Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Practical Ways to Improve Your Digital Efficiency

Optimizing your online productivity is more important than ever. Whether you’re a business owner, freelancer, or simply someone…

HackRead
Open in Source
#web#windows#google#microsoft#git#ssl
Deepfakes, Scams, and the Age of Paranoia

As AI-driven fraud becomes increasingly common, more people feel the need to verify every interaction they have online.

New SEO Poisoning Campaign Targeting IT Admins With Malware

Varonis reveals attackers are using SEO poisoning to trick IT admins into downloading malware, alongside a critical root…

About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824) vulnerability

About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824) vulnerability. The vulnerability from the April Microsoft Patch Tuesday allows an attacker operating under a regular user account to escalate their privileges to SYSTEM level.🔻 According to Microsoft, the vulnerability was exploited in attacks against organizations in the U.S., Venezuela, Spain, and Saudi […]

Phishing Attack Uses Blob URIs to Show Fake Login Pages in Your Browser

Cofense Intelligence reveals a novel phishing technique using blob URIs to create local fake login pages, bypassing email…

Legacy Login in Microsoft Entra ID Exploited to Breach Cloud Accounts

A flaw in Microsoft Entra ID’s legacy login allowed attackers to bypass MFA, targeting admin accounts across finance,…

Congratulations to the Top MSRC 2025 Q1 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q1 Security Researcher Leaderboard are 0x140ce, VictorV, Vaisha Bernard of Eye Security! Check out the full list of researchers recognized this quarter here.

CVE-2025-4372: Chromium: CVE-2025-4372 Use after free in WebAudio

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

About Spoofing – Windows NTLM (CVE-2025-24054) vulnerability

About Spoofing – Windows NTLM (CVE-2025-24054) vulnerability. It was patched in the March Microsoft Patch Tuesday. VM vendors didn’t mention this vulnerability in their reviews; it was only known to be exploited via user interaction with a malicious file. A month later, on April 16, Check Point published a blog post with technical details, revealing […]

CVE-2025-47732: Microsoft Dataverse Remote Code Execution Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.