InfoSecBulletin Cybersecurity for mankind
On November 26th, Microsoft patched four vulnerabilities detected in Dynamics 365 Sales, the Partner.Microsoft.Com portal, Microsoft Copilot Studio and Azure PolicyWatch.
Microsoft Copilot Studio, a platform for developers to create AI agents and speed up coding with automation, had a critical vulnerability rated 9.3 out of 10 (CVE-2024-49038). Microsoft has fully addressed this issue, and users do not need to take any action.
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Code
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
Partner.Microsoft.Com, the official Microsoft partners’ portal, experienced a serious vulnerability (CVE-2024-49035) with a severity rating of 8.7/10, allowing for elevated privileges.
Microsoft has discovered that an improper access control flaw is being exploited. Unauthenticated attackers can use it to gain higher privileges on a network. No action is required from users as automatic patches are being released over the next few days.
Microsoft Azure PolicyWatch, a service for managing policies in Microsoft Azure, has a critical flaw rated 8.2/10 (CVE-2024-49052).
Microsoft confirmed that the vulnerability has been fully fixed, so users do not need to take any action.
Microsoft Dynamics 365 Sales, a cloud-based CRM solution, has a significant spoofing vulnerability rated 7.6 out of 10 (CVE-2024-49053).
Attackers could alter a vulnerable link to redirect victims to a malicious site, but they needed to be authenticated (not necessarily with admin privileges). Victims had to click a specially crafted URL to be at risk.
Microsoft said, “The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.”
