SecQube | Harvey | AI Platform for MS Graph
@secqube.com
We provide managed providers with cost-reducing solutions through a user-friendly, multi-tenant, AI-driven system that enables automated KQL triaging. Connecting to the Microsoft Graph, allowing smooth integration with the Unified Portal and Sentinel.
As the year comes to a close, we want to say thank you.
Thank you to our customers, partners, and everyone working behind the scenes to keep organisations secure in an increasingly complex landscape.
Merry Christmas from all of us at SecQube.
Thank you to our customers, partners, and everyone working behind the scenes to keep organisations secure in an increasingly complex landscape.
Merry Christmas from all of us at SecQube.
December 24, 2025 at 10:31 AM
As the year comes to a close, we want to say thank you.
Thank you to our customers, partners, and everyone working behind the scenes to keep organisations secure in an increasingly complex landscape.
Merry Christmas from all of us at SecQube.
Thank you to our customers, partners, and everyone working behind the scenes to keep organisations secure in an increasingly complex landscape.
Merry Christmas from all of us at SecQube.
Security teams are under pressure to do more with less.
When growth increases workload but not margin, it’s a sign something deeper needs fixing.
Where do you think your security operation struggles to scale?
When growth increases workload but not margin, it’s a sign something deeper needs fixing.
Where do you think your security operation struggles to scale?
December 19, 2025 at 3:00 PM
Security teams are under pressure to do more with less.
When growth increases workload but not margin, it’s a sign something deeper needs fixing.
Where do you think your security operation struggles to scale?
When growth increases workload but not margin, it’s a sign something deeper needs fixing.
Where do you think your security operation struggles to scale?
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability scq.ms/4iWcoOM #SecQube #MicrosoftSecurity
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ as follows:
1. Added a reminder to customers that The DisableCapiOverrideForRSA registry key will be removed in April 2026.
2. Added an update that states: The October 14, 2025, Windows updates addressing CVE-2024-30098 revealed issues in applications where the code does not correctly identify which provider is managing the key for certificates propagated from a smart card to the certificate store. This misidentification can cause cryptographic operations to fail in certain scenarios. Please see [Guidance for certificate handling for Smart Card propagated certificates](http://support.microsoft.com/kb/5073121) for guidance for application developers on how to detect the correct handler and resolve these issues.
These are informational changes only.
msrc.microsoft.com
December 16, 2025 at 2:38 AM
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability scq.ms/4iWcoOM #SecQube #MicrosoftSecurity
Incident response isn’t failing because analysts lack skill.
It’s failing because they lack time.
Manual triage slows detection.
Automation removes the delay that attackers exploit.
Why automation is no longer optional in modern incident response. - www.secqube.com/blog/why-aut...
It’s failing because they lack time.
Manual triage slows detection.
Automation removes the delay that attackers exploit.
Why automation is no longer optional in modern incident response. - www.secqube.com/blog/why-aut...
SecQube
Incident response is no longer failing because organisations lack skilled analysts.It’s failing because analysts lack time.
www.secqube.com
December 15, 2025 at 11:01 AM
Incident response isn’t failing because analysts lack skill.
It’s failing because they lack time.
Manual triage slows detection.
Automation removes the delay that attackers exploit.
Why automation is no longer optional in modern incident response. - www.secqube.com/blog/why-aut...
It’s failing because they lack time.
Manual triage slows detection.
Automation removes the delay that attackers exploit.
Why automation is no longer optional in modern incident response. - www.secqube.com/blog/why-aut...
CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability scq.ms/4iN65Nn #SecQube #cybersecurity
CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability
The following updates have been made:
1. To comprehensively address CVE-2025-60710, Microsoft has released December 2025 security updates for all supported editions of Windows 11 Version 24H2, Windows 11 Version 25H2, and Windows Server 2025. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
2. Added a Workaround for customers running Windows Server 2025, in the event they cannot immediately install the update.
msrc.microsoft.com
December 15, 2025 at 10:34 AM
CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability scq.ms/4iN65Nn #SecQube #cybersecurity
CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability scq.ms/3Yhdc7b #cybersecurity #SecQube
CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
msrc.microsoft.com
December 15, 2025 at 6:33 AM
CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability scq.ms/3Yhdc7b #cybersecurity #SecQube
CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability scq.ms/4q2ptZe #cybersecurity #SecQube
CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.
msrc.microsoft.com
December 15, 2025 at 2:38 AM
CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability scq.ms/4q2ptZe #cybersecurity #SecQube
CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability scq.ms/4prR7Pc #cybersecurity #SecQube
CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
msrc.microsoft.com
December 14, 2025 at 10:34 AM
CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability scq.ms/4prR7Pc #cybersecurity #SecQube
CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self(). scq.ms/4prol16 #MicrosoftSecurity #cybersecurity
CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self().
Information published.
msrc.microsoft.com
December 14, 2025 at 6:33 AM
CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self(). scq.ms/4prol16 #MicrosoftSecurity #cybersecurity
CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid() scq.ms/48poRH4 #MicrosoftSecurity #cybersecurity
CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid()
Information published.
msrc.microsoft.com
December 14, 2025 at 2:38 AM
CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid() scq.ms/48poRH4 #MicrosoftSecurity #cybersecurity
CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE scq.ms/4q0N0tu #MicrosoftSecurity #cybersecurity
CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
Information published.
msrc.microsoft.com
December 13, 2025 at 10:34 AM
CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE scq.ms/4q0N0tu #MicrosoftSecurity #cybersecurity
CVE-2025-12385 Improper validation of ![]()
tag size in Text component parser scq.ms/49ZY4lR #SecQube #MicrosoftSecurity
CVE-2025-12385 Improper validation of <img> tag size in Text component parser
Information published.
msrc.microsoft.com
December 13, 2025 at 6:33 AM
CVE-2025-12385 Improper validation of ![]()
tag size in Text component parser scq.ms/49ZY4lR #SecQube #MicrosoftSecurity
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #SecQube #MicrosoftSecurity
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Information published.
msrc.microsoft.com
December 13, 2025 at 2:38 AM
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #SecQube #MicrosoftSecurity
CVE-2025-40287 exfat: fix improper check of dentry.stream/.valid_size scq.ms/3Yf8abj #SecQube #MicrosoftSecurity
CVE-2025-40287 exfat: fix improper check of dentry.stream.valid_size
Information published.
msrc.microsoft.com
December 12, 2025 at 10:34 AM
CVE-2025-40287 exfat: fix improper check of dentry.stream/.valid_size scq.ms/3Yf8abj #SecQube #MicrosoftSecurity
CVE-2025-40205 btrfs: avoid potential out-of-bounds in btrfs_encode_fh() scq.ms/3XFaLLu #MicrosoftSecurity #cybersecurity
CVE-2025-40205 btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
Information published.
msrc.microsoft.com
December 12, 2025 at 6:33 AM
CVE-2025-40205 btrfs: avoid potential out-of-bounds in btrfs_encode_fh() scq.ms/3XFaLLu #MicrosoftSecurity #cybersecurity
CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() scq.ms/3YdSiG0 #MicrosoftSecurity #cybersecurity
CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
Information published.
msrc.microsoft.com
December 12, 2025 at 2:38 AM
CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() scq.ms/3YdSiG0 #MicrosoftSecurity #cybersecurity
CVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr update scq.ms/4rFn7Ro #MicrosoftSecurity #cybersecurity
CVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr update
Information published.
msrc.microsoft.com
December 11, 2025 at 10:34 AM
CVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr update scq.ms/4rFn7Ro #MicrosoftSecurity #cybersecurity
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context scq.ms/4iEvBUS #SecQube #MicrosoftSecurity
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
Information published.
msrc.microsoft.com
December 11, 2025 at 6:33 AM
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context scq.ms/4iEvBUS #SecQube #MicrosoftSecurity
CVE-2025-39748 bpf: Forget ranges when refining tnum after JSET scq.ms/4aB9lsZ #SecQube #MicrosoftSecurity
CVE-2025-39748 bpf: Forget ranges when refining tnum after JSET
Information published.
msrc.microsoft.com
December 11, 2025 at 2:38 AM
CVE-2025-39748 bpf: Forget ranges when refining tnum after JSET scq.ms/4aB9lsZ #SecQube #MicrosoftSecurity
CVE-2025-39789 crypto: x86/aegis - Add missing error checks scq.ms/4pO6RMg #SecQube #MicrosoftSecurity
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Information published.
msrc.microsoft.com
December 10, 2025 at 10:34 AM
CVE-2025-39789 crypto: x86/aegis - Add missing error checks scq.ms/4pO6RMg #SecQube #MicrosoftSecurity
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup scq.ms/3KIn86y #SecQube #MicrosoftSecurity
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Information published.
msrc.microsoft.com
December 10, 2025 at 6:33 AM
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup scq.ms/3KIn86y #SecQube #MicrosoftSecurity
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #cybersecurity #SecQube
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Information published.
msrc.microsoft.com
December 10, 2025 at 2:38 AM
CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite scq.ms/48qtwII #cybersecurity #SecQube
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 scq.ms/3KrNee1 #cybersecurity #SecQube
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Information published.
msrc.microsoft.com
December 9, 2025 at 10:34 AM
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 scq.ms/3KrNee1 #cybersecurity #SecQube
Attackers don’t break in.
They log in!
Our new post explains why passwords remain the weakest link, and why organisations need to make the shift to passwordless sooner rather than later.
👉 Full article: www.secqube.com/blog/passwor...
They log in!
Our new post explains why passwords remain the weakest link, and why organisations need to make the shift to passwordless sooner rather than later.
👉 Full article: www.secqube.com/blog/passwor...
December 9, 2025 at 10:00 AM
Attackers don’t break in.
They log in!
Our new post explains why passwords remain the weakest link, and why organisations need to make the shift to passwordless sooner rather than later.
👉 Full article: www.secqube.com/blog/passwor...
They log in!
Our new post explains why passwords remain the weakest link, and why organisations need to make the shift to passwordless sooner rather than later.
👉 Full article: www.secqube.com/blog/passwor...
CVE-2025-13837 Out-of-memory when loading Plist
Information published.
msrc.microsoft.com
December 9, 2025 at 6:33 AM