LEMON BLOG

Microsoft has issued a serious warning for developers using ASP.NET Core — a popular framework powering countless web applications worldwide. A newly discovered flaw, tagged CVE-2025-55315, could allow attackers to bypass key security mechanisms remotely, posing a severe risk to enterprise environments.

Microsoft has recently confirmed a critical zero-day vulnerability affecting the Windows Remote Access Connection Manager (RasMan) service. The flaw, tracked as CVE-2025-59230, poses a serious risk to enterprise systems, enabling attackers to escalate privileges from low-level user accounts to full SYSTEM-level access. Security researchers have verified that this exploit is already being actively used in the wild, prompting urgent calls for immediate patching.

Microsoft has raised alarms over a recent phishing campaign that cleverly used AI technology to conceal its malicious code and slip past email security filters. According to the company, the attackers appeared to have harnessed a large language model (LLM) to generate complex, machine-crafted code that mimicked legitimate business content. 

Microsoft has officially locked down the Internet Explorer (IE) Mode in its Edge browser, following confirmed reports that hackers had turned the legacy feature into a stealthy backdoor for cyberattacks. 

If you've joined an online meeting recently, you might have noticed a mysterious extra "attendee" — often named something like "AI Notetaker" or "Meeting Assistant." These tools promise convenience by automatically transcribing conversations, summarizing discussions, and identifying action items.