RSS Sans News Feed

RSS Microsoft Security Feed

  • Why XSS still matters: MSRC’s perspective on a 25-year-old threat  September 4, 2025
    Cross-Site Scripting (XSS) has been a known vulnerability class for two decades, yet it continues to surface in modern applications, including those built with the latest frameworks and cloud-native architectures. At Microsoft, we still receive a steady stream of XSS reports across our services, from legacy portals to newly deployed single-page apps.
  • BlueHat Asia 2025: Closing soon: Submit your papers by September 14, 2025 August 27, 2025
    The next chapter of the Microsoft Security Response Center’s (MSRC) BlueHat security conference is fast approaching. BlueHat Asia 2025 will take place in Bengaluru, India, on November 5 – 6, 2025 and the Call for Papers is now open. Submissions will be accepted through September 14, 2025. Now in its third decade, BlueHat is more than […]
  • postMessaged and Compromised August 25, 2025
    At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the risks of misconfigured postMessage handlers across Microsoft services and how MSRC […]
  • Microsoft Bounty Program year in review: $17 million in rewards August 5, 2025
    We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center (MSRC), these security researchers have helped identify and resolve more than a thousand potential vulnerabilities, strengthening […]
  • Zero Day Quest: Join the largest hacking event with up to $5 million in total bounty awards August 4, 2025
    Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potential bounty awards: up to $5 […]
  • .NET Bounty Program now offers up to $40,000 in awards  July 31, 2025
    We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).
  • How Microsoft defends against indirect prompt injection attacks July 29, 2025
    Summary The growing adoption of large language models (LLMs) in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models (LLMs) to process untrusted data. Fundamentally, the risk is that an attacker could provide specially crafted data that the […]
  • Customer guidance for SharePoint vulnerability CVE-2025-53770 July 19, 2025
    Revision Change Date 1.0 Information published 07/19/25 2.0 Clarified affected SharePoint product in summary 07/20/25 Added fix availability guidance Provided additional protections guidance regarding: Upgrade SharePoint products to supported versions (if required) Install July 2025 Security Updates Rotate machine keys Updated Microsoft Defender detections and protections section: Documented additional MDE alerts Mapping exposure via Microsoft […]
  • Congratulations to the MSRC 2025 Most Valuable Security Researchers! July 15, 2025
    The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.
  • Congratulations to the top MSRC 2025 Q2 security researchers! July 7, 2025
    Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad Schlintz (nmdhkr), and 0x140ce! Check out the full list of researchers recognized this […]