Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2025-24053: Microsoft Dataverse Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#Microsoft Dataverse#Security Vulnerability
Jailbreaking is (mostly) simpler than you think

Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack (CCA), that has proven effective against most leading AI systems. We are disseminating this research to promote awareness and encourage system designers to implement appropriate safeguards.

Chinese Volt Typhoon Hackers Infiltrated US Electric Utility for Nearly a Year

Dragos reveals Volt Typhoon hackers infiltrated a US electric utility for 300 days, collecting sensitive data. Learn how this cyberattack threatens infrastructure.

CVE-2025-2137: Chromium: CVE-2025-2137 Out of bounds read in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.62 3/12//2025 134.0.6998.89

CVE-2025-2136: Chromium: CVE-2025-2136 Use after free in Inspector

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.62 3/12//2025 134.0.6998.89

CVE-2025-2135: Chromium: CVE-2025-2135 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.62 3/12//2025 134.0.6998.89

CVE-2025-1920: Chromium: CVE-2025-1920 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 134.0.3124.62 3/12//2025 134.0.6998.89

March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days

Microsoft's March 2025 Patch Tuesday fixes six actively exploited zero-day vulnerabilities, including critical RCE and privilege escalation flaws. Learn how these vulnerabilities impact Windows systems and why immediate patching is essential.

March Microsoft Patch Tuesday

March Microsoft Patch Tuesday. 77 CVEs, 20 of which were added during the month. 7 vulnerabilities with signs of exploitation in the wild: 🔻 RCE – Windows Fast FAT File System Driver (CVE-2025-24985)🔻 RCE – Windows NTFS (CVE-2025-24993)🔻 SFB – Microsoft Management Console (CVE-2025-26633)🔻 EoP – Windows Win32 Kernel Subsystem (CVE-2025-24983)🔻 InfDisc – Windows NTFS […]

URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days

Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege