security research

Today’s paper from cryptographers at ETH Zurich and the Università della Svizzera italiana shatters a comforting shortcut many of us keep telling friends and colleagues: the marketing line that your cloud password manager has “zero knowledge” of your vault is not an absolute guarantee once you...

Microsoft’s recent changes have finally untangled one of Windows 11’s most persistent irritations: setting a third‑party browser as the operating system’s default is now far less painful than it was at launch, and regulatory pressure in Europe has pushed the company even further toward...

Security researchers have uncovered a startling privacy breach in plain sight: several widely used Google Chrome and Microsoft Edge extensions — marketed as privacy and security tools — were quietly intercepting users’ conversations with AI assistants and sending those chats to third parties for...

X’s new XChat promises “end-to-end” privacy — but its current implementation leaves several simple, well-known privacy protections out in the open, and experts warn that the feature as shipped can expose users to avoidable risks ranging from leaked image metadata to a service operator or insider...

A critical security vulnerability has surfaced in Chromium, identified as CVE-2025-8576, raising urgent alarms for users of all Chromium-based browsers, including Microsoft Edge. This flaw, classified as a "use after free" in Extensions, exposes millions of users to potential cyberattacks...

Windows Hello, long touted as the seamless and secure future of biometric login for Windows users, now finds itself under intense scrutiny following a dramatic live demonstration at this year’s Black Hat security conference in Las Vegas. Two German researchers unveiled a critical vulnerability...

Here is a concise and professional edit and summary for the article "Zenity Labs Exposes Widespread 'AgentFlayer' Vulnerabilities Allowing Silent Hijacking of Major Enterprise AI Agents Circumventing Human Oversight" from CNHI News: Zenity Labs Uncovers Major 'AgentFlayer' Vulnerabilities...

A wave of highly sophisticated phishing attacks has put Microsoft 365 users—and the very foundations of modern email security—at risk, exposing a perilous paradox: the same technologies designed to protect cloud productivity platforms are now being systematically exploited to facilitate...

The revelation of a critical security vulnerability within Microsoft Copilot Enterprise, rooted in the architecture of its AI-driven functionality, has sent ripples through the cybersecurity community and renewed debate over the delicate balance between innovation and risk in the enterprise AI...

Security researchers have recently uncovered a critical technique that could allow attackers to seize Global Administrator access in Microsoft Entra ID, raising significant concerns across the enterprise security landscape. The vulnerability—first reported by Datadog and detailed in the Petri IT...

Here’s a summary of the critical flaw "Golden dMSA" in Windows Server 2025 reported by Semperis: What is Golden dMSA? Golden dMSA is a newly discovered, critical design flaw in delegated Managed Service Accounts (dMSA) on Windows Server 2025. Discovered by: Semperis, a security research and...

Each year, as global threats to cybersecurity grow ever more sophisticated, the digital world’s frontline defenders quietly make their impact felt. Microsoft’s Security Response Center (MSRC) has again stepped forward to celebrate those tireless and ingenious individuals by unveiling its list of...

A zero-day vulnerability lurking within the deepest layers of the Windows operating system is the sort of nightmare scenario that keeps IT professionals and security researchers up at night. The recent patch for CVE-2025-49686—a critical flaw identified by Marat Gayanov of Positive Technologies’...

Recent revelations surrounding a critical Local File Inclusion (LFI) vulnerability in Microsoft 365’s Export to PDF functionality have cast an intense spotlight on the hidden complexities and lingering security risks inherent even in feature-rich, enterprise-grade cloud platforms. The...

Windows SmartScreen has long served as one of the core layers of defense in Microsoft’s modern security architecture, acting as a vigilant gatekeeper against malicious web content, phishing attempts, and untrusted or suspicious applications. But with the disclosure of CVE-2025-49740, a...

Windows Virtualization-Based Security (VBS) is a core pillar of modern Windows security architecture, trusted by enterprises and government organizations alike to isolate and protect sensitive system processes from compromise. However, the recent disclosure of CVE-2025-47159—a critical elevation...

Here is a summary of CVE-2025-21195: Title: Azure Service Fabric Runtime Elevation of Privilege Vulnerability CVE ID: CVE-2025-21195 Description: There is an elevation of privilege vulnerability in Azure Service Fabric Runtime caused by improper link resolution before file access ("link...

The Microsoft Security Response Center (MSRC) has once again spotlighted excellence and dedication in its 2025 Q2 Security Researcher Leaderboard, reinforcing its status as a linchpin in the global effort to secure Microsoft's vast ecosystem. Each quarter, the security community—comprising...

Curiosity is often cited as the foundation of all great discoveries, but rarely does it blaze a trail as remarkable as the journey of Dylan, the youngest security researcher ever to work with the Microsoft Security Response Center (MSRC). At just 13, Dylan began collaborating with one of the...

For decades, the fortress-like defense of air-gapped computers—those completely disconnected from external networks—has stood as a cornerstone of security in top-secret governmental agencies, defense contractors, and industries with critical infrastructure. The guiding philosophy was simple: if...