Cybersecurity

Microsoft Security:

Zero Day Quest 2025: $1.6 million awarded for vulnerability research
April 21, 2025
This month, the Microsoft Security Response Center recently welcomed some of the world’s most talented security researchers at Microsoft’s Zero Day Quest, the largest live hacking competition of its kind. The inaugural event challenged the security community to focus on the highest-impact security scenarios for Copilot and Cloud with up to $4 million in potential awards.
Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject)
March 14, 2025
We are excited to announce the winners of LLMail-Inject, our first Adaptive Prompt Injection Challenge! The challenge ran from December 2024 until February 2025 and was featured as one of the four official competitions of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning (IEEE SaTML). The overall aims of this challenge were to advance the state-of-the-art defenses against […]
Jailbreaking is (mostly) simpler than you think
March 13, 2025
Content warning: This blog post contains discussions of sensitive topics. These subjects may be distressing or triggering for some readers. Reader discretion is advised. Today, we are sharing insights on a simple, optimization-free jailbreak method called Context Compliance Attack (CCA), that has proven effective against most leading AI systems. We are disseminating this research to promote awareness and encourage system […]
Exciting updates to the Copilot (AI) Bounty Program: Enhancing security and incentivizing innovation
February 7, 2025
At Microsoft, we are committed to fostering a secure and innovative environment for our customers and users. As part of this commitment, we are thrilled to announce significant updates to our Copilot (AI) Bounty Program. These changes are designed to enhance the program’s effectiveness, incentivize broader participation, and ensure that our Copilot consumer products remain robust, safe, and secure.
Scaling Dynamic Application Security Testing (DAST)
January 21, 2025
Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development Lifecycle is security testing, which aims to discover and mitigate security vulnerabilities before adversaries can exploit them.
Congratulations to the Top MSRC 2024 Q4 Security Researchers!
January 15, 2025
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q4 Security Researcher Leaderboard are Suresh, VictorV, wkai! Check out the full list of researchers recognized this quarter here.
Mitigating NTLM Relay Attacks by Default
December 9, 2024
Introduction In February 2024, we released an update to Exchange Server which contained a security improvement referenced by CVE-2024-21410 that enabled Extended Protection for Authentication (EPA) by default for new and existing installs of Exchange 2019. While we’re currently unaware of any active threat campaigns involving NTLM relaying attacks against Exchange, we have observed threat actors exploiting this vector in […]
Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject)
December 6, 2024
We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, participants assume the role of an attacker who sends an email to a user. The user then queries the LLMail service with a question (e.

Dark Reading:

Mobile Applications: A Cesspool of Security Issues
April 25, 2025 by Robert Lemos, Contributing Writer
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?
How Organizations Can Leverage Cyber Insurance Effectively
April 25, 2025 by Erich Kron
By focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks.
Vehicles Face 45% More Attacks, 4 Times More Hackers
April 25, 2025 by Nate Nelson, Contributing Writer
Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.
Phishing Kit Darcula Gets Lethal AI Upgrade
April 25, 2025 by Becky Bracken
Recently added artificial intelligence capabilities on the Chinese-language Darcula phishing-as-a-service platform make phishing attacks easy for even the least technical hackers.
[Virtual Event] Anatomy of a Data Breach: And what to do if it happens to you
April 24, 2025 by
'SessionShark' ToolKit Evades Microsoft Office 365 MFA
April 24, 2025 by Kristina Beek, Associate Editor, Dark Reading
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but.
Digital Twins Bring Simulated Security to the Real World
April 24, 2025 by Robert Lemos, Contributing Writer
By simulating business environments or running software, while incorporating real-time data from production systems, companies can model the impact of software updates, exploits, or disruptions.
Max-Severity Commvault Bug Alarms Researchers
April 24, 2025 by Jai Vijayan, Contributing Writer
Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers.

Instagram Edits topped 7M downloads in first week, a bigger launch than CapCut’s
April 26, 2025 by Sarah Perez
Instagram Edits, Meta’s newly released video creation app, had a bigger debut than its direct competitor, ByteDance’s CapCut, once did. The new app, which today helps users craft videos for […]
Musk’s xAI Holdings is reportedly raising the second-largest private funding round ever
April 26, 2025 by Connie Loizos
Elon Musk’s xAI Holdings is in talks to raise $20 billion in fresh funding, potentially valuing the AI and social media combo at over $120 billion, according to a new […]
DoorDash seeks dismissal of Uber lawsuit
April 25, 2025 by Kirsten Korosec
DoorDash has asked a California Superior Court judge to dismiss a lawsuit filed by Uber that accuses the food delivery company of stifling competition by intimidating restaurant owners into exclusive […]
TechCrunch Mobility: Slate’s ‘transformer’ EV truck breaks cover and Tesla’s dueling realities
April 25, 2025 by Kirsten Korosec
Welcome back to TechCrunch Mobility — your central hub for news and insights on the future of transportation. Sign up here for free — just click TechCrunch Mobility! Busy week, […]
Anthropic sent a takedown notice to a dev trying to reverse-engineer its coding tool
April 25, 2025 by Kyle Wiggers
In the battle between two “agentic” coding tools — Anthropic’s Claude Code and OpenAI’s Codex CLI — the latter appears to be fostering more developer goodwill than the former. That’s […]
Deel files countersuit against Rippling as rivalry escalates
April 25, 2025 by Mary Ann Azevedo
In the latest development of an increasingly public dispute between HR and payroll services rivals, Deel has filed a countersuit against Rippling. To recap: Rippling publicly announced on March 17 […]