Opinions, tips, and news orbiting Microsoft
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information. Continue reading Chromium: CVE-2025-1916 Use after free in Profiles
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Continue reading CVE-2025-26643 Microsoft Edge (Chromium-based) Spoofing Vulnerability
This Women’s History Month serves as a crucial moment for us to lead and continue to pave the way for a more inclusive future. I am truly honored to support my amazing women colleagues who continue to excel in their careers. Their diverse perspectives and talents are invaluable, driving innovation and progress across various industries. I am proud to be a part of Microsoft Security, which is focused on building and nurturing an inclusive cybersecurity workforce and curating careers, tools, and resources that work for everyone. We recognize that this is what promotes business growth, strengthens global defenses, and enhances AI safety.
The post Women’s History Month: Why different perspectives in cybersecurity and AI matter more than ever before appeared first on Microsoft Security Blog.
We’d love to hear your feedback about a new feature proposal that we think will give you more control over the performance of y
The post Request for developer feedback: controlling the performance of embedded web content appeared first on Microsoft Edge Blog.
Continue reading Request for developer feedback: controlling the performance of embedded web content
Microsoft detected a large-scale malvertising campaign in early December 2024 that impacted nearly one million devices globally. The attack originated from illegal streaming websites embedded with malvertising redirectors and ultimately redirected users to GitHub to deliver initial access payloads as the start of a modular and multi-stage attack chain.
The post Malvertising campaign leads to info stealers hosted on GitHub appeared first on Microsoft Security Blog.
Continue reading Malvertising campaign leads to info stealers hosted on GitHub
Our ambition is to empower every employee with a Copilot and transform every business process with agents. We’re announcing two new agents that apply this ambition to sales—the revenue engine for every business—and can be used right in the flow of work… Continue reading New sales agents accessible in Microsoft 365 Copilot help teams close more deals, faster
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.
The post Silk Typhoon targeting IT supply chain appeared first on Microsoft Security Blog.
Hello Windows Insiders, we are beginning to roll out an update for the Microsoft Copilot app on Windows via the Microsoft Store which introduces the following changes and improvements:
The post Update for Copilot on Windows begins rolling out to Windows Insiders with new features and improvements appeared first on Windows Blog.