Microsoft Security Response Center
- Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject)
- Jailbreaking is (mostly) simpler than you think
- Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
- Scaling Dynamic Application Security Testing (DAST)
- Congratulations to the Top MSRC 2024 Q4 Security Researchers!
- Mitigating NTLM Relay Attacks by Default
- Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject)
- Securing AI and Cloud with the Zero Day Quest
- Toward greater transparency: Publishing machine-readable CSAF files
- Congratulations to the Top MSRC 2024 Q3 Security Researchers!
- Announcing the BlueHat 2024 Sessions
- Announcing BlueHat 2024: Call for Papers now open
- Congratulations to the MSRC 2024 Most Valuable Security Researchers!
- Microsoft Bounty Program Year in Review: $16.6M in Rewards
- Introducing the MSRC Researcher Resource Center
- Congratulations to the Top MSRC 2024 Q2 Security Researchers!
- Announcing the CVRF API 3.0 upgrade
- What’s new in the MSRC Report Abuse Portal and API
- Toward greater transparency: Unveiling Cloud Service CVEs
- Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning
Security Research & Defense on Microsoft Security Response Center
- Congratulations to the Top MSRC 2024 Q4 Security Researchers!
- Congratulations to the Top MSRC 2024 Q3 Security Researchers!
- Congratulations to the MSRC 2024 Most Valuable Security Researchers!
- Microsoft Bounty Program Year in Review: $16.6M in Rewards
- Congratulations to the Top MSRC 2024 Q2 Security Researchers!
- Azure Serial Console Attack and Defense - Part 2
- Microsoft mitigated exposure of internal information in a storage account due to overly-permissive SAS token
- Azure Serial Console Attack and Defense - Part 1
- Hey Yara, find some vulnerabilities
- Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access
Bulletins
- Vulnerability Summary for the Week of March 24, 2025 March 31, 2025
- Vulnerability Summary for the Week of March 17, 2025 March 24, 2025
- Vulnerability Summary for the Week of March 10, 2025 March 17, 2025
- Vulnerability Summary for the Week of March 3, 2025 March 10, 2025
- Vulnerability Summary for the Week of February 24, 2025 March 3, 2025
- Vulnerability Summary for the Week of February 17, 2025 February 24, 2025
- Vulnerability Summary for the Week of February 10, 2025 February 18, 2025
- Vulnerability Summary for the Week of February 3, 2025 February 10, 2025
- Vulnerability Summary for the Week of January 27, 2025 February 3, 2025
- Vulnerability Summary for the Week of January 20, 2025 January 27, 2025
SANS Internet Storm Center, InfoCON: green
- ISC Stormcast For Friday, April 4th, 2025 https://isc.sans.edu/podcastdetail/9394, (Fri, Apr 4th) April 4, 2025
- ISC Stormcast For Thursday, April 3rd, 2025 https://isc.sans.edu/podcastdetail/9392, (Thu, Apr 3rd) April 3, 2025
- Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary], (Wed, Apr 2nd) April 3, 2025
- Surge in Scans for Juniper "t128" Default User, (Wed, Apr 2nd) April 2, 2025
- ISC Stormcast For Wednesday, April 2nd, 2025 https://isc.sans.edu/podcastdetail/9390, (Wed, Apr 2nd) April 2, 2025
- ISC Stormcast For Tuesday, April 1st, 2025 https://isc.sans.edu/podcastdetail/9388, (Tue, Apr 1st) April 1, 2025
- Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st) March 31, 2025
- Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891), (Mon, Mar 31st) March 31, 2025
- ISC Stormcast For Monday, March 31st, 2025 https://isc.sans.edu/podcastdetail/9386, (Mon, Mar 31st) March 31, 2025
- A Tale of Two Phishing Sites, (Fri, Mar 28th) March 28, 2025
Threatpost
- Student Loan Breach Exposes 2.5M Records August 31, 2022
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022
- Ransomware Attacks are on the Rise August 26, 2022
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022
- Twitter Whistleblower Complaint: The TL;DR Version August 24, 2022
- Firewall Bug Under Active Attack Triggers CISA Warning August 23, 2022
- Fake Reservation Links Prey on Weary Travelers August 22, 2022
- iPhone Users Urged to Update to Patch 2 Zero-Days August 19, 2022
- Google Patches Chrome’s Fifth Zero-Day of the Year August 18, 2022
Sophos News
- It takes two: The 2025 Sophos Active Adversary Report April 2, 2025
- Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream April 1, 2025
- Stealing user credentials with evilginx March 28, 2025
- Sophos ranked #1 overall for Firewall, MDR, and EDR in the G2 Spring 2025 Reports March 27, 2025
- PJobRAT makes a comeback, takes another crack at chat apps March 27, 2025
- The future of MFA is clear – but is it here yet? March 20, 2025
- The sixth sense for cyber defense: Multimodal AI March 19, 2025
- Little fires everywhere for March Patch Tuesday March 12, 2025
- Sophos Recognized as Top Employer in British Columbia, Canada March 11, 2025
- Fostering Gender Equality: Sophos Celebrates International Women’s Day with Global Initiatives March 10, 2025
darkreading
- China-Linked Threat Group Exploits Ivanti Bug April 3, 2025
- Disclosure Drama Clouds CrushFTP Vulnerability Exploitation April 3, 2025
- Counterfeit Phones Carrying Hidden Revamped Triada Malware April 3, 2025
- Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups April 3, 2025
- Social Engineering Just Got Smarter April 3, 2025
- Emerging Risks Require IT/OT Collaboration to Secure Physical Systems April 3, 2025
- Google Quick Share Bug Bypasses Allow Zero-Click File Transfer April 3, 2025
- Israel Enters 'Stage 3' of Cyber Wars With Iran Proxies April 3, 2025
- DPRK 'IT Workers' Pivot to Europe for Employment Scams April 2, 2025
- SolarWinds Adds Incident Management Tool From Squadcast April 2, 2025