Microsoft Outlook, Teams, Word, Excel, PowerPoint, and OneNote for macOS were impacted by eight security flaws, which could be utilized to evade available app permissions in the operating system even without further user verification.
Attacks exploiting a Windows Ancillary Function Driver for WinSock zero-day vulnerability, tracked as CVE-2024-38193, have been deployed by North Korean hacking collective Lazarus Group
CISA is warning that ongoing intrusions targeting SolarWinds Web Help Desk instances vulnerable to the critical Java deserialization flaw, tracked as CVE-2024-28986, could be leveraged to facilitate remote code execution.
Microsoft Entra ID, previously known as Azure Active Directory, has been impacted by a security vulnerability, which could be leveraged to evade authentication controls and freely access and impersonate synchronized users.
