Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Microsoft Expands Access to Windows Recall AI Feature

The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.

DARKReading
Open in Source
#vulnerability#web#mac#windows#microsoft#intel#amd#auth
Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject)

We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, participants assume the role of an attacker who sends an email to a user. The user then queries the LLMail service with a question (e.

CVE-2024-12053: Chromium: CVE-2024-12053 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.86 12/05/2024 131.0.6778.108/.109

Telecom Giant BT Group Hit by Black Basta Ransomware

BT Group, a major telecommunications firm, has been hit by a ransomware attack from the Black Basta group. The attack targeted the company's Conferencing division, leading to server shutdowns and potential data theft.

CVE-2024-49041: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Russian FSB Hackers Breach Pakistan's APT Storm-0156

Parasitic advanced persistent threat Secret Blizzard accesses another APT's infrastructure and steals what it has stolen from South Asian government and military targets.

Pegasus Spyware Infections Proliferate Across iOS, Android Devices

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.

Are We on the Brink of Saying Goodbye to Passwords?

Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and…

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the target system. The attack can be performed from an AppContainer restricted environment. Using […]

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X. The