Are Copilot prompt injection flaws vulnerabilities or AI limits?

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security ...

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to ...
The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under ...
SecurityWeek

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure

A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token. A researcher has disclosed the details of a recently patched ChatGPT vulnerability ...
maketecheasier.com

Why LNK Files in Windows Are a Major Security Vulnerability and How to Stay Safe

Year after year, LNK files are exploited in malware attacks, mainly because a core vulnerability hides malicious content from users. Microsoft has not yet fixed the flaw, so we must be cautious when ...
GitHub

GPT-Researcher File Upload Vulnerability Summary

GPT-Researcher's file upload endpoint (POST /upload/) accepts arbitrary file types without validation or size limits, immediately processing uploaded documents through unstructured library without ...
Dark Reading

OWASP Highlights Supply Chain Risks in New Top 10 List

OWASP has updated its list of Top 10 software vulnerabilities to align it better with the current threat landscape and modern development practices. The Nov. 6 release is OWASP's first major Top 10 ...
thecyberexpress

New AI Vulnerability Scoring System Announced to Address Gaps in CVSS

A new vulnerability scoring system has just been announced. The initiative, called the AI Vulnerability Scoring System (AIVSS), aims to fill the gaps left by traditional models such as the Common ...
aha.org

H-ISAC TLP White Vulnerability Bulletin: Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability

In March 2024, Exodus Intelligence discovered a vulnerability in Microsoft Windows Cloud Files Minifilter driver. The patch for this flaw was recently released, included in Microsoft's October 2025 ...
winbuzzer.com

Microsoft Disables File Explorer Preview for Internet Files to Patch NTLM Vulnerability

Following the October 2025 Patch Tuesday updates, many Windows users began reporting a frustrating issue: the File Explorer preview pane suddenly stopped working for many common file types. In a move ...
Bleeping Computer

Gladinet fixes actively exploited zero-day in file-sharing software

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late ...