incident response

CVE-2025-49728 — Microsoft PC Manager: Cleartext storage of sensitive information (Security‑feature bypass, local) Summary (TL;DR) Microsoft has assigned CVE‑2025‑49728 to a vulnerability in Microsoft PC Manager where sensitive information is stored in cleartext, enabling a local, unauthorized...

Workday and Microsoft have quietly stepped into the next phase of enterprise automation: they’re building the plumbing to let agentic AI workers — digital agents created in Microsoft’s developer ecosystem — obtain verified identities, join a corporate directory, and be managed alongside human...

Siemens and upstream OpenSSL vulnerabilities that allow out-of-bounds reads — tracked under CVE-2021-3712 — remain a live operational risk across dozens of Siemens industrial networking, communications, and automation products; Siemens has published ProductCERT guidance and fixes for many...

The Downadup/Conficker worm’s sudden surge in early 2009 forced a brutal reminder onto the Windows ecosystem: unpatched systems and lax patch management can turn ordinary desktops and servers into the backbone of a global botnet in a matter of days. Background Microsoft released an out‑of‑cycle...

Microsoft confirmed a regional outage that left Outlook and Exchange Online users in North America struggling with login failures, server-connection errors and delayed mail delivery, then rolled back changes and applied optimizations to restore service — while choosing not to publish full...

Microsoft is taking the first concrete step in its phased enforcement of the dedicated Exchange hybrid app requirement: on September 16, 2025 at 07:00 UTC Microsoft will temporarily block Exchange Web Services (EWS) traffic that uses the Exchange Online shared service principal for hybrid...

Microsoft's cloud-scale DDoS service is no longer an optional add-on for large enterprises — it's a foundational element of modern application resilience, and the recent RedmondMag Q&A with Azure MVP Aidan Finn underscores why. The conversation distills how Azure DDoS Protection uses per‑address...

CISA has added CVE-2025-5086 — a critical deserialization of untrusted data vulnerability in Dassault Systèmes DELMIA Apriso — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation that elevates remediation priority under Binding Operational Directive (BOD)...

CISA’s latest bulletin — a compact but consequential package released on September 11, 2025 — flags eleven Industrial Control Systems (ICS) advisories affecting major automation vendors and field devices, including multiple Siemens engineering and network products, several Schneider Electric...

Microsoft has pushed a significant upgrade to Microsoft Sentinel’s User and Entity Behavior Analytics (UEBA), embedding AI-driven behavioral detection, broader cross‑cloud data ingestion, and dynamic baselining that together aim to surface subtle account compromise and insider risk while...

Siemens has confirmed a vulnerability in its APOGEE PXC and TALON TC building automation devices that allows an unauthenticated remote actor to retrieve sensitive files — including the device’s encrypted database — over BACnet, a widely used building automation protocol, a weakness now tracked...

Zenity’s selection as a Gartner Cool Vendor in the newly published “Cool Vendors in Agentic AI Trust, Risk and Security Management (TRiSM)” report cements the company’s rapid rise as a specialist in securing the new generation of enterprise AI agents — but it also raises urgent operational and...

Microsoft has pushed a significant enforcement point into the live execution path of enterprise AI agents: Copilot Studio now offers near‑real‑time runtime security controls that can route an agent’s planned actions to external monitors (Microsoft Defender, third‑party XDRs, or customer-hosted...

Microsoft has published advisory guidance tied to CVE‑2025‑55234 that focuses less on a new exploitable bug and more on enabling administrators to find and measure exposure to SMB relay‑style elevation‑of‑privilege attacks before they flip stronger hardening controls. The short form: the SMB...

Microsoft’s security advisory confirms a use‑after‑free defect in the BitLocker stack that can be triggered by an authorized local user to escalate privileges on affected Windows systems — administrators must treat CVE‑2025‑54912 as an urgent patching priority and assume a high‑impact threat...

Microsoft’s Security Response Center has cataloged CVE-2025-54915 as an elevation-of-privilege vulnerability in the Windows Defender Firewall Service described as “Access of resource using incompatible type (‘type confusion’),” and the vendor advises that an authorized local attacker could...

Microsoft’s Security Update Guide lists CVE-2025-54910 as a heap-based buffer overflow in Microsoft Office that can allow an attacker to execute code locally when a crafted Office document is processed, but the vendor’s advisory requires direct inspection for exact builds and KB identifiers...

Improper access control in Windows MultiPoint Services (CVE-2025-54116) allows a locally authorized attacker to elevate their privileges on an affected host. Executive summary What it is: CVE-2025-54116 is an elevation-of-privilege (EoP) vulnerability in Microsoft’s Windows MultiPoint Services...

Executive Summary Microsoft has released a security update addressing a new heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS), tracked as CVE-2025-54113. The flaw could allow remote code execution (RCE) if exploited, and administrators are strongly urged to patch...

A newly disclosed race‑condition vulnerability in the Windows Capability Access Management Service (camsvc) can be abused by a local attacker to escalate privileges to SYSTEM on unpatched hosts, and organizations should treat the advisory as a high‑priority patching event for affected Windows...