Sans News Feed
- It's 2025... so why are obviously malicious advertising URLs still going strong?, (Mon, Apr 21st) April 21, 2025While the old adage stating that âthe human factor is the weakest link in the cyber security chainâ will undoubtedly stay relevant in the near (and possibly far) future, the truth is that the tech industry could â and should â help alleviate the problem significantly more than it does today.
- ISC Stormcast For Monday, April 21st, 2025 https://isc.sans.edu/podcastdetail/9416, (Mon, Apr 21st) April 21, 2025
- Wireshark 4.4.6 Released, (Sun, Apr 20th) April 20, 2025Wireshark release 4.4.6 fixes 14 bugs.
- ISC Stormcast For Friday, April 18th, 2025 https://isc.sans.edu/podcastdetail/9414, (Fri, Apr 18th) April 18, 2025
- ISC Stormcast For Thursday, April 17th, 2025 https://isc.sans.edu/podcastdetail/9412, (Thu, Apr 17th) April 17, 2025
- RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th) April 17, 2025[This is a Guest Diary by Jacob Claycamp, an ISC intern as part of the SANS.edu BACS program]
- Apple Patches Exploited Vulnerability, (Wed, Apr 16th) April 16, 2025
- ISC Stormcast For Wednesday, April 16th, 2025 https://isc.sans.edu/podcastdetail/9410, (Wed, Apr 16th) April 16, 2025
- Online Services Again Abused to Exfiltrate Data, (Tue, Apr 15th) April 15, 2025If Attackers can abuse free online services, they will do for sure! Why spend time to deploy a C2 infrastructure if you have plenty of ways to use "official" services. Not only, they don't cost any money but the traffic can be hidden in the normal traffic; making them more difficult to detect. A very […]
- ISC Stormcast For Tuesday, April 15th, 2025 https://isc.sans.edu/podcastdetail/9408, (Tue, Apr 15th) April 15, 2025
Microsoft Security Feed
- Zero Day Quest 2025: $1.6 million awarded for vulnerability research April 21, 2025This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact security scenarios for Copilot and Cloud with up to $4 million in potential […]
- Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject) March 14, 2025We are excited to announce the winners of LLMail-Inject, our first Adaptive Prompt Injection Challenge! The challenge ran from December 2024 until February 2025 and was featured as one of the four official competitions of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning (IEEE SaTML). The overall aims of this challenge were to […]
- Jailbreaking is (mostly) simpler than you think March 13, 2025Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack (CCA), that has proven effective against most leading AI systems. We are disseminating this research to […]
- Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation February 7, 2025At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot (AI) Bounty Program. These changes are designed to enhance the program’s effectiveness, incentivize broader participation, and ensure that our Copilot consumer products remain […]
- Scaling Dynamic Application Security Testing (DAST) January 21, 2025Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development Lifecycle is security testing, which aims to discover and mitigate security vulnerabilities before adversaries can […]
- Congratulations to the Top MSRC 2024 Q4 Security Researchers! January 15, 2025Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboard are Suresh, VictorV, wkai! Check out the full list of researchers recognized this quarter here.
- Mitigating NTLM Relay Attacks by Default December 9, 2024Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat […]
- Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject) December 6, 2024We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, participants assume the role of an attacker who sends an email to a user. The user then queries the LLMail service with a question (e.
- Securing AI and Cloud with the Zero Day Quest November 19, 2024Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and mitigate potential issues before our customers […]
- Toward greater transparency: Publishing machine-readable CSAF files November 12, 2024Welcome to the third installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.
Cyber Security Alerts
- CISA Statement on CVE Program April 16, 2025 CISA
- CISA and Partners Issue Fast Flux Cybersecurity Advisory April 3, 2025 CISA
- CISA Probationary Reinstatements March 18, 2025 CISA
- Statement on CISA's Red Team March 12, 2025 CISA
- CISA Calls For Action to Close the Software Understanding Gap January 16, 2025 CISA
- CISA Publishes Microsoft Expanded Cloud Log Implementation Playbook January 15, 2025 CISA
- CISA, JCDC, Government and Industry Partners Publish AI Cybersecurity Collaboration Playbook January 14, 2025 CISA
- CISA Releases New Sector Specific Goals for IT and Product Design January 7, 2025 CISA
- CISA Update on Treasury Breach January 6, 2025 CISA
- CISA and ONCD Publish Guide to Strengthen Cybersecurity of Grant-Funded Infrastructure Projects December 17, 2024 CISA