Threat Hunting
The latest Threat Hunting coverage — news, analysis, and updates from the WindowsNews.AI desk.
Behind CVE-2025-55241: Why the MSRC Advisory Is Sparking a Hunt for Windows Exploit Defenses
Microsoft's Security Response Center published advisory CVE-2025-55241, and within hours, security practitioners weren't just scanning for patches—they were demanding deep-dive guidance on...
CVE Confusion Hits Microsoft Dynamics 365 FastTrack: Urgent Patch Needed for Info-Disclosure Flaw
Microsoft's Dynamics 365 FastTrack Implementation Assets have been thrust into the security spotlight following an information disclosure vulnerability that lets attackers harvest private data over a...
CVE-2025-55242: Microsoft Flags Xbox Information Disclosure Exploit – Admins Must Patch Immediately
Microsoft has published a security advisory for CVE-2025-55242, an information disclosure vulnerability that could allow unauthorized actors to access sensitive data over a network. The bug, which...
Microsoft Confirms Two Azure Bot Service Elevation-of-Privilege Flaws, Urges Immediate Patching
Security teams responsible for Azure Bot Service deployments are grappling with a double-barreled set of improper authorization vulnerabilities that could let unauthenticated attackers hijack cloud...
China-Linked Hackers Weaponize Known CVEs to Turn Core Routers into Spy Tools
Seventeen intelligence and cybersecurity agencies from the United States, United Kingdom, Australia, and allied nations issued an extraordinary joint advisory on August 28, 2025, exposing a...
CERT-In Warns: Patch Windows and Cloud Now as Microsoft Fixes 111 Vulnerabilities, Including Kerberos Zero-Day
India's Computer Emergency Response Team (CERT-In) has issued a high-severity advisory urging organizations and home users to apply Microsoft's latest security updates immediately. The warning...
How Metadata-Driven Zero Trust on Azure Reinforces AI Pipelines Against Modern Attacks
Microsoft’s Azure platform now offers a battle-tested blueprint for locking down machine learning operations using a metadata-driven zero-trust architecture—one that InfoWorld contributor Vikram...
Proofpoint Link Wrappers Hijacked in Malvertising Campaign Targeting Microsoft 365 Credentials
A sophisticated malvertising campaign is abusing legitimate link-wrapping services from Proofpoint and Intermedia, combined with Microsoft’s own Active Directory Federation Services (ADFS) redirect...
Microsoft Fixes CVE-2025-55229 Certificate Spoofing Bug Threatening TLS, VPNs, and Code Signing
Microsoft this week disclosed CVE-2025-55229, a high-impact spoofing vulnerability in Windows certificate handling that allows attackers to bypass signature verification over a network. The flaw,...
PC Manager’s 7.8 CVSS Flaw Exposed: How Symlinks Give Attackers SYSTEM Rights
A vulnerability tracked as CVE-2025-29975 in Microsoft PC Manager hands local attackers a direct path to full SYSTEM control. With a CVSS 3.1 score of 7.8 (high) and a low attack complexity, the bug...
CISA Alerts Federal Agencies and Enterprises to Apple Image I/O Zero-Day Under Active Exploit
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-43300 to its Known Exploited Vulnerabilities (KEV) Catalog on August 21, 2025, triggering a mandatory patch sprint for...
CISA Adds Actively Exploited Trend Micro Apex One Zero-Day to KEV, Mandates Rapid Patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-54948, a critical command injection vulnerability in Trend Micro’s Apex One on-premises management console, to...