Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-49741: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#auth#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
Rising star: Meet Dylan, MSRC’s youngest security researcher

At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center (MSRC). His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security Dylan’s fascination with technology began early. Like many kids, he started with Scratch—a visual programming language for making simple games and animations.

Microsoft Removes Password Management from Authenticator App Starting August 2025

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. The changes, the company said, are part of its efforts to streamline autofill in the two-factor authentication (2FA) app. "Starting July 2025, the autofill feature in Authenticator will stop working, and from August 2025, passwords will no longer be accessible in Authenticator," Microsoft

Scattered Spider Hacking Spree Continues With Airline Sector Attacks

Microsoft has called the hacker collective one of the most dangerous current cyber threats.

OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo

Decrement by one to rule them all: AsIO3.sys driver exploitation

Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.

CVE-2025-6557: Chromium: CVE-2025-6557 Insufficient data validation in DevTools

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.49/.50

CVE-2025-6556: Chromium: CVE-2025-6556 Insufficient policy enforcement in Loader

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.49/.50

CVE-2025-6555: Chromium: CVE-2025-6555 Use after free in Animation

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 138.0.3351.55 6/26/2025 138.0.7204.49/.50

CVE-2025-47964: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker could convince a local user to open a malicious file. The attacker would have to convince the user to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.