Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

/in

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.
The flaws are listed below –

CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability
CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service

The Hacker News – ​Read More

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

/in

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead

The Hacker News – ​Read More

Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform

/in

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks.
This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf

The Hacker News – ​Read More

Anthropic claims new AI security method blocks 95% of jailbreaks, invites red teamers to try

/in

VentureBeat/Ideogram

The new Claude safeguards have already technically been broken but Anthropic says this was due to a glitch — try again.Read More

Security News | VentureBeat – ​Read More

Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon

/in

The feature will no longer be available starting Feb. 28. Microsoft wants to focus on “new areas that will better align to customer needs.”

Security | TechRepublic – ​Read More

Hackers Hide Malware in Fake DeepSeek PyPI Packages

/in

Malicious DeepSeek packages on PyPI spread malware, stealing sensitive data like API keys. Learn how this attack targeted developers and how to protect yourself.

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

‘Constitutional Classifiers’ Technique Mitigates GenAI Jailbreaks

/in

Anthropic says its Constitutional Classifiers approach offers a practical way to make it harder for bad actors to try and coerce an AI model off its guardrails.

darkreading – ​Read More

EMEA CISOs Plan 2025 Cloud Security Investment

/in

Post Content

darkreading – ​Read More

Ransomware Groups Weathered Raids, Profited in 2024

/in

Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, they continued to thrive in a record-breaking year for ransomware.

darkreading – ​Read More