Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

What happened in Vegas (that you actually want to know about)

Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign.

TALOS
Open in Source
#vulnerability#web#windows#microsoft#cisco#git#backdoor#acer#dell#zero_day
Microsoft patches some very important vulnerabilities in August’s patch Tuesday

In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities, some of which are very important.

Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws

Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege

Patch Tuesday: Microsoft Fixes 107 Vulnerabilities, Including 13 RCE Flaws

Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more,…

Elevation-of-Privilege Vulns Dominate Microsoft's Patch Tuesday

The company's August security update consisted of patches for 111 unique Common Vulnerabilities and Exposures (CVEs).

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”

Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.   In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the wild. Out

AVEVA PI Integrator

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Integrator Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Insertion of Sensitive Information into Sent Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AVEVA products are affected: PI Integrator for Business Analytics: Versions 2020 R2 SP1 and prior. 3.2 VULNERABILITY OVERVIEW 3.2.1 UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434 The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed. CVE-2025-54460 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.6 has been calculated; the CVSS vector stri...

Over 29,000 Unpatched Microsoft Exchange Servers Leaving Networks at Risk

A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise…

CVE-2025-33051: Microsoft Exchange Server Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.