protection and integrity. This release marks a significant milestone, providing a robust solution for enterprises seeking to protect sensitive applications and data on Azure. It addresses critical security concerns by isolating workloads within a hardware-protected trusted execution environment, helping ensure that data re

Red Hat OpenShift sandboxed containers 1.10 has been released, bringing enhanced security and isolation capabilities to your Red Hat OpenShift environments. This marks the general availability of confidential containers on Microsoft Azure, and introduces the new Red Hat build of Trustee, which provides attestation services so your confidential workloads can run with integrity in the cloud. OpenShift sandboxed containers delivers a lightweight and powerful way to run workloads in isolation. Confidential containers add an additional layer for hardware-protected environments, leveraging Trusted E

The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption.

A law requiring UK internet users to verify their age to access adult content has led to a huge surge in VPN downloads—and has experts worried about the future of free expression online.

Summary The growing adoption of large language models (LLMs) in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models (LLMs) to process untrusted data. Fundamentally, the risk is that an attacker could provide specially crafted data that the LLM misinterprets as instructions.

macOS flaw dubbed Sploitlight allows attackers to access Apple Intelligence-cached data by abusing Spotlight plugins, bypassing privacy controls.