Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Attackers Hide JavaScript in SVG Images to Lure Users to Malicious Sites

Beware! SVG images are now being used with obfuscated JavaScript for stealthy redirect attacks via spoofed emails. Get insights from Ontinue's latest research on detection and defence.

HackRead
Open in Source
#web#microsoft#git#java#pdf#auth
Congratulations to the MSRC 2025 Most Valuable Security Researchers!

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.

Researchers Jailbreak Elon Musk’s Grok-4 AI Within 48 Hours of Launch

Elon Musk’s Grok-4 AI was compromised within 48 hours. Discover how NeuralTrust researchers combined “Echo Chamber” and “Crescendo”…

AI 'Nudify' Websites Are Raking in Millions of Dollars

Millions of people are accessing harmful AI “nudify” websites. New analysis says the sites are making millions and rely on tech from US companies.

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability. A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim’s host to connect to the attacker’s SMB server and authenticate, resulting in gaining SYSTEM privileges. 🔹 Details on how to exploit the vulnerability were published on […]

4 Arrested Over Scattered Spider Hacking Spree

Plus: An “explosion” of AI-generated child abuse images is taking over the web, a Russian professional basketball player is arrested on ransomware charges, and more.

Patch, track, repeat

Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.

UK Arrests Four in ‘Scattered Spider’ Ransom Group

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

What Security Leaders Need to Know About AI Governance for SaaS

Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting summaries, and office suites such as Microsoft 365 contain

North American APT Uses Exchange Zero-Day to Attack China

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.