Aug 10, 2025, 10:39am EDT
Update, August 10, 2025: This story, originally published on August 7, has been updated with additional information following a demonstration of the shared service principal exploit at the Black Hat hacking conference in Las Vegas, which, in turn, follows a Microsoft Exchange vulnerability directive issued by CISA. Details of a newly announced protection that adds to the Microsoft Defender security arsenal have also been added to the article.
Hot on the heels of an official security advisory from America’s Cyber Defense Agency warning of camera hack attacks, the U.S. Cybersecurity and Infrastructure Security Agency has issued another alert. This time, it impacts users of Microsoft Exchange Server and, without immediate remediation, could enable an attacker to escalate privileges and “impact the identity integrity of an organization’s Exchange Online service.” But it’s not all bad news on the Microsoft security front; the technology giant has confirmed new AI-powered protections to autonomously reverse engineer and classify malware, importantly, without any prior context requirement. Here’s what you need to know.
