Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2024-6292: CVE-2024-6292

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Microsoft Security Response Center
Open in Source
#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2024-6291: CVE-2024-6291

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

CVE-2024-6290: CVE-2024-6290

Microsoft Edge Channel Microsoft Edge Version Date Released Based on Chromium Version Stable 126.0.2592.81 6/27/2024 126.0.6478.127

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary

Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian

CVE-2024-35260: Microsoft Dataverse Remote Code Execution Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. This purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

Toward greater transparency: Unveiling Cloud Service CVEs

Welcome to the second installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.

Dangerous AI Workaround: 'Skeleton Key' Unlocks Malicious Content

Microsoft, OpenAI, Google, Meta genAI models could be convinced to ditch their guardrails, opening the door to chatbots giving unfettered answers on building bombs, creating malware, and much more.

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware

Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting government and critical infrastructure sectors across the world between 2021 and 2023. While one cluster of activity has been associated with the ChamelGang (aka CamoFei), the second cluster overlaps with activity previously attributed to Chinese and North Korean