Tag: microsoft
-
LinkedIn Hidden Code Secretly Scans Users’ Computers for Installed Software
A new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the >>BrowserGate<< report, hidden code on LinkedIn's website secretly scans the computers of its one billion users to detect installed software and browser extensions. This scanning reportedly happens without user consent, disclosure, or any mention…
-
Even Microsoft knows Copilot shouldn’t be trusted with anything important
Tags: microsoftTerms admit it is for entertainment only and may get things wrong First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/copilot_terms_of_service/
-
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
A new report dubbed “BrowserGate” warns that Microsoft’s LinkedIn is using hidden JavaScript scripts on its website to scan visitors’ browsers for installed extensions and collect device data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/linkedin-secretely-scans-for-6-000-plus-chrome-extensions-collects-data/
-
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team.”Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate…
-
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches
Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/windows-secure-boot-certificate-update-2026-expiration/
-
Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2
Microsoft has officially initiated an automated, machine-learning-based rollout for Windows 11, version 25H2, targeting unmanaged systems. As part of its ongoing efforts to keep devices secure, similar to routine patch deployments that address critical system vulnerabilities, the tech giant is forcefully upgrading all eligible Home and Pro devices currently running version 24H2. For consumers and…
-
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/crowdstrike-falcon-ingest-microsoft-defender-telemetry
-
Microsoft still working to fix Exchange Online mailbox access issues
Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-still-working-to-fix-exchange-online-mailbox-access-issues/
-
Microsoft veteran says some ‘broken by update’ PCs were already doomed
Patch Tuesday often gets blamed when a reboot merely exposes damage already done, according to Chen First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/chen_windows_updates/
-
12 cyber industry trends revealed at RSAC 2026
Tags: access, ai, application-security, authentication, awareness, business, ciso, cloud, control, cyber, cybersecurity, data, deep-fake, defense, detection, edr, endpoint, firewall, gartner, governance, identity, infrastructure, insurance, metric, microsoft, monitoring, mssp, phishing, programming, risk, risk-management, service, siem, skills, soc, software, startup, technology, threat, tool, trainingLegacy security vendors have the inside track on AI, for now: As far as AI technology consumption for cybersecurity, most CISOs I spoke with were open-minded while leaning toward their existing vendors, at least in the short term. This may buy legacy security vendors a bit, but not much time.Remember what happened in the cloud…
-
Artemis II astronaut: ‘I have two Microsoft Outlooks, and neither one of those are working’
Tags: microsoftIn space no one can hear you scream, at Microsoft First seen on theregister.com Jump to article: www.theregister.com/2026/04/02/artemis_astronauts_microsoft_outlook_broken/
-
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-force-upgrades-unmanaged-windows-11-24h2-pcs/
-
Microsoft releases open-source toolkit to govern autonomous AI agents
AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/microsoft-ai-agent-governance-toolkit/
-
Top 10 Best SaaS Security Posture Management (SSPM) Tools 2026
The rapid and relentless adoption of Software-as-a-Service (SaaS) applications has fundamentally transformed how businesses operate in 2026. From critical productivity suites like Microsoft 365 and Google Workspace to specialized CRM, HR, and development tools, SaaS is ubiquitous. However, this convenience comes with a significant security caveat: a vast and often unmanaged attack surface. Each SaaS…
-
Top 10 Best SaaS Security Posture Management (SSPM) Tools 2026
The rapid and relentless adoption of Software-as-a-Service (SaaS) applications has fundamentally transformed how businesses operate in 2026. From critical productivity suites like Microsoft 365 and Google Workspace to specialized CRM, HR, and development tools, SaaS is ubiquitous. However, this convenience comes with a significant security caveat: a vast and often unmanaged attack surface. Each SaaS…
-
Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs
Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems. First seen on hackread.com Jump to article: hackread.com/microsoft-whatsapp-attachments-backdoor-windows-pcs/
-
EvilTokens abuses Microsoft device code flow for account takeovers
A phishing package with post-compromise focus: Beyond the initial access vector, EvilTokens is structured as a full-service phishing platform. The kit provides affiliates with ready-to-use lures, infrastructure, and automation tools designed to carry out both the phishing phase and post-compromise activity.The lures used in the campaign include fake SharePoint document notifications, DocuSign requests, and account…
-
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Tags: breach, cyber, infrastructure, malicious, microsoft, mitigation, north-korea, supply-chain, threatMicrosoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North Korean threat actor Sapphire Sleet. On March 31, 2026, two Axios npm versions (1.14.1 and 0.30.4) were published with a hidden malicious dependency that contacted attacker command”‘and”‘control (C2) infrastructure and…
-
Microsoft links Classic Outlook issue to email delivery problems
Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-links-classic-outlook-bug-to-email-delivery-issues/
-
WhatsApp on Windows users targeted in new campaign, warns Microsoft
Microsoft warns WhatsApp on Windows users about an ongoing campaign that tries to gain permanent access to your machine First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/whatsapp-on-windows-users-targeted-in-new-campaign-warns-microsoft/
-
Hackers Are Using WhatsApp to Deliver Malware to Windows PCs
Hackers are using WhatsApp messages to deliver malware to Windows PCs, exploiting user trust and attachments to trigger stealthy, multi-stage attacks. The post Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-whatsapp-malware-windows-attack/
-
Iran Calls U.S. Tech Companies ‘Legitimate Targets,’ Threatens to Attack
The Iranian government is threatening to attack the Middle East operations of more than a dozen U.S. tech companies, including Microsoft, Nvidia, and Google, calling them “legitimate targets.” Meanwhile, pro-Iranian threat groups expand their operations as the U.S. and Israel continues their bombing campaign against Iran. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/iran-calls-u-s-tech-companies-legitimate-targets-threatens-to-attack/
-
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files.The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persistence and enabling remote access. It’s currently not known what lures the threat actors use to trick…
-
KI-Agent Corey sorgt für Transparenz und Sicherheit in Microsoft-365-Umgebungen
Mit dem neuen KI-Agenten Corey von Coreview können IT-Verantwortliche ab sofort die Sicherheit und Transparenz in Microsoft-365-Umgebungen mithilfe natürlicher Sprache nachhaltig verbessern. Jede Woche verzeichnen Unternehmen im Durchschnitt 140.000 Microsoft-365-Anmeldeversuche. Bei jedem einzelnen muss beurteilt werden, ob es sich um einen Routinevorgang oder eine aktive Bedrohung handelt. Entsprechend müssen Sicherheitsverantwortliche alle vier Sekunden richtig reagieren,…
-
Microsoft Teams to Improve Privacy With EXIF Data Removal Feature
Microsoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining with a critical new feature that automatically removes EXIF metadata from shared images. These upcoming changes are designed to protect user privacy by default, streamline biometric data management, and enforce modern browser security standards across the platform. For cybersecurity professionals…
-
WhatsApp malware campaign uses malicious VBS files to gain persistent access
MSI as the backdoor vehicle for persistence: The final stages of the campaign lead to persistence, using Microsoft Installer (MSI) packages as the delivery mechanism for backdoors.MSI files are an effective choice as they are not usually treated as inherently suspicious and can execute custom actions during installation. In this campaign, they are used to…
-
CultureAI Launches on Microsoft Marketplace to Accelerate Secure AI Adoption
This week, CultureAI has announced the availability of its platform on Microsoft Marketplace, marking a step aimed at simplifying how organisations discover, deploy and manage AI usage controls. Microsoft Marketplace, a unified storefront combining Azure Marketplace and AppSource, enables organisations to find, purchase and deploy thousands of cloud and AI solutions within their existing Microsoft…
-
Windows 11 Update Fixes Critical Installation Loop Problem
Microsoft has rolled out an urgent, out-of-band update to fix a frustrating installation glitch plaguing Windows 11 users. On March 31, 2026, the company released KB5086672 to rescue devices trapped in an update loop caused by the recent March 26 preview release. When users attempted to install that specific package, their systems would abruptly fail…
-
New Windows 11 emergency update fixes preview update install issues
Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-11-kb5086672-emergency-update-fixes-install-issues/
-
NIS2 im Microsoft-365-Umfeld: Wenn Cloud-Produktivität zur Sicherheitsarchitektur wird
Kommentar von Umut Alemdar, Senior Vice President Cybersecurity bei Hornetsecurity by Proofpoint »Ein kompromittiertes Benutzerkonto, das innerhalb weniger Minuten die interne Kommunikation übernimmt. Phishing-Links, die sich über Teams verbreiten. Dokumente, auf die plötzlich niemand mehr zugreifen kann. Solche Vorfälle sind längst kein Ausnahmefall mehr. Sie zeigen vor allem eines: Wie abhängig Geschäftsprozesse heute von cloudbasierten……