A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to harvest user credentials and impersonate victims, risking severe security breaches across services like Power Apps and Automate. Microsoft patched the flaw (CVE-2024-49070) in December 2024, emphasizing the need for organizations to implement updates, limit user permissions, and monitor suspicious activity.
Tenable Finds DeepSeek AI Can Be Manipulated to Generate Malware
A study by cybersecurity firm Tenable shows that DeepSeek R1, a large language model, can be manipulated into creating malware, such as keyloggers and ransomware.
