Critical Windows NTLM Zero-Day Vulnerability Left Unpatched Until April 2024
A severe security flaw affecting all Windows versions allows attackers to capture NTLM credentials through malicious files in Windows Explorer. Microsoft plans to address this zero-day vulnerability in April 2024, leaving systems potentially exposed for months.
Critical Flaw in Microsoft Licensing Could Enable Mass Software Activation
A hacking group called Massgrave claims to have found a groundbreaking exploit in Microsoft's software licensing system, potentially allowing unauthorized activation of Windows and Office products. The group plans to release details of their method that reportedly requires no system modifications and could work across multiple Microsoft product generations.
New 'Flowbreaking' Attacks Expose Security Flaws in AI Language Models
Security researchers have uncovered novel race condition vulnerabilities in Large Language Model systems, dubbed 'Flowbreaking' attacks. These exploits target infrastructure rather than the AI models themselves, allowing attackers to bypass safety controls in platforms like ChatGPT and Microsoft 365 Copilot.
Microsoft Patches Critical Security Flaws in AI and Cloud Services After Active Exploitation
Microsoft addresses multiple security vulnerabilities across its platforms, including an actively exploited flaw in partner.microsoft.com that enables privilege escalation. The patches cover critical issues in Copilot Studio, Azure PolicyWatch, and Dynamics 365 Sales, highlighting ongoing challenges in cloud and AI security.
Microsoft Under FTC Investigation for Cloud Services in Government Contracts
The Federal Trade Commission launches probe into Microsoft's potential anticompetitive practices in cloud computing, focusing on $150 billion government security upgrade deal. Questions arise over contract bidding processes and hidden costs in seemingly generous offerings.
GitHub Launches $1.25M Security Fund to Bolster Open Source Projects
GitHub introduces a $1.25 million fund to support 125 open-source projects with $10,000 grants and comprehensive security training. The initiative addresses critical gaps in open-source security funding, backed by major tech companies like Microsoft and American Express.