Tag: microsoft
-
Microsoft Copilot Reprompt Attack Enables Stealthy Data Exfiltration
Reprompt is a one-click Microsoft Copilot attack that could enable silent data exfiltration, though Microsoft says it’s now patched. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/microsoft-copilot-reprompt-attack-enables-stealthy-data-exfiltration/
-
Microsoft disrupts RedVDS cybercrime platform behind $40 million in scam losses
Microsoft and law enforcement partners took down a popular cybercriminal subscription service called RedVDS that was used to enable more than $40 million in fraud losses in the United States alone. First seen on therecord.media Jump to article: therecord.media/microsoft-redvds-cybercrime-scam
-
Microsoft updates Windows DLL that triggered security alerts
Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-updates-windows-dll-that-triggered-security-alerts/
-
ConsentFix debrief: Insights from the new OAuth phishing attack
ConsentFix is an OAuth phishing technique abusing browser-based authorization flows to hijack Microsoft accounts. Push Security shares new insights from continued tracking, community research, and evolving attacker techniques. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/consentfix-debrief-insights-from-the-new-oauth-phishing-attack/
-
Reprompt attack hijacked Microsoft Copilot sessions for data theft
Researchers identified an attack method dubbed “Reprompt” that could allow attackers to infiltrate a user’s Microsoft Copilot session and issue commands to exfiltrate sensitive data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/reprompt-attack-let-hackers-hijack-microsoft-copilot-sessions/
-
Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/
-
Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/
-
Windows 365 update blocks access to Cloud PC sessions
Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-update-blocks-access-to-cloud-pc-sessions/
-
Windows 365 update blocks access to Cloud PC sessions
Microsoft confirmed that a recent Windows 365 update is blocking customers from accessing their Microsoft 365 Cloud PC sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-update-blocks-access-to-cloud-pc-sessions/
-
Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild.Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities have been classified as privilege escalation, followed by…
-
Criminal Subscription Service Behind AI-Powered Cyber-Attacks Taken Out By Microsoft
RedVDS cyber-crime-as-a-service platform powering phishing, BEC attacks and other fraud has cost victims millions First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/criminal-subscription-service/
-
Microsoft Fixes Three Zero-Days on Busy Patch Tuesday
Microsoft has patched three zero-day vulnerabilities in the first patch Tuesday of 2026, including one under active exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-three-zerodays-busy/
-
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
-
Microsoft Patchday Januar 2026 – Viele kritische Schwachstellen und immer mehr Rechteausweitungen
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-patchday-januar-2026-patches-updates-a-a9ca331e209026f83e5793905fb06182/
-
Microsoft seizes RedVDS infrastructure, disrupts fast-growing cybercrime marketplace
Tags: attack, credentials, cybercrime, infrastructure, marketplace, microsoft, phishing, service, theft, toolThe service became a prolific tool for cybercriminals in the past year, as it facilitated thousands of attacks involving credential theft, account takeovers, mass phishing and payment diversion fraud. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-seizes-disrupts-redvds-cybercrime-marketplace/
-
Microsoft January 2026 Patch Tuesday: 115 Vulnerabilities Fixed
Microsoft kicks off 2026 with 115 security updates, including a fix for an actively exploited zero-day. Protect your Windows and Office systems today. First seen on hackread.com Jump to article: hackread.com/microsoft-january-2026-patch-tuesday-vulnerabilities/
-
U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Windows vulnerability, tracked as CVE-2026-20805 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft Patch Tuesday security updates for January 2026 release…
-
Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day
Microsoft Patch Tuesday addressed 112 security flaws across Windows, Office, Azure, Edge, and more, including eight critical vulnerabilities, kicking off the new year with a major patch update. Microsoft Patch Tuesday security updates for January 2026 release 112 CVEs affecting Windows, Office, Azure, Edge, SharePoint, SQL Server, SMB, and Windows management services. Including third-party Chromium…
-
Microsoft DCU uses UK courts to hunt down cyber criminals
Microsoft has taken down the RedDVS cyber crime-as-a-service network after obtaining a UK court order, marking its first civil legal action outside of the US First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637353/Microsoft-DCU-uses-UK-courts-to-hunt-down-cyber-criminals
-
Microsoft Patch Tuesday addresses 112 defects, including one actively exploited zero-day
Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-january-2026/
-
Microsoft patches 112 CVEs on first Patch Tuesday of 2026
January brings a larger-than-of-late Patch Tuesday update out of Redmond, but an uptick in disclosures is often expected at this time of year. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637296/Microsoft-patches-112-CVEs-on-first-Patch-Tuesday-of-2026
-
Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day
The vendor’s first Patch Tuesday of the year also contains fixes for 112 CVEs, nearly double the amount from last month. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsofts-starts-2026-bang-zero-day
-
New Windows updates replace expiring Secure Boot certificates
Microsoft has started rolling out new Secure Boot certificates that will automatically install on eligible Windows 11 24H2 and 25H2 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-secure-boot-certificates-for-windows-devices/
-
New Windows updates replace expiring Secure Boot certificates
Microsoft has started rolling out new Secure Boot certificates that will automatically install on eligible Windows 11 24H2 and 25H2 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-secure-boot-certificates-for-windows-devices/
-
Microsoft releases Windows 10 KB5073724 extended security update
Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5073724-extended-security-update/
-
Windows 11 KB5074109 & KB5073455 cumulative updates released
Microsoft has released Windows 11 KB5074109 and KB5073455 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5074109-and-kb5073455-cumulative-updates-released/
-
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
Today is Microsoft’s January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-january-2026-patch-tuesday-fixes-3-zero-days-114-flaws/
-
Microsoft’s Rob Lefferts On Rise Of AI Attacks: ‘Be Prepared To Go Faster’
As AI-powered cyberattacks become even more autonomous and widespread, cybersecurity teams will need to adapt by becoming faster and more sophisticated in their response capabilities, according to Microsoft security executive Rob Lefferts. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-s-rob-lefferts-on-rise-of-ai-attacks-be-prepared-to-go-faster