Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Legacy App Migration: Transforming Outdated Systems

Businesses are perpetually under pressure to innovate in a fast-paced digital era. But legacy applications, written with outdated…

HackRead
Open in Source
#web#ios#mac#microsoft#git#intel
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (

Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption

Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. "We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program

Unpatched Active Directory Flaw Can Crash Any Microsoft Server

Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. 😉🎁 📹 Video on YouTube, LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:29 Spoofing – Windows […]

'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML

FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits

Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools.

Cybersecurity Lags in Middle East Business Development

The fast growing region has its own unique cyber issues — and it needs its own talent to fight them.

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators