Rabia Noureen

Google has issued an alert about the React2Shell flaw and warned that multiple advanced threat groups are actively exploiting the vulnerability. Cybercriminals are exploiting this zero-day to deploy backdoors, miners, and espionage tools across vulnerable React-based systems worldwide. This remote code execution vulnerability (RCE) (CVE‑2025‑55182) in React Server Components (dubbed React2Shell) was first disclosed on…

Microsoft is taking a firm step to strengthen security and reliability for Exchange Online customers. The company plans to block devices using Exchange ActiveSync (EAS) protocol versions earlier than 16.1 from connecting to Exchange Online in 2026. Exchange Online ActiveSync (EAS) is a protocol that enables mobile devices to synchronize email, calendar, contacts, and tasks…

Global IT spending is set to surge 14 percent in 2025, marking its fastest expansion since 1996. The acceleration reflects a full-scale tech supercycle, driven by record AI infrastructure investment alongside rapid cloud adoption and widespread enterprise software upgrades. According to IDC’s latest Worldwide Black Book, global spending on hardware, software, and services is expected…

Microsoft has started rolling out native Windows Admin Center support for Arm-based Copilot+ PCs. The update enables administrators to manage servers, clusters, and desktops directly from their Copilot+ devices without relying on x64 workarounds. Windows Admin Center (WAC) is a web-based management tool designed for IT administrators to manage Windows servers, clusters, and PCs from…

Microsoft has rolled out several new capabilities to enhance device security and management during the months of November and December. These improvements focus on streamlining administrative workflows and strengthening privacy controls across multiple platforms. Consolidated admin workflows Microsoft has introduced a new Admin tasks section in public preview within the Microsoft Intune admin center. It…

A new security analysis shows that Microsoft Copilot Studio’s no-code AI agents can be manipulated into exposing sensitive data with surprisingly simple prompt injections. The proof-of-concept demonstrates how attackers could bypass identity checks, extract credit-card details, and even alter financial records with minimal effort. In a proof-of-concept, Tenable researchers created a travel-booking agent using dummy…

Microsoft is strengthening cloud defenses with the introduction of Baseline Security Mode, a unified framework that applies secure-by-default protections across Microsoft 365. The new feature streamlines the hardening of authentication, file security, and meeting devices, and reduces reliance on legacy configurations and manual effort. Microsoft Baseline Security Mode is an opt-in feature that applies a…

The National Cyber Security Centre (NCSC) has warned about AI prompt injection attacks, exposing organizations to a new class of stealthy manipulation. Unlike conventional vulnerabilities, these attacks exploit the way LLMs interpret text, which forces security teams to rethink their defenses to protect critical systems. How does prompt injection differ from traditional vulnerabilities? A prompt…

Microsoft has released the December 2025 Patch Tuesday updates for Windows 11 versions 25H2 and 24H2. This month, the company rolled out 56 new patches to address vulnerabilities in Windows, Office, Exchange Server, Azure, PowerShell, Windows Defender, and other components. On the quality and experience updates front, Microsoft has introduced a couple of improvements for…

Microsoft has rolled out a new update that enables Storage Spaces Direct (S2D) and SAN storage to operate together within a single-rack failover cluster. This enhancement is available for Windows Server 2022 and Windows Server 2025. Storage Spaces Direct (S2D) is a technology that enables hyperconverged infrastructure by pooling locally attached drives across cluster nodes…

A new survey reveals a hidden security crisis brewing inside legacy web forms, with nearly nine in ten organizations reporting form-related breaches in recent years. As businesses struggle with rising compliance demands and sophisticated cyberattacks, the findings highlight an urgent need to modernize data collection practices before vulnerabilities get out of control. The 2025 Data…

Microsoft has introduced a new Common Vulnerabilities and Exposures (CVE) reporting feature within Windows Autopatch. This new capability provides security teams a unified view of Windows vulnerabilities that recent quality updates have addressed, with device-specific vulnerability tracking. In Windows Autopatch, the new CVEs report allows security teams to quickly determine which vulnerabilities have been resolved…