PT-2026-33362

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 through 12.0 Description An incorrect authorization issue exists where the system fails to correctly check permissions assigned to developer credentials. This flaw allows low-privilege users to generate...

New Microsoft Secure Future Initiative (SFI) patterns and practices: Practical guides to strengthen security

Building on the momentum of our initial launch of the Microsoft Secure Future Initiative SFI patterns and practices, this second installment continues our commitment to making security implementation practical and scalable. The first release introduced a foundational library of actionable guidanc...

EUVD-2019-7296

Malware in sbrugna...

EUVD-2013-2195

Malware in sbrugna...

CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

The future of AI agents—and why OAuth must evolve

I believe we're at the beginning of something extraordinary. Today's AI agents are already impressive—they're helping software engineers write code, assisting site reliability teams in troubleshooting systems, and handling a variety of analytical tasks. Yet, as capable as these specialized agents...

Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic)

Commvault is monitoring cyber threat activity targeting their applications hosted in their Microsoft Azure cloud environment. Threat actors may have accessed client secrets for Commvault’s Metallic Microsoft 365 M365 backup software-as-a-service SaaS solution, hosted in Azure. This provided the...

CVE-2019-16767

The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance container is launched with advanced capabilities not launched as root...

US Department of Labor’s journey to Zero Trust security with Microsoft Entra ID

For several years, Microsoft has been helping United States federal and state government groups, including military departments and civilian agencies, transition to a Zero Trust security model. Advanced features in Microsoft Entra ID have helped these organizations meet requirements to employ...

DEBIAN-CVE-2024-50289

In the Linux kernel, the following vulnerability has been resolved: media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110ca.c:270 dvbcaioctl warn: potential spectre issue 'av7110-cislot' w local cap There is a spectre-related vulnerability at the code...

BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365

TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum...

Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

CISA has received multiple reports of a large-scale spearphishing campaign targeting organizations in several sectors, including government and information technology IT. The foreign threat actor, often posing as a trusted entity, is sending spearphishing emails containing malicious remote deskto...

The four stages of creating a trust fabric with identity and network security

How implementing a trust fabric strengthens identity and network Read the blog At Microsoft, we’re continually evolving our solutions for protecting identities and access to meet the ever-changing security demands our customers face. In a recent post, we introduced the concept of the trust fabric...

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...

Bypassing MFA on Microsoft Azure Entra ID

TL;DR Even though MFA is effective it is one security control amongst many Even if MFA is in use, check its configuration Consider unexpected patterns of use, such as people logging in from Linux or macOS Make sure you log and can react to out-of-band behaviour Introduction On a recent Red Team...

December 12, 2023—KB5033369 (OS Build 22000.2652)

December 12, 2023—KB5033369 OS Build 22000.2652 9/26/23 IMPORTANT As of September 26, 2023, there are no more optional, non-security preview releases for Windows 11, version 21H2. Only cumulative monthly security updates will continue for the supported versions of Windows 11, version 21H2...

Microsoft Incident Response lessons on preventing cloud identity compromise

Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access t...

Microsoft Incident Response lessons on preventing cloud identity compromise

Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access t...

kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c

A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB CA EN50221 interface of the DVB core device driver. It could occur in the dvbcaen50221release function if there is a disconnect after an open, because of the lack of a waitevent. A loc...

Introducing Advanced Device Control: Shielding businesses from USB threats

With experts noting a troubling threefold surge in USB drive malware incidents in early 2023, Device Control has just leveled up with a key addition: the Advanced Auto Scanning & Block Until Scan feature. Heres the breakdown: When a USB device is connected, ThreatDown now doesnt just control...