Microsoft MSRC
CVE-2026-45480 Azure Active Directory Elevation of Privilege Vulnerability
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
vulnerabilitymicrosoft
Security Radar
Page 2 of 10 · 1110 stories from the last 30 days across 14 trusted sources.
Microsoft MSRC
CVE-2026-42895 Microsoft Copilot Tampering Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47647 Dynamics 365 Elevation of Privilege Vulnerability
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability
Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability
Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
vulnerabilitymicrosoft
Microsoft MSRC
CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.
vulnerability
BleepingComputer
5 reasons Microsoft 365 backup isn’t enough for business data protection
Microsoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft 365 data protection. [...]
microsoft
The Hacker News
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owne...
ransomwaremalwaremicrosoft
Dark Reading
Get Out of Security Debt by Tackling the Exposure Problem
Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?
vulnerability
BleepingComputer
ShapedPlugin update flow hacked to infect WordPress sites
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. [...]
supply chain
BleepingComputer
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. [...]
data breach
Help Net Security
Malware attacks strip Roblox developers of entire games
Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games on it. Successful games can generate substantial revenue through in-game purchases. Some developers h...
malware
Help Net Security
eSentire links AI-led penetration testing with MDR through Atlas Preempt
eSentire has announced the launch of Atlas Preempt, a component of the company’s Atlas Platform. Atlas Preempt performs continuous, AI-driven offensive testing against customer environments to identify which exposures attackers can reach and feeds that data into eSentire’s 24/...
BleepingComputer
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations. [...]
vulnerability
BleepingComputer
Telegram admits it couldn't police exam-leak channels, India tells court
India's government has told the Delhi High Court that Telegram was warned about two weeks before it was blocked, and that the platform admitted it could not proactively detect the channels selling leaked exam papers. Telegram says it cooperated and the ban is unlawful. [...]
data breach
Help Net Security
74,000 Fortinet firewall credentials exposed in FortiBleed data leak
A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The data was accidentally exposed by the group on a server, along with other artifacts and tools, and the e...
data breach
CISA Alerts
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device. The following versions of Apollo Pharmacy Blood Glucose Monito...
vulnerability
CISA Alerts
Schneider Electric EasyLogic T150 and Saitel DP
View CSAF Summary Successful exploitation this vulnerability could allow an attacker to gain unauthorized access to sensitive files The following versions of Schneider Electric EasyLogic T150 and Saitel DP are affected: Schneider Electric EasyLogic T150 (formerly Saitel DR) Re...
vulnerability