InfoSecBulletin Cybersecurity for mankind
Microsoft has issued a new warning about a critical security vulnerability in Active Directory Domain Services, known as CVE-2025-21293. An attacker with initial access could exploit this flaw to increase their privileges, gaining full control over the domain controller and compromising the network’s security.
The vulnerability is categorized as an “Elevation of Privilege” issue stemming from an improper access control weakness, formally identified as CWE-284.
Microsoft warns of active directory and office vulnarability
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials
Hacker Exploit Amazon SES to Send 50K Phishing Emails
SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
Microsoft warns that an attacker exploiting this flaw could gain SYSTEM-level privileges. Microsoft has issued patches for two major vulnerabilities in Office that could let attackers run harmful code on affected systems.
Microsoft unveiled CVE-2025-54910 and CVE-2025-54906 in September, which multiple versions of the well-known productivity suite. Microsoft currently considers exploitation of both vulnerabilities as “less likely,” but their ability to allow remote code execution requires urgent attention from users and admins.
The vulnerabilities vary in how they are exploited and their severity; one is rated Critical and the other Important. Microsoft released security updates for many affected software vulnerabilities. Customers should apply all available updates to ensure full protection.
