Tag: microsoft
-
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/
-
prompted 2026 Developing Deploying AI Fingerprints For Advanced Threat Detection
Author, Creator & Presenter: Natalie Isak, Software Engineer, Microsoft & Waris Gill, Applied Scientist, Microsoft Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’) YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-developing-deploying-ai-fingerprints-for-advanced-threat-detection/
-
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/storm1175-medusa-attacks/
-
Microsoft deaktiviert Legacy-Authentifizierung schrittweise in Windows Server – NTLM vor dem Aus
First seen on security-insider.de Jump to article: www.security-insider.de/ntlm-vor-dem-aus-a-78bdabea09edd6ce516797cdd5e1f510/
-
The rise of proactive cyber: Why defense is no longer enough
Tags: attack, breach, ciso, control, country, cyber, cybersecurity, defense, framework, google, government, hacking, infrastructure, intelligence, korea, law, microsoft, network, north-korea, risk, threat, toolWhat ‘proactive cyber’ means: Despite the more aggressive language, this shift toward private-sector involvement doesn’t envision vigilante-style payback by aggrieved organizations. It instead embraces a more systematic effort to interfere with adversaries earlier in the attack chain using authorities and capabilities that already exist.”To be clear, this is not hacking back,” Joyce said. “This is…
-
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
Tags: ai, apache, api, cloud, compliance, control, crowdstrike, data, defense, detection, edr, endpoint, fedramp, finance, framework, incident response, infrastructure, intelligence, jobs, login, microsoft, monitoring, risk, saas, security-incident, service, siem, soc, software, strategy, threat, tool, update, vulnerability24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts.Proactive threat hunting: Active searches for hidden threats rather than just waiting for automated triggers.AI and machine learning integration: Leveraging everything from basic anomaly detection to “Agentic AI” to reduce noise and accelerate investigations.Active incident response and containment: Capabilities to isolate endpoints…
-
Experts published unpatched Windows zero-day BlueHammer
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports. The researcher privately reported the vulnerability to Microsoft but criticized the waythe Microsoft’s Security…
-
Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign
Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on March 3, March 13, and March 23. The campaign primarily targeted organizations in Israel and the United Arab Emirates, impacting more than…
-
Zoff mit Microsoft: Frustrierter Forscher leakt Zero-Day-Exploit für Windows
Ein Forscher fühlt sich offenbar von Microsoft nicht ernst genommen. Aus Frust hat er einen Exploit-Code für eine ungepatchte Windows-Lücke geleakt. First seen on golem.de Jump to article: www.golem.de/news/zoff-mit-microsoft-frustrierter-forscher-leakt-zero-day-exploit-fuer-windows-2604-207270.html
-
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and AI-enhanced cloud protection to defend against emerging malware campaigns. Keeping antimalware solutions up to date…
-
Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware
Microsoft is warning that a fast”‘moving threat actor it tracks as Storm”‘1175 is aggressively exploiting vulnerabilities in internet”‘exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm”‘1175 is a financially motivated group known for high”‘velocity ransomware operations that weaponize recently disclosed, or “N”‘day”, vulnerabilities in web”‘facing services. The actor focuses…
-
How Mimecast brings enterprise-grade email protection to API deployment
In this Help Net Security video, Andrew Williams, Senior Product Manager at Mimecast, walks through the company’s API-based email security protection for Microsoft 365 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/mimecast-api-email-security-protection-video/
-
Windows Defender 0-Day Published Online, Giving Attackers Potential Full Access
A newly discovered zero-day vulnerability, dubbed >>BlueHammer,<< has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromised systems. Because a patch is not yet available from Microsoft, this public release leaves Windows users temporarily exposed to…
-
Medusa ransomware group using zero-days to launch attacks within 24 hours of breach, Microsoft says
Microsoft said it has been alarmed to see how effective Medusa actors are, citing multiple cases where the group can move from initial access to data exfiltration and ransomware deployment within 24 hours. First seen on therecord.media Jump to article: therecord.media/medusa-ransomware-group-zero-days-microsoft
-
Big tech vows to continue CSAM scanning in Europe despite expiration of law allowing it
Microsoft, Google, Meta and Snapchat released a statement on Friday saying they “reaffirm their continued commitment to protecting children and preserving privacy, and will continue to take voluntary action” to complete the scans. First seen on therecord.media Jump to article: therecord.media/big-tech-vows-to-continue-csam-scanning
-
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/
-
Microsoft fixes Classic Outlook bug causing email delivery issues
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/
-
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East.The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check…
-
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/
-
Missile Alert Phishing Exploits IranIsrael Conflict for Microsoft Logins
New Phishing scam uses fake missile alerts and the ongoing conflict involving Iran to target users with QR codes and fake government emails to steal Microsoft passwords. First seen on hackread.com Jump to article: hackread.com/missile-alert-phishing-iran-us-israel-microsoft-logins/
-
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
-
Schneller zurück zur Kontrolle: Microsoft und Rubrik schließen die Lücke bei Identitätsangriffen
Tags: microsoftDie Integration von Microsoft Defender und Rubrik zeigt, wohin sich IT-Sicherheit entwickelt: weg von isolierten Warnsystemen, hin zu ganzheitlichen Lösungen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/schneller-zurueck-zur-kontrolle-microsoft-und-rubrik-schliessen-die-luecke-bei-identitaetsangriffen/a44499/
-
Authentication is broken: Here’s how security leaders can actually fix it
Tags: access, attack, authentication, backup, business, communications, control, credentials, cryptography, data, exploit, fido, firmware, Hardware, healthcare, identity, login, mfa, microsoft, okta, passkey, privacy, resilience, risk, soc, technology, update, windowsSector snapshots: Where it breaks (and why that matters): Healthcare. Clinicians need tap and go speed with zero tolerance for downtime. One large hospital attempted to pair advanced HID SEOS credentials, which use privacy-preserving randomized IDs, with a clinical SSO platform that expects static IDs for user recognition. This architectural mismatch forced a choice between…
-
6 ways attackers abuse AI services to hack your business
Tags: ai, api, attack, backdoor, breach, business, ceo, china, control, cve, cyber, cybercrime, cybersecurity, data, email, espionage, exploit, framework, group, hacking, injection, leak, LLM, malicious, malware, marketplace, microsoft, monitoring, open-source, openai, service, skills, software, startup, supply-chain, threat, tool, vulnerabilityAbusing AI platforms as covert C2 channels: Cybercriminals are also abusing AI platforms as covert command-and-control (C2) channels by turning AI services into proxies that hide malicious traffic inside the flow of legitimate content.Instead of running a dedicated C2 server, malware is programmed to fetch commands and exfiltrate data through AI services, circumventing traditional security…
-
Ex-Microsoft engineer believes Azure problems stem from talent exodus
The cloud service’s woes reflect a crisis made worse by AI under-investment in people First seen on theregister.com Jump to article: www.theregister.com/2026/04/04/azure_talent_exodus/
-
Microsoft shivs OpenAI with three new AI models for speech and images
About that partnership… First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/microsoft_models_homegrown_ai_models/
-
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-secretly-scans-for-6-000-plus-chrome-extensions-collects-data/
-
LinkedIn Hidden Code Secretly Scans Users’ Computers for Installed Software
A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the >>BrowserGate<< report, hidden code on LinkedIn's website secretly scans the computers of its one billion users to detect installed software and browser extensions. This scanning reportedly happens without user consent, disclosure, or any mention…