After the CrowdStrike fiasco, Microsoft is making changes to move antivirus protection out of the system kernel.

After the CrowdStrike fiasco, Microsoft is making changes to move antivirus protection out of the system kernel.

Why, oh why, would you ever allow someone else's code in your kernel, making yourself dependent on the stability of an outsider's system? But that's what Microsoft did - and they paid the price. But they're about to fix that. Microsoft is making significant changes to how security software, including antivirus and endpoint protection solutions, interacts with the Windows operating system. Following the July 2024 CrowdStrike incident—where a faulty update caused widespread system outages by affecting the Windows kernel—Microsoft has committed to reducing the risks associated with third-party security software running at the kernel level.
Sneaky phishing campaign uses Microsoft’s Direct Send to make emails look like they came from within the organization.

Sneaky phishing campaign uses Microsoft’s Direct Send to make emails look like they came from within the organization.

Microsoft 365 ‘Direct Send’ is a feature designed to allow devices and applications—such as printers, scanners, or cloud services—to send emails directly to internal recipients within an organization without requiring traditional email authentication like usernames and passwords. While this is convenient for legitimate business needs, it has also become a significant security risk via an ongoing phishing campaign.
Cisco addresses two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms.

Cisco addresses two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms.

Cisco has recently addressed two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms, tracked as CVE-2025-20281 and CVE-2025-20282. Both vulnerabilities allow unauthenticated, remote attackers to execute arbitrary code with root privileges, posing a severe risk to affected systems.
CrowdStrike announces elimination of 500 jobs as it strategically shifts to AI.

CrowdStrike announces elimination of 500 jobs as it strategically shifts to AI.

CrowdStrike, a leading cybersecurity company, announced in May 2025 that it would cut about 500 jobs, or roughly 5% of its global workforce, as part of a strategic shift to realign its operations and invest more heavily in artificial intelligence (AI). This move comes despite the company reporting significant revenue growth—29% year-over-year, reaching nearly $4 billion for fiscal year 2025—and a strong position in its core market, though it did post a net loss after a previous year of profitability.
XBOW achieves a groundbreaking milestone as the first AI system to surpass human hackers in the HackerOne competition.

XBOW achieves a groundbreaking milestone as the first AI system to surpass human hackers in the HackerOne competition.

XBOW has made history by becoming the first autonomous artificial intelligence to reach the top of the United States HackerOne leaderboard as a vulnerability researcher. In 2025, XBOW’s AI-driven penetration testing tool surpassed all human participants on the platform, marking the first time an autonomous system has achieved this feat in the bug bounty community.
Iranian state-sponsored APT35 is intensifying AI-powered attacks against Israeli tech experts.

Iranian state-sponsored APT35 is intensifying AI-powered attacks against Israeli tech experts.

Iranian state-sponsored hackers linked to APT35 (also tracked as Charming Kitten, Mint Sandstorm, or Educated Manticore) have intensified spear-phishing campaigns targeting Israeli technology experts, cybersecurity professionals, journalists, and academics since mid-June 2025. These attacks escalated following Israeli airstrikes against Iran and leverage AI-generated content for social engineering.
CISA has added three crucial security flags to KVE, highlighting vulnerabilities in AMI MegaRAC, D-Link routers, and FortiOS (hardcoded credentials).

CISA has added three crucial security flags to KVE, highlighting vulnerabilities in AMI MegaRAC, D-Link routers, and FortiOS (hardcoded credentials).

On Wednesday, June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three significant security flaws to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are actively being exploited in the wild and pose serious risks to affected systems.
Energy sector is being targeted with malware that exploits Microsoft’s ClickOnce deployment on AWS cloud services.

Energy sector is being targeted with malware that exploits Microsoft’s ClickOnce deployment on AWS cloud services.

A sophisticated hacking campaign dubbed “OneClik” is exploiting Microsoft’s ClickOnce deployment technology and AWS cloud services to stealthily target organizations in the energy, oil, and gas sectors. Attackers initiate the attack through phishing emails containing links to fake “hardware analysis” sites hosted on Azure Blob Storage. These sites deliver a ClickOnce manifest (.application file) disguised as legitimate software.
Hundreds of misconfigured MCP servers (used to connect LLMs with third party services) have exposed critical security flaws.

Hundreds of misconfigured MCP servers (used to connect LLMs with third party services) have exposed critical security flaws.

Hundreds of Model Context Protocol (MCP) servers used to connect LLMs with third-party services, data sources, and tools contain critical security flaws in their default configurations. These vulnerabilities expose users to unauthorized operating system command execution, data breaches, and systemic compromise. Below is a detailed analysis of the risks and mitigation strategies.