Live
SQL Server Vulnerability CVE-2025-47997: Patch Now to Block Memory Disclosure Attacks·MSFT +0.1%CVE-2025-55243: OfficePlus Spoofing Flaw Exposes Data, Bypasses Scanners·NVDA +3.0%Patch Now: Xbox Gaming Services CVE-2024-28916 Lets Low-Privilege Attackers Escalate to SYSTEM·GOOGL +1.2%The CVE That Isn't There: DirectX Kernel Race Condition Panic and the Patches You Actually Need·AMZN +2.9%Race Condition in Windows MapControl Could Give Attackers Admin Rights – Patch Today·MSFT +0.1%Microsoft's Hidden PowerPoint Flaw: Why CVE-2025-54908 Evades Verification but Demands Action·NVDA +3.0%CVE-2025-54906: Microsoft Office Memory Bug Enables Code Execution via Malicious Docs – Patch Now·GOOGL +1.2%Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now·AMZN +2.9%SQL Server Vulnerability CVE-2025-47997: Patch Now to Block Memory Disclosure Attacks·MSFT +0.1%CVE-2025-55243: OfficePlus Spoofing Flaw Exposes Data, Bypasses Scanners·NVDA +3.0%Patch Now: Xbox Gaming Services CVE-2024-28916 Lets Low-Privilege Attackers Escalate to SYSTEM·GOOGL +1.2%The CVE That Isn't There: DirectX Kernel Race Condition Panic and the Patches You Actually Need·AMZN +2.9%Race Condition in Windows MapControl Could Give Attackers Admin Rights – Patch Today·MSFT +0.1%Microsoft's Hidden PowerPoint Flaw: Why CVE-2025-54908 Evades Verification but Demands Action·NVDA +3.0%CVE-2025-54906: Microsoft Office Memory Bug Enables Code Execution via Malicious Docs – Patch Now·GOOGL +1.2%Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now·AMZN +2.9%

Threat Hunting

The latest Threat Hunting coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 6:52 AM
Latest Most Read Breaking
Sort
Credential Theft · Cu Update

SQL Server Vulnerability CVE-2025-47997: Patch Now to Block Memory Disclosure Attacks

Microsoft has released patches for a critical information-disclosure vulnerability in SQL Server that could allow an authenticated attacker to read sensitive memory contents over the network. Tracked...

Advertisement
Cve-2025-54913 · Cybersecurity

Race Condition in Windows MapControl Could Give Attackers Admin Rights – Patch Today

Microsoft has released a security update to address a critical race condition vulnerability in the Windows MapControl UI component that could allow local attackers to gain elevated privileges....

SE Security Desk·44w ago
2025 Advisories · Asr

Microsoft's Hidden PowerPoint Flaw: Why CVE-2025-54908 Evades Verification but Demands Action

A newly surfaced Microsoft advisory for CVE-2025-54908 warns of a use-after-free vulnerability in PowerPoint that could allow an unauthorized attacker to execute code locally. However, when security...

SE Security Desk·44w ago
Application Guard · Asr

CVE-2025-54906: Microsoft Office Memory Bug Enables Code Execution via Malicious Docs – Patch Now

Microsoft has issued a security advisory for CVE-2025-54906, a critical memory-corruption vulnerability in Office that can lead to arbitrary code execution when a user opens or previews a specially...

SE Security Desk·44w ago
Amsi · Asp.net

Unauthenticated RCE Exploits Hit On-Prem SharePoint — Patch, Rotate Keys, and Hunt Now

Microsoft’s on-premises SharePoint servers are under active attack from a chain of vulnerabilities that grant unauthenticated attackers remote code execution (RCE). The exploit combines an...

SE Security Desk·44w ago
Asr · Cve-2025-54896

Microsoft Warns of Actively Targeted Excel Use-After-Free Flaw CVE-2025-54896

Microsoft has issued a critical security advisory for CVE-2025-54896, a use-after-free vulnerability in Microsoft Office Excel that could allow attackers to execute arbitrary code on Windows...

SE Security Desk·44w ago
Authentication · Cve-2025-54895

Windows NEGOEX Integer Overflow Lets Attackers Escalate to SYSTEM—Patch Now

Microsoft has released a security update to plug a critical elevation-of-privilege hole in the Windows NEGOEX authentication mechanism. Tracked as CVE-2025-54895, the flaw stems from an integer...

SE Security Desk·44w ago
Afd.sys · Cve-2025-54099

CVE-2025-54099: Windows Winsock Driver Stack Overflow Threatens SYSTEM Access

A stack-based buffer overflow in the Windows Ancillary Function Driver for WinSock (afd.sys) can be exploited by local attackers to seize SYSTEM privileges, Microsoft disclosed in a security...

SE Security Desk·44w ago
rockwell_patches_critical_ssrf.jpg
Credential Theft · Cve-2025-9065

Rockwell Patches Critical SSRF Flaw in ThinManager That Exposes NTLM Hashes to Attackers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reissued a high-severity advisory on September 9, 2025, for a server-side request forgery (SSRF) vulnerability in Rockwell...

SE Security Desk·44w ago