A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to harvest user credentials and impersonate victims, risking severe security breaches across services like Power Apps and Automate. Microsoft patched the flaw (CVE-2024-49070) in December 2024, emphasizing the need for organizations to implement updates, limit user permissions, and monitor suspicious activity.

Threat actor uses AI-generated malware in network intrusion – SC Media
Threat actor uses AI-generated malware in network intrusion SC Media


