Live
Microsoft's 'In Scope by Default' Bug Bounty Revolution: What It Means for Windows Security·MSFT +0.1%CVE-2025-39746: Critical Linux Kernel Flaw in ath10k Driver Threatens Azure Security·NVDA +3.0%CVE-2024-8612: QEMU Virtio Memory Leak Threatens Azure Linux & Virtualization Security·GOOGL +1.2%From XZ to Grug: Why Software’s Complexity Crisis Demands Radical Simplicity Now·AMZN +2.9%Solana-Scan Malware Exposes Victim Data on Open C2 Portal After Fake npm Packages Steal Wallet Keys·MSFT +0.1%Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out·NVDA +3.0%Microsoft Edge Seals Off Dangerous Filesystem Attack Vector with Latest Chromium Patch for CVE-2025-8580·GOOGL +1.2%WSL 2.5.10 Lands: Microsoft’s Secret Security Patch for Windows 11 Explained·AMZN +2.9%Microsoft's 'In Scope by Default' Bug Bounty Revolution: What It Means for Windows Security·MSFT +0.1%CVE-2025-39746: Critical Linux Kernel Flaw in ath10k Driver Threatens Azure Security·NVDA +3.0%CVE-2024-8612: QEMU Virtio Memory Leak Threatens Azure Linux & Virtualization Security·GOOGL +1.2%From XZ to Grug: Why Software’s Complexity Crisis Demands Radical Simplicity Now·AMZN +2.9%Solana-Scan Malware Exposes Victim Data on Open C2 Portal After Fake npm Packages Steal Wallet Keys·MSFT +0.1%Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out·NVDA +3.0%Microsoft Edge Seals Off Dangerous Filesystem Attack Vector with Latest Chromium Patch for CVE-2025-8580·GOOGL +1.2%WSL 2.5.10 Lands: Microsoft’s Secret Security Patch for Windows 11 Explained·AMZN +2.9%

Open Source Security

The latest Open Source Security coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 3:28 PM
Latest Most Read Breaking
Sort
Bug Bounty · Cloud Security

Microsoft's 'In Scope by Default' Bug Bounty Revolution: What It Means for Windows Security

Microsoft has fundamentally rewritten the rules of engagement for vulnerability research with a policy shift that security experts are calling one of the most significant expansions of bug bounty...

Advertisement
Api Keys · C2 Infrastructure

Solana-Scan Malware Exposes Victim Data on Open C2 Portal After Fake npm Packages Steal Wallet Keys

Security researchers have uncovered a targeted npm supply-chain campaign—dubbed “Solana‑Scan”—that uses fake Solana developer tools to harvest wallet credentials and expose stolen data...

SE Security Desk·47w ago
Browser Exploits · Browser Patch

Chrome and Edge Users Alerted to Critical PiP Flaw CVE-2025-8577 as Patches Roll Out

A serious security vulnerability in the Chromium engine’s Picture-in-Picture (PiP) feature is being urgently patched by Google and Microsoft, affecting millions of users of Chrome, Edge, and other...

SE Security Desk·49w ago
Browser Ecosystem · Browser Patch

Microsoft Edge Seals Off Dangerous Filesystem Attack Vector with Latest Chromium Patch for CVE-2025-8580

Microsoft has patched a critical filesystem vulnerability in its Edge browser, CVE-2025-8580, plugging a dangerous hole that could have allowed attackers to execute arbitrary code or access...

SE Security Desk·49w ago
Containerization · Cross-platform

WSL 2.5.10 Lands: Microsoft’s Secret Security Patch for Windows 11 Explained

Microsoft shipped a terse, single-line update to the Windows Subsystem for Linux on January 15, 2025. Version 2.5.10 of WSL arrived through the Microsoft Store with no fanfare, no CVE identifiers,...

SE Security Desk·49w ago
Cyber Defense · Cyber Espionage

Lazarus Group’s 2025 Evolution: Stealthy Attacks on Open Source Software Supply Chains

North Korea’s Lazarus Group has cemented its position as one of the most infamous cyber adversaries of the past decade, notorious for headline-grabbing operations like the Sony Pictures breach...

SE Security Desk·49w ago
2fa · Authentication

Microsoft Authenticator Autofill Removal Sparks Shift Toward Privacy-Focused Proton Authenticator

When Microsoft announced the removal of autofill capabilities from its Authenticator app and pushed users towards its Edge Wallet, it sent shockwaves throughout the tech and security community. For...

SE Security Desk·50w ago
Cyber Defense · Cyber Threats

Thorium: Revolutionizing Automated, Scalable File Analysis for Modern Security Operations

The accelerating landscape of cyber threats puts unprecedented pressure on today’s security operations centers (SOCs) and digital forensics teams. Organizations now face not just a heightened...

SE Security Desk·50w ago
Cisa · Compromise

CISA’s Eviction Strategies Tool: Advancing Post-Compromise Cyber Defense with Evidence-Based Playbooks

Every minute counts after the discovery of a network intrusion. Seasoned security professionals know that these initial moments can define the trajectory of a cyber incident—determining whether...

SE Security Desk·50w ago
1 2 3 4 5