Tag: microsoft
-
Microsoft warnt vor rasantem Anstieg von Helpdesk-Betrug via Teams
Der IT-Support meldet sich per Microsoft-Teams-Chat, weist auf ein dringendes Sicherheitsupdate hin und bittet um Fernzugriff. Was nach Routine klingt, ist eine der gefährlichsten Einbruchsmethoden in Unternehmensnetzwerke. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/microsoft-teams-helpdesk-betrug
-
12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users
LayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extensions secretly track user activity and harvest sensitive data. The operation has successfully compromised over 130,000 users, with approximately 12,500 installations still active…
-
Remote Code Execution und Evelation of Privilege – CISA warnt vor Angriffen auf Microsoft Exchange und Windows CLFS
First seen on security-insider.de Jump to article: www.security-insider.de/aktive-angriffe-exchange-windows-clfs-schwachstellen-patchen-a-18e96c176dc7a26db31fdca756f24673/
-
Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched
Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users. The post Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-defender-flaws-exploited-windows-10-11/
-
Article 5 and the EU AI Act’s Absolute Red Lines FireTail Blog
Tags: access, ai, awareness, cctv, cloud, compliance, control, data, detection, exploit, finance, group, healthcare, ibm, infrastructure, Internet, law, microsoft, monitoring, risk, service, technology, tool, training, vulnerabilityApr 20, 2026 – Alan Fagan – Most conversations about the EU AI Act focus on August 2026, when obligations for high-risk AI systems become fully enforceable. But Article 5 is already live. The Act’s eight prohibited practices became enforceable in February 2025. Fines of up to Euro35 million or 7% of global annual turnover…
-
Article 5 and the EU AI Act’s Absolute Red Lines FireTail Blog
Tags: access, ai, awareness, cctv, cloud, compliance, control, data, detection, exploit, finance, group, healthcare, ibm, infrastructure, Internet, law, microsoft, monitoring, risk, service, technology, tool, training, vulnerabilityApr 20, 2026 – Alan Fagan – Most conversations about the EU AI Act focus on August 2026, when obligations for high-risk AI systems become fully enforceable. But Article 5 is already live. The Act’s eight prohibited practices became enforceable in February 2025. Fines of up to Euro35 million or 7% of global annual turnover…
-
A Token Flaw Turned Azure’s AI Agent Into a Spy
Outsiders Could Exploit Misconfig to Stream Commands, Credentials. A misconfiguration in Microsoft’s Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization’s agent conversations in real time, watching commands, outputs and credentials, leaving no trace. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/token-flaw-turned-azures-ai-agent-into-spy-a-31462
-
A Token Flaw Turned Azure’s AI Agent Into a Spy
Outsiders Could Exploit Misconfig to Stream Commands, Credentials. A misconfiguration in Microsoft’s Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization’s agent conversations in real time, watching commands, outputs and credentials, leaving no trace. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/token-flaw-turned-azures-ai-agent-into-spy-a-31462
-
Stellantis teams with Microsoft to strengthen digital capabilities
As part of the 5-year agreement, collaborative teams will co-develop more than 100 initiatives relating to AI and cybersecurity. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/stellantis-microsoft-5year-partnership-ai-cybersecurity/817948/
-
Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users
Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data. First seen on hackread.com Jump to article: hackread.com/fake-tiktok-downloaders-chrome-edge-spy-users/
-
Teams increasingly abused in helpdesk impersonation attacks
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
-
Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook
Cross-tenant risk grows: The attack chain uses Teams’ cross-tenant communication capability, which allows external users to initiate chats with employees, Microsoft wrote in the blog.”The cross-tenant risk is significant, and many organizations probably do underestimate it,” said Sunil Varkey, advisor at Beagle Security.”Collaboration tools were designed to reduce friction, but many organizations enabled that convenience…
-
Microsoft releases Windows Server update fix to fix its April update fixes
Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
-
Microsoft releases Windows Server update fix to fix its April update fixes
Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
-
Microsoft releases Windows Server update fix to fix its April update fixes
Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
-
Microsoft releases Windows Server update fix to fix its April update fixes
Out-of-band or out of control? First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsoft_releases_a_windows_server_update_fix/
-
Microsoft tests Windows Explorer speed, performance improvements
Microsoft is rolling out multiple File Explorer changes to Windows 11 users in the Insider program, including improvements to launch speed and performance. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-speed-performance-improvements/
-
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/20/athr-voice-phishing-ai-platform/
-
Copilot & Agentforce offen für PromptTricks
Tags: access, ai, bug, cvss, cyberattack, injection, least-privilege, mail, microsoft, update, vulnerabilityKI-Agenten sind populär und anfällig dafür, missbraucht zu werden.KI-Agenten fürs Enterprise können bekanntlich Arbeitsabläufe optimieren. Aber auch die Datenexfiltration wie Sicherheitsforscher von Capsule Security herausgefunden haben. Sie haben sowohl in Microsoft Copilot Studio als auch Salesforce Agentforce Prompt-Injection-Schwachstellen entdeckt.Diese ermöglichen Angreifern in beiden Fällen schadhafte Befehle über scheinbar harmlose Prompts einzuschleusen mit potenziell verheerenden Folgen.…
-
Microsoft pulls service update causing Teams launch failures
Microsoft has reverted a recent service update that was preventing some customers from launching the Microsoft Teams desktop client. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-teams-client-launch-failures-caused-by-service-update/
-
Microsoft-Signed Malware Built With FUD Crypt Packs Persistence and C2
Hackers are abusing a service called FUD Crypt to generate fully undetected, Microsoft”‘signed malware that installs persistence and connects to a dedicated command”‘and”‘control (C2) platform with zero effort on the buyer’s part. This Malware”‘as”‘a”‘Service (MaaS) offering turns ordinary payloads into polymorphic, signed loaders that are extremely hard for both security tools and human analysts to…
-
Microsoft releases emergency updates to fix Windows Server issues
Microsoft has released out-of-band (OOB) updates to fix issues affecting Windows Server systems after installing the April 2026 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-updates-to-fix-windows-server-issues/
-
Windows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage Security
Microsoft has rolled out Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, bringing crucial updates for system security and storage management. Announced by the Windows Insider Program Team on April 10, 2026, this release delivers enhanced oversight for Secure Boot states. It streamlines User Account Control (UAC) prompts. The update provides users with…
-
Fake Helpdesk Attack Uses Teams and Quick Assist to Breach Targets
Attackers are increasingly abusing Microsoft Teams and Windows Quick Assist to run a helpdesk”‘themed social engineering attack chain that leads to full enterprise compromise and stealthy data theft. By impersonating IT support and relying on legitimate tools and protocols, adversaries can move laterally and exfiltrate data while blending into normal admin activity. Using names such as “Help…
-
Microsoft Teams right-click paste broken by Edge update bug
Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-right-click-paste-broken-by-edge-update-bug/
-
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access
Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the…
-
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (…