Feed aggregator

Last year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with even more potential bounty awards: up to $5 million total for high-impact research in Cloud and AI security.

New downloads are available for Citrix Virtual Apps and Desktops

New downloads are available for Citrix Virtual Apps and Desktops

New downloads are available for Citrix Virtual Apps and Desktops

New downloads are available for Citrix Virtual Apps and Desktops

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

Summary The growing adoption of large language models (LLMs) in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models (LLMs) to process untrusted data. Fundamentally, the risk is that an attacker could provide specially crafted data that the LLM misinterprets as instructions.

New downloads are available for Citrix Virtual Apps and Desktops

New downloads are available for Citrix Virtual Apps and Desktops

New downloads are available for Citrix Virtual Apps and Desktops

Summary Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. SharePoint Online in Microsoft 365 is not impacted. A patch is currently not available for this vulnerability. Mitigations and detections are provided below.

The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s 100 Most Valuable Researchers (MVRs), based on the total number of points earned for each valid report.

New downloads are available for Citrix Virtual Apps and Desktops

New downloads are available for Citrix Virtual Apps and Desktops

New downloads are available for Citrix Virtual Apps and Desktops

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are wkai, Brad Schlintz (nmdhkr), and 0x140ce! Check out the full list of researchers recognized this quarter here.

At just 13 years old, Dylan became the youngest security researcher to collaborate with the Microsoft Security Response Center (MSRC). His journey into cybersecurity is inspiring—rooted in curiosity, resilience, and a deep desire to make a difference. Early beginnings: From scratch to security Dylan’s fascination with technology began early. Like many kids, he started with Scratch—a visual programming language for making simple games and animations.

New downloads are available for NetScaler

New downloads are available for NetScaler