Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction.

Wired
Open in Source
#vulnerability#web#mac#google#microsoft#git
About Elevation of Privilege – Windows Update Service (CVE-2025-48799) vulnerability

About Elevation of Privilege – Windows Update Service (CVE-2025-48799) vulnerability. This vulnerability is from the July Microsoft Patch Tuesday. Improper link resolution before file access (‘link following’) in the Windows Update Service allows an authorized attacker to elevate privileges to “NT AUTHORITY\SYSTEM”. 🛠 An exploit for this vulnerability was published by researcher Filip Dragović (Wh04m1001) […]

Phishers Abuse Microsoft 365 to Spoof Internal Users

The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.

Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

Microsoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently a prototype, has been codenamed Project Ire by the tech giant. The system "automates what is considered the gold

CVE-2025-53786: Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited the vulnerability within the organization’s cloud environment?** In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace. This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.

Discord CDN Link Abused to Deliver RAT Disguised as OneDrive File

Hackers are installing multiple RMMs like Atera and Splashtop in a new malware attack. This article details the abuse of Discord CDN link andn fake OneDrive phishing campaign discovered by Sublime Security.

Qualys has introduced Agentic AI, a solution for autonomous cyber risk management

Qualys has introduced Agentic AI, a solution for autonomous cyber risk management. As part of this solution, Qualys provides ready-to-use Cyber Risk Agents that operate autonomously and act as an additional skilled digital workforce. Agentic AI not only detects issues and provides analytics but also autonomously identifies critical risks, prioritizes them, and launches targeted remediation […]

Microsoft Bounty Program year in review: $17 million in rewards

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center (MSRC), these security researchers have helped identify and resolve more than a thousand potential vulnerabilities, strengthening protections for Microsoft customers around the world.

Hackers Abuse Microsoft 365 Direct Send to Deliver Internal Phishing Emails

A new Proofpoint report reveals how attackers are using Microsoft 365’s Direct Send and unsecured SMTP relays to…

LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code

A new security flaw, LegalPwn, exploits a weakness in generative AI tools like GitHub Copilot and ChatGPT, where malicious code is disguised as legal disclaimers. Learn why human oversight is now more critical than ever for AI security.