Microsoft Security Response Center
- Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject)
- Jailbreaking is (mostly) simpler than you think
- Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
- Scaling Dynamic Application Security Testing (DAST)
- Congratulations to the Top MSRC 2024 Q4 Security Researchers!
- Mitigating NTLM Relay Attacks by Default
- Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject)
- Securing AI and Cloud with the Zero Day Quest
- Toward greater transparency: Publishing machine-readable CSAF files
- Congratulations to the Top MSRC 2024 Q3 Security Researchers!
- Announcing the BlueHat 2024 Sessions
- Announcing BlueHat 2024: Call for Papers now open
- Congratulations to the MSRC 2024 Most Valuable Security Researchers!
- Microsoft Bounty Program Year in Review: $16.6M in Rewards
- Introducing the MSRC Researcher Resource Center
- Congratulations to the Top MSRC 2024 Q2 Security Researchers!
- Announcing the CVRF API 3.0 upgrade
- What’s new in the MSRC Report Abuse Portal and API
- Toward greater transparency: Unveiling Cloud Service CVEs
- Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning
Security Research & Defense on Microsoft Security Response Center
- Congratulations to the Top MSRC 2024 Q4 Security Researchers!
- Congratulations to the Top MSRC 2024 Q3 Security Researchers!
- Congratulations to the MSRC 2024 Most Valuable Security Researchers!
- Microsoft Bounty Program Year in Review: $16.6M in Rewards
- Congratulations to the Top MSRC 2024 Q2 Security Researchers!
- Azure Serial Console Attack and Defense - Part 2
- Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token
- Azure Serial Console Attack and Defense - Part 1
- Hey Yara, find some vulnerabilities
- Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
Bulletins
- Vulnerability Summary for the Week of March 24, 2025 March 31, 2025
- Vulnerability Summary for the Week of March 17, 2025 March 24, 2025
- Vulnerability Summary for the Week of March 10, 2025 March 17, 2025
- Vulnerability Summary for the Week of March 3, 2025 March 10, 2025
- Vulnerability Summary for the Week of February 24, 2025 March 3, 2025
- Vulnerability Summary for the Week of February 17, 2025 February 24, 2025
- Vulnerability Summary for the Week of February 10, 2025 February 18, 2025
- Vulnerability Summary for the Week of February 3, 2025 February 10, 2025
- Vulnerability Summary for the Week of January 27, 2025 February 3, 2025
- Vulnerability Summary for the Week of January 20, 2025 January 27, 2025
SANS Internet Storm Center, InfoCON: green
- ISC Stormcast For Tuesday, April 1st, 2025 https://isc.sans.edu/podcastdetail/9388, (Tue, Apr 1st) April 1, 2025
- Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st) March 31, 2025
- Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891), (Mon, Mar 31st) March 31, 2025
- ISC Stormcast For Monday, March 31st, 2025 https://isc.sans.edu/podcastdetail/9386, (Mon, Mar 31st) March 31, 2025
- A Tale of Two Phishing Sites, (Fri, Mar 28th) March 28, 2025
- ISC Stormcast For Friday, March 28th, 2025 https://isc.sans.edu/podcastdetail/9384, (Fri, Mar 28th) March 28, 2025
- Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218, (Thu, Mar 27th) March 27, 2025
- ISC Stormcast For Thursday, March 27th, 2025 https://isc.sans.edu/podcastdetail/9382, (Thu, Mar 27th) March 27, 2025
- ISC Stormcast For Wednesday, March 26th, 2025 https://isc.sans.edu/podcastdetail/9380, (Wed, Mar 26th) March 26, 2025
- [Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest, (Wed, Mar 26th) March 26, 2025
Threatpost
- Student Loan Breach Exposes 2.5M Records August 31, 2022
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022
- Ransomware Attacks are on the Rise August 26, 2022
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022
- Twitter Whistleblower Complaint: The TL;DR Version August 24, 2022
- Firewall Bug Under Active Attack Triggers CISA Warning August 23, 2022
- Fake Reservation Links Prey on Weary Travelers August 22, 2022
- iPhone Users Urged to Update to Patch 2 Zero-Days August 19, 2022
- Google Patches Chrome’s Fifth Zero-Day of the Year August 18, 2022
Sophos News
- Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream April 1, 2025
- Stealing user credentials with evilginx March 28, 2025
- Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Spring 2025 Reports March 27, 2025
- PJobRAT makes a comeback, takes another crack at chat apps March 27, 2025
- The future of MFA is clear – but is it here yet? March 20, 2025
- The sixth sense for cyber defense: Multimodal AI March 19, 2025
- Little fires everywhere for March Patch Tuesday March 12, 2025
- Sophos Recognized as Top Employer in British Columbia, Canada March 11, 2025
- Fostering Gender Equality: Sophos Celebrates International Women’s Day with Global Initiatives March 10, 2025
- Expanded management regions for Sophos DNS Protection March 6, 2025
darkreading
- Google Brings End-to-End Encryption to Gmail April 1, 2025
- Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks April 1, 2025
- As CISA Downsizes, Where Can Enterprises Get Support? April 1, 2025
- Japan Bolsters Cybersecurity Safeguards With Cyber Defense Bill April 1, 2025
- Check Point Disputes Hacker's Breach Claims April 1, 2025
- Google 'ImageRunner' Bug Enabled Privilege Escalation April 1, 2025
- FDA's Critical Role in Keeping Medical Devices Secure April 1, 2025
- Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks April 1, 2025
- Oracle Cloud Users Urged to Take Action March 31, 2025
- CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks March 31, 2025