Tag: microsoft
-
Microsoft warnt: Hacker attackieren Windows-Nutzer über Lücken im Defender
Angreifer können über den Microsoft Defender unter anderem Schadcode einschleusen und sich Systemrechte verschaffen. Erste Attacken laufen bereits. First seen on golem.de Jump to article: www.golem.de/news/microsoft-warnt-hacker-attackieren-windows-nutzer-ueber-luecken-im-defender-2605-208918.html
-
Manueller Eingriff nötig: Microsoft reagiert auf Yellowkey-Exploit für Bitlocker
Seit Tagen kursiert im Netz ein Zero-Day-Exploit zur Umgehung der Bitlocker-Verschlüsselung. Admins müssen sich vorerst selbst um den Schutz kümmern. First seen on golem.de Jump to article: www.golem.de/news/manueller-eingriff-noetig-microsoft-reagiert-auf-yellowkey-exploit-fuer-bitlocker-2605-208913.html
-
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/
-
The EU Is Going Through a Trump-Fueled Breakup With Big Tech
Tags: microsoftFrance is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit. First seen on wired.com Jump to article: www.wired.com/story/the-eu-is-going-through-a-trump-fueled-breakup-with-big-tech/
-
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
-
BadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit Sites
A new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.pdb” strings, which Talos used to trace its development history. Evidence suggests the malware has been actively…
-
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its…
-
GitHub Hacked, Internal Repositories Offered for Sale
A Single Developer Downloaded a Poisoned VS Code Extension, and Now Look. GitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisoned VS Code script, which is developed by Microsoft. TeamPCP and Lapsus$ appear to be cooperating to sell the stolen data for $95,000.…
-
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
Microsoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-rampart-clarity-agentic-ai-security-red-teaming-tools/
-
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft disrupted the Fox Tempest operation after attackers abused Azure Artifact Signing to distribute malware disguised as trusted software. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-disrupts-malware-signing-service-used-by-ransomware-gangs/
-
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents.RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents,…
-
Microsoft disrupts cybercrime operation that hid behind legitimate software
The Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disrupts-cybercrime-hid-legitimate-software/820724/
-
GitHub says internal repositories were impacted in poisoned VS Code extension attack
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the…
-
Microsoft issues YellowKey mitigation, no patch yet
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS…
-
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS…
-
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications.Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies First seen…
-
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identified as malicious and subsequently quarantined by PyPI after analysis by Wiz researchers. This incident highlights how attackers are…
-
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/github-breached-teampcp/
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to government entities across Europe, while adopting stealthier techniques and cloud-based command-and-control (C2) infrastructure. One of the…
-
Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing
Tags: cyber, cybercrime, group, intelligence, malicious, malware, microsoft, ransomware, service, software, threatFox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to Microsoft Threat Intelligence, the group enabled ransomware campaigns and malware distribution by generating fraudulent but valid code-signing certificates, allowing…
-
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.”Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as…
-
Microsoft provides mitigation for >>YellowKey<< BitLocker bypass flaw (CVE-2026-45585)
Microsoft is working on a fix for CVE-2026-45585 (aka >>Yellowkey<<), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/yellowkey-bitlocker-mitigation-cve-2026-45585/
-
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/
-
Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware
Hackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive Living-off-the-Land binary (LOLBIN) for stealthy attacks. MSHTA allows execution of VBScript and JavaScript from…
-
Hackers Exploit MSHTA to Deploy LummaStealer and Amatera Malware
Hackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive Living-off-the-Land binary (LOLBIN) for stealthy attacks. MSHTA allows execution of VBScript and JavaScript from…
-
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/
-
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company’s Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cybercrime-service-disrupted-for-abusing-microsoft-platform-to-sign-malware/