Threat Detection
The latest Threat Detection coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2025-49692: Azure Connected Machine Agent Vulnerability Demands Immediate Patching
Microsoft has released a security update to address a critical elevation-of-privilege vulnerability (CVE-2025-49692) in the Azure Connected Machine agent, the software component that enables Azure...
Microsoft AutoUpdate Vulnerability Lets Attackers Escalate to Root on macOS via Symlink Tricks
Microsoft has disclosed a fresh local elevation-of-privilege vulnerability in its Microsoft AutoUpdate (MAU) agent that allows an attacker with an existing foothold on a macOS machine to escalate to...
Urgent: Windows Win32K GRFX Race Condition Exploitable for Kernel Code Execution – Patch Now
Microsoft has disclosed a dangerous race condition vulnerability in the Windows graphics subsystem’s Win32K component, tracked as CVE-2025-55228, that allows an authenticated local attacker to gain...
Patch Now: CVE-2025-54919 Win32K Bug Opens Door to Instant SYSTEM-Level Compromise
Microsoft has released a security update for a high‑impact race condition vulnerability in the Windows Win32K graphics subsystem that could allow an authenticated local attacker to gain...
CVE-2025-54902: Excel Out-of-Bounds Read Flaw Could Let Attackers Seize PCs—Mac Updates Still Missing
Microsoft has released a security update for a critical out-of-bounds read vulnerability in Excel that could allow remote code execution—but the patch is not yet available for Mac users. Tracked as...
Hyper-V PowerShell Direct Flaw Lets Attackers Impersonate Admins, Microsoft Urges Patching
Microsoft has disclosed a new elevation-of-privilege vulnerability (CVE-2025-49734) in Windows Hyper-V’s PowerShell Direct feature that lets a locally authenticated attacker with low privileges...
Critical RRAS Memory Leak CVE-2025-53797 Puts VPN Gateways at Risk – Patch Immediately
Microsoft has disclosed a high-severity information-disclosure vulnerability in the Windows Routing and Remote Access Service (RRAS) that could allow unauthenticated attackers to read sensitive...
Copilot Studio Now Intercepts Agent Actions for Real-Time Security Vetoes
Microsoft has shifted the security model for its Copilot Studio from passive guardrails to active, inline enforcement. Organizations can now route an AI agent’s planned actions—including prompts,...
Palo Alto's Prisma SASE 4.0 Targets AI-Driven Browser Attacks and Rogue SaaS Agents
Palo Alto Networks has drawn a clear line in the SASE arms race. On September 4, 2025, the company launched Prisma SASE 4.0, a major platform refresh that frames the next phase of enterprise security...
Azure Networking EoP Flaw CVE-2025-54914: Immediate Hardening Steps for Hybrid Cloud Teams
Microsoft’s Security Response Center (MSRC) has published an advisory for CVE-2025-54914, an elevation-of-privilege vulnerability in Azure Networking that could allow attackers with minimal...
US Cyber Agencies Sound Alarm on PRC Router Firmware Attacks Exposing Global Networks to Stealth Espionage
A joint cybersecurity advisory from CISA, the NSA, the FBI, and international partners has warned that state-sponsored Chinese APT actors are systematically compromising the backbone routers that...
RDP Timing Attacks Explode to 30,000 Malicious IPs in Pre-Attack Reconnaissance on U.S. Schools
Last week, threat intelligence firm GreyNoise observed a coordinated scanning campaign targeting Microsoft Remote Desktop Protocol (RDP) services that rapidly escalated from an initial wave of nearly...