Tag: microsoft
-
Mimecast makes enterprise email security deployable in minutes
Most organizations running Microsoft 365 rely on native email controls as their primary line of defense. According to Mimecast research, 38% of organizations depend … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/ranjan-singh-mimecast-api-email-security/
-
Proton launches new “Meet” privacy-focused conferencing platform
Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/proton-launches-new-meet-privacy-focused-conferencing-platform/
-
Iran Threatens to Start Attacking Major US Tech Firms on April 1
Tech giants like Apple, Google, and Microsoft are among those on a target list released by Iran’s Islamic Revolutionary Guard Corps. First seen on wired.com Jump to article: www.wired.com/story/iran-threatens-to-start-attacking-major-us-tech-firms-on-april-1/
-
RSAC 2026 News: RSA Security and Microsoft Advance Identity Security for AI Era
I sat down with RSA Security at RSAC 2026 to discuss identity security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/rsac-2026-news-rsa-security-and-microsoft-advance-identity-security-for-ai-era/
-
Latest Xloader Obfuscation Methods and Network Protocol
Tags: api, automation, breach, cloud, communications, credentials, data, detection, email, encryption, framework, google, Internet, malicious, malware, microsoft, network, password, powershell, software, threat, tool, update, windowsIntroduction Xloader is an information stealing malware family that evolved from Formbook and targets web browsers, email clients, and File Transfer Protocol (FTP) applications. Additionally, Xloader may execute arbitrary commands and download second-stage payloads on an infected system. The author of Xloader continues to update the codebase, with the most recent observed version being 8.7. Since…
-
EvilTokens ramps up device code phishing targeting Microsoft 365 users
Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/eviltokens-phishing-microsoft-365/
-
Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost
Microsoft released Windows 11 Insider Preview Build 29558.1000 to the Canary Channel, part of the optional 29500 build series. The build carries a set of changes focused on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/windows-11-console-upgrade-speed-boost/
-
Proton Launches Encrypted Video Conferencing and Unified Workspace to Take On Google and Microsoft
Swiss privacy company Proton has today announced the simultaneous launch of Proton Workspace and Proton Meet, its most significant expansion yet into the enterprise productivity market and a direct challenge to the dominance of Google Workspace and Microsoft 365. The double launch marks a strategic pivot for the Geneva-based firm, which has built a user…
-
Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
Microsoft has resolved a known issue that rendered the classic Outlook email client unusable for users who enabled the Microsoft Teams Meeting Add-in. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-classic-crashes-caused-by-teams-meeting-add-in/
-
8 ways to bolster your security posture on the cheap
Tags: access, attack, authentication, awareness, breach, ciso, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, dkim, dmarc, dns, email, endpoint, exploit, finance, google, identity, Internet, metric, mfa, microsoft, mitigation, okta, passkey, password, phishing, risk, risk-management, service, strategy, technology, tool, training, update, waf, zero-day2. Take full advantage of your existing tools: A practical way to strengthen enterprise security without incurring additional significant spend is to ensure you’re fully leveraging the capabilities of solutions already present within your organization, says Gary Brickhouse, CISO at security services firm GuidePoint Security.”Most organizations have invested heavily in security solutions, yet most are…
-
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service sells a turnkey Microsoft device code phishing kit that has been in active use since mid”‘February 2026 and was quickly adopted by groups specialising in Adversary”‘in”‘the”‘Middle phishing and Business…
-
Passkeys Hit Critical Mass: Microsoft Auto-Enables for Millions, 87% of Companies Deploy as Passwords Near End-of-Life
March 2026 marks passwordless tipping point: Microsoft forces passkey migration, regulatory deadlines hit, and adoption surges to 69% of consumers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/passkeys-hit-critical-mass-microsoft-auto-enables-for-millions-87-of-companies-deploy-as-passwords-near-end-of-life/
-
In vier Schritten die M365-Tenant-Resilienz stärken – Die vier größten Risiken für den Microsoft-365-Tenant
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-365-tenant-risiken-vier-schritte-plan-resilienz-a-f79a1a96ffe05461afa4f6cdd0cdc2ca/
-
Microsoft pulls KB5079391 Windows update over install issues
Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-pulls-windows-kb5079391-update-over-0x80073712-install-errors/
-
Microsoft Releases Key WinRE and Setup Updates to Prepare for 2026 Secure Boot Changes
Microsoft has rolled out a critical Setup Dynamic Update, designated as KB5081494, for Windows 11 versions 24H2 and 25H2. Released on March 26, 2026, this patch introduces essential improvements to Windows setup binaries. The core objective of this release is to prepare both enterprise infrastructures and personal devices for the highly anticipated expiration of major…
-
Microsoft stoppt Verteilung: Neue Update-Panne bei Windows 11
Trotz versprochener Qualitätsverbesserungen macht ein kürzlich veröffentlichtes Windows-11-Update Probleme. Microsoft zieht die Notbremse. First seen on golem.de Jump to article: www.golem.de/news/microsoft-stoppt-verteilung-neue-update-panne-bei-windows-11-2603-207042.html
-
Datensicherung in Zeiten der Cloud: Die unterschätzte Verantwortung für Backups in Microsoft 365
Microsoft 365 ist in vielen Unternehmen längst der Ort, an dem sich große Teile des Arbeitsalltags abspielen. Kommunikation, Zusammenarbeit und Wissensmanagement finden heute überwiegend über Exchange Online, Teams, OneDrive, SharePoint oder OneNote statt. Damit ist Microsoft 365 längst mehr als ein Produktivitätswerkzeug es bildet die Grundlage zahlreicher geschäftskritischer Prozesse. Vor diesem Hintergrund wird… First seen…
-
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this…The…
-
Microsoft tells crusty old kernel drivers to get with the Windows Hardware Compatibility Program
Cross-signed code gets the cold shoulder as Redmond tightens trust First seen on theregister.com Jump to article: www.theregister.com/2026/03/27/microsoft_kernel_trust/
-
The quantum apocalypse is coming sooner than we thought
CSOs can’t afford to watch and wait: Google has upped the ante on PQC migration, Michela Menting, an analyst at ABI Research, tells CSO.That means that enterprises will also need to step up their transition plans, she says, “to align earlier than what they might have originally thought was acceptable based on the NIST deprecation…
-
Windows 11 KB5079391 update rolls out Smart App Control improvements
Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5079391-update-rolls-out-smart-app-control-improvements/
-
Windows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM Access
Microsoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper permission handling. The vulnerability was so significant that Microsoft chose to remove the affected feature entirely…
-
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry.”The pipeline had a single boolean return value that meant both ‘no scanners are configured’…
-
Laufende Angriffe gefährden fast 1.000 Sharepoint-Instanzen
Eine kritische Lücke in Microsoft Sharepoint wird seit Tagen aktiv ausgenutzt. Die zweitmeisten anfälligen Instanzen stehen in Deutschland. First seen on golem.de Jump to article: www.golem.de/news/microsoft-fast-1-000-sharepoint-systeme-laufenden-angriffen-ausgesetzt-2603-206992.html
-
Why Misaligned Incentives Are the CISO’s Biggest Problem
Jim DuBois, Former Microsoft CIO and CISO, on Incentives, AI and Cyber’s Future. As AI reshapes cybersecurity, aligning security and innovation teams is more critical than ever. Former Microsoft CIO and CISO Jim DuBois says misaligned incentives create conflict, and fixing that is what lets organizations move fast without compromising security. First seen on govinfosecurity.com…
-
Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries
A global phishing campaign targeting Microsoft 365 bypasses security codes using a legitimate login feature, impacting hundreds of organizations. The post Microsoft 365 Under Siege: Phishing Campaign Bypasses MFA Across 5 Countries appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-365-phishing-bypasses-security-codes/
-
Microsoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain Attack
Tags: attack, credentials, cve, cyber, malware, microsoft, supply-chain, threat, tool, vulnerabilityAqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prior incomplete remediation to inject credential-stealing malware into official releases. This incident, tracked as CVE-2026-33634, successfully weaponized a trusted security tool against the organizations relying on it to stay safe. This visualizes the attack propagation timeline…
-
An Evolving GlassWorm Malware is Making the Rounds of Code Repositories
Threat researchers with various vendors for the past year have been tracking the efforts of a bad actor dubbed GlassWorm known for dropping malicious extensions in code registries like npm, Open VSX, PyPI, and Microsoft’s Visual Studio Marketplace with the aim of stealing secrets and cryptocurrency. This month, threat researchers wrote about a resurgence in..…
-
Bubble AI app builder abused to steal Microsoft account credentials
Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bubble-ai-app-builder-abused-to-steal-microsoft-account-credentials/