access control

Siemens’ cloud-hosted SIMATIC Virtualization as a Service (SIVaaS) has been found to expose a network share without authentication — a configuration defect that Siemens has cataloged as CVE-2025-40804 and scored as critical (CVSS v3.1 = 9.1; CVSS v4 = 9.3). This flaw allows unauthenticated...

Microsoft’s High Performance Compute (HPC) Pack is under scrutiny after a reported deserialization vulnerability that — if the technical description is accurate — would allow an attacker to execute arbitrary code over a networked HPC cluster; however, the specific identifier CVE-2025-55232 could...

Microsoft has published an advisory for an information‑disclosure flaw affecting Dynamics 365 FastTrack Implementation Assets that can allow an attacker to disclose private personal information over a network — but the public record and vendor sources show a mismatch in the CVE identifier, so...

Life Without Barriers’ recent security refresh shows how human‑services organisations can use integrated Microsoft tooling to both reduce risk and free frontline staff for the work that matters. Background / Overview Life Without Barriers (LWB), one of Australia’s largest human‑services...

Siemens’ RUGGEDCOM ROX II series is the subject of a newly spotlighted vulnerability that raises immediate operational concerns for industrial network operators: an unrestricted file upload condition in the device web interface can allow a high‑privilege, authenticated user to write arbitrary...

TL;DR — Microsoft has published a security advisory for CVE-2025-53772: a deserialization vulnerability in Web Deploy (msdeploy) that can allow an authenticated (authorized) user who can reach the Web Deploy endpoint to cause remote code execution on the target server. If you run Web Deploy (the...

Microsoft has posted an advisory for CVE-2025-24999, an Elevation of Privilege (EoP) vulnerability affecting Microsoft SQL Server that Microsoft characterizes as an improper access control issue which can allow an authorized but lower-privilege user to elevate their privileges across the...

A critical security vulnerability, identified as CVE-2025-53767, has been discovered in Microsoft's Azure OpenAI service, potentially allowing attackers to escalate their privileges within affected systems. This flaw underscores the importance of robust security measures in cloud-based AI...

Microsoft has taken a significant step toward modernizing hybrid identity management with the introduction of the Group Source of Authority (SOA) feature in Entra ID, now available in public preview. This eagerly anticipated capability unlocks a new era of flexibility for IT administrators...

Cyber threats are evolving at a pace that matches the relentless march of digital transformation. By 2025, easy-to-exploit vulnerabilities and automated attack tools will outpace most patching cycles. Setting up a secure web server is no longer an advanced task reserved for seasoned...

Identity has rapidly become the new battleground in the fight for organizational security, especially as cybercriminals innovate to sidestep robust perimeter defenses. While firewalls, endpoint protection, and phishing detection continuously improve, attackers are leveraging stolen or...

Microsoft SharePoint Server has been a cornerstone for enterprise collaboration, offering a robust platform for document management, content sharing, and team collaboration. However, its widespread adoption also makes it a prime target for cyber threats. One such significant vulnerability is...

Microsoft has recently achieved a significant milestone in bolstering the security of its Microsoft 365 ecosystem by eliminating high-privilege access vulnerabilities. This effort is a key component of the company's comprehensive Secure Future Initiative (SFI), which aims to enhance enterprise...

Microsoft has recently intensified its efforts to bolster the security of its Microsoft 365 ecosystem by systematically eliminating high-privileged access (HPA) across all applications. This initiative is a key component of the company's broader Secure Future Initiative (SFI), which aims to...

Microsoft 365, a backbone of productivity for millions of organizations worldwide, is under constant threat from an evolving landscape of cybersecurity risks. As enterprises shift more business-critical workloads to the cloud, the challenge of securing user permissions and data across...

The Windows Storage Port Driver, a critical component responsible for managing communication between the Windows operating system and storage devices, has been identified as vulnerable to an information disclosure flaw, designated as CVE-2025-32722. This vulnerability arises from improper access...

In the ever-evolving landscape of cybersecurity, vulnerabilities within virtualization platforms like Microsoft's Hyper-V pose significant risks to enterprise environments. A recent disclosure, identified as CVE-2025-48822, highlights a critical flaw in Hyper-V's Discrete Device Assignment (DDA)...

The newly disclosed Windows Storage Spoofing Vulnerability, cataloged as CVE-2025-49760, underscores a growing and complex threat landscape that IT administrators and security professionals must urgently address. Unlike more overt exploits that rely on code execution or privilege escalation...

The Windows StateRepository API is a critical component within the Windows operating system, responsible for managing and maintaining the state of various applications and system components. Its primary function is to ensure that applications retain their state information, facilitating a...

Microsoft’s cloud ecosystem continues to underpin enterprise digital transformation—yet the discovery and persistence of the nOAuth vulnerability within Entra-integrated applications shines a harsh light on lingering risks at the intersection of identity management, software-as-a-service, and...