Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has unveiled a new multi-model artificial intelligence AI-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for m ulti-mod el a gentic s canning h...

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the assets/preview-file. An attacker can access unauthorized preview metadata by sending crafted requests with a controlled assetId parameter, allowing retrieval of...

GHSA-44PX-QJJC-XRHQ Craft CMS: Authorized asset "preview file" requests bypass allows users without asset access to retrieve private preview metadata

Summary An authenticated low-privileged user can call assets/preview-file for an asset they are not authorized to view and still receive preview response data previewHtml for that private asset. The returned preview HTML included a private preview image route containing the target private assetId...

CVE-2025-6981

An incorrect authorization vulnerability allowed unauthorized read access to the contents of internal repositories for contractor accounts when the Contractors API feature was enabled. The Contractors API is a rarely-enabled feature in private preview. This vulnerability affected all versions of...

Start from zero and scale to zero – Azure Spring Apps consumption plan

We are launching a new way to pay for Azure Spring Apps -- the consumption pricing plan. This plan is now in public preview so you can start creating and deploying apps today. This new plan is super-efficient because you can start from zero and scale to zero vCPU. You get more straightforward...