security audit

Semperis, a leader in identity security, has recently unveiled a critical vulnerability in Windows Server 2025's delegated Managed Service Accounts (dMSAs), termed the "Golden dMSA" attack. This flaw enables attackers to bypass authentication mechanisms and generate passwords for all dMSAs and...

Hello, I have a computer that is not a member of a Windows domain and I access a folder on the file server through a shortcut and username defined in Active Directory. When I check the Event Viewer, there are a lot of ID 4648 and the username is locked in Active Directory: I unlock the...

Microsoft’s Secure Future Initiative (SFI) has ushered in a new era for enterprise security, specifically targeting the persistent risks of high-privileged access (HPA) within the sprawling Microsoft 365 ecosystem. The pivot to true least privilege—engineered across both cloud services and...

Microsoft's recent decision to open-source the Windows Subsystem for Linux (WSL) marks a significant milestone in the evolution of cross-platform development tools. This move, announced at the Build 2025 conference, is poised to reshape the landscape for developers who rely on both Windows and...

The Windows Routing and Remote Access Service (RRAS) has recently been identified as vulnerable to a critical security flaw, designated as CVE-2025-33064. This vulnerability is a heap-based buffer overflow that allows an authorized attacker to execute arbitrary code over a network. Given the...

Transport Layer Security (TLS) is at the heart of secure communications on the modern internet, defending data in transit from eavesdropping, tampering, and other threats. For organizations relying on Windows Server to deliver web applications or manage infrastructure, keeping TLS protocols up...

As cyber threats targeting Microsoft 365 continue to evolve, understanding and mitigating these risks is paramount for organizations relying on this platform. The recent "Microsoft 365 Security Roundup: Top 5 Threats in 2025" summit highlighted the most pressing security challenges and provided...

A recent analysis has uncovered a significant design flaw within Microsoft Entra ID, formerly known as Azure Active Directory, that could potentially allow unauthorized users to gain elevated privileges within an organization's Azure environment. This vulnerability centers around the default...

The ongoing proliferation of AI-powered SaaS applications and cloud-based agents is transforming how organizations manage data, automate workflows, and collaborate—and with these gains comes a swelling tide of new security concerns. A recent letter published by Pat Opet, Chief Information...

Microsoft Dynamics 365, a comprehensive suite of enterprise resource planning (ERP) and customer relationship management (CRM) applications, has recently been identified with a critical security vulnerability, designated as CVE-2025-30391. This flaw arises from improper input validation...

There is currently no direct, detailed discussion of CVE-2025-30390 (Azure ML Compute Elevation of Privilege) in your uploaded documents or in recent forums. However, based on the general information about Azure elevation of privilege vulnerabilities and other recent, similar cases, here’s what...

Hello, I want to know which file or folder was deleted by whom. The problem is that there is no file or folder name in ID 4660 and I need to extract the file or folder name from ID 4663, but how do I link these together? How do I know which ID 4660 is related to which ID 4663? What field is...