React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ecosystem. With low exploitation complexity and publicly available PoCs, ...

The company’s new approach is that anything touching Microsoft services is eligible for a bug bounty, regardless of its source. Today’s AI-enabled attackers are agnostic: They’re not limiting ...

Microsoft Corp. announced today that it is expanding its bug bounty program with a new policy that brings all of its online services, including those supported by third-party and open-source ...

Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft ...

Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party. This policy shift ...

Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three ...

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already ...

Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. Microsoft on Tuesday announced patches for 57 vulnerabilities as part of its ...

We have been researching the React2Shell RCE (CVE-2025-55182) since it was released, and we worked on preventing this vulnerability with our customers. We are open-sourcing this test server for ...

The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows' standard interface. We waited long enough. Image: Unsplash Microsoft ...