Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

1.2 Million Healthcare Devices and Systems Found Exposed Online – Patient Records at Risk of Exposure, Latest Research from Modat

The Hague, Netherlands, 7th August 2025, CyberNewsWire

HackRead
Open in Source
#vulnerability#git#intel#perl#auth
CVE-2025-53787: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-53774: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-53792: Azure Portal Elevation of Privilege Vulnerability

Improper authorization in Azure Windows Virtual Machine Agent allows an unauthorized attacker to elevate privileges over a network.

CVE-2025-53767: Azure OpenAI Elevation of Privilege Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

Security researchers found a weakness in OpenAI’s Connectors, which let you hook up ChatGPT to other services, that allowed them to extract data from a Google Drive without any user interaction.

About Elevation of Privilege – Windows Update Service (CVE-2025-48799) vulnerability

About Elevation of Privilege – Windows Update Service (CVE-2025-48799) vulnerability. This vulnerability is from the July Microsoft Patch Tuesday. Improper link resolution before file access (‘link following’) in the Windows Update Service allows an authorized attacker to elevate privileges to “NT AUTHORITY\SYSTEM”. 🛠 An exploit for this vulnerability was published by researcher Filip Dragović (Wh04m1001) […]

Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults

Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.

GHSA-vh9x-phq6-fx54: Duplicate Advisory: Denial of service via malicious preflight requests in github.com/rs/cors

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh55-gqvf-xfwm. This link is maintained to preserve external references. ### Original Description Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.

'ReVault' Security Flaws Impact Millions of Dell Laptops

The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.