Tag: microsoft
-
Nigeria arrests dev of Microsoft 365 ‘Raccoon0365’ phishing platform
The Nigerian police have arrested three individuals linked to targeted Microsoft 365 cyberattacks via Raccoon0365 phishing-as-a-service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nigeria-arrests-dev-of-microsoft-365-raccoon0365-phishing-platform/
-
Nigeria arrests suspected RaccoonO365 phishing kit developer on tip from Microsoft, FBI
One of the alleged developers behind the RaccoonO365 subscription-based phishing kit was arrested by Nigerian police this week. First seen on therecord.media Jump to article: therecord.media/nigeria-raccoon-developer-tip
-
CultureAI Selected for Microsoft’s Agentic Launchpad Initiative to Advance Secure AI Usage
UK-based AI safety and governance company CultureAI has been named as one of the participants in Microsoft’s newly launched Agentic Launchpad, a technology accelerator aimed at supporting startups working on advanced AI systems. The inclusion marks a milestone for CultureAI’s growth and signals broader industry interest in integrating AI safety and usage control into emerging…
-
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
Multiple threat actors are compromising Microsoft 365 accounts in phishing attacks that leverage the OAuth device code authorization mechanism. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-365-accounts-targeted-in-wave-of-oauth-phishing-attacks/
-
Microsoft-Konto gekapert: Hacker entwickeln Cyberangriffe mit Captchas weiter so schützt du dich
First seen on t3n.de Jump to article: t3n.de/news/microsoft-konto-gekapert-hacker-cyberangriffe-captchas-weiterentwickelt-1722368/
-
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks
Authorities in Nigeria have announced the arrest of three “high-profile internet fraud suspects” who are alleged to have been involved in phishing attacks targeting major corporations, including the main developer behind the RaccoonO365 phishing-as-a-service (PhaaS) scheme.The Nigeria Police Force National Cybercrime Centre (NPFNCCC) said investigations conducted in collaboration with First seen on thehackernews.com Jump to…
-
Microsoft Patches MSMQ Flaw That Affects IIS Web Servers
Microsoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documented in the December 9, 2025 update (KB5071546), affects Windows 10 version 22H2 and version 21H2. The Vulnerability The MSMQ bug causes…
-
Jassy taps 27-year Amazon veteran to run AGI org, which is now definitely a thing that exists
Amazon bets that by making AI its own group, it can outpace Microsoft and Google First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/jassy_taps_peter_desantis_to_run_agi/
-
OAuth Device Code Phishing Campaigns Surge Targets Microsoft 365
A surge in phishing attacks exploiting Microsoft’s OAuth device code flow has been identified by Proofpoint First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/oauth-phishing-campaigns/
-
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/microsoft-365-device-code-phishing/
-
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/microsoft-365-device-code-phishing/
-
Humanthe-loop isn’t enough: New attack turns AI safeguards into exploits
Defensive steps for agents and users: Checkmarx recommended measures primarily for AI agent developers, urging them to treat HITL dialogs as potentially manipulative rather than inherently trustworthy. Recommended steps include constraining how dialogs are rendered, limiting the use of complex UI formatting, and clearly separating human-visible summaries from the underlying actions that will be executed.The…
-
Humanthe-loop isn’t enough: New attack turns AI safeguards into exploits
Defensive steps for agents and users: Checkmarx recommended measures primarily for AI agent developers, urging them to treat HITL dialogs as potentially manipulative rather than inherently trustworthy. Recommended steps include constraining how dialogs are rendered, limiting the use of complex UI formatting, and clearly separating human-visible summaries from the underlying actions that will be executed.The…
-
Humanthe-loop isn’t enough: New attack turns AI safeguards into exploits
Defensive steps for agents and users: Checkmarx recommended measures primarily for AI agent developers, urging them to treat HITL dialogs as potentially manipulative rather than inherently trustworthy. Recommended steps include constraining how dialogs are rendered, limiting the use of complex UI formatting, and clearly separating human-visible summaries from the underlying actions that will be executed.The…
-
The Case for Dynamic AI-SaaS Security as Copilots Scale
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and ServiceNow now come with built-in AI assistants or agent-like features. Virtually every major SaaS vendor has rushed to embed AI into their offerings.The result is an explosion of…
-
Microsoft bestätigt: Windows-Update macht Remote-App-Verbindungen kaputt
Einige Windows-Nutzer können seit Tagen keine Apps mehr von Azure Virtual Desktop streamen. Ein Fix ist in Arbeit. Aktuell helfen nur Workarounds. First seen on golem.de Jump to article: www.golem.de/news/microsoft-bestaetigt-windows-update-macht-remote-app-verbindungen-kaputt-2512-203402.html
-
React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines
Security boffins warn flaw is now being used for ransomware attacks against live networks First seen on theregister.com Jump to article: www.theregister.com/2025/12/18/react2shell_exploitation_spreads_as_microsoft/
-
Microsoft December Update Breaks Critical IIS Servers
The security updates delivered through KB5071546 have fundamentally broken Message Queuing (MSMQ) functionality across multiple Windows versions. The post Microsoft December Update Breaks Critical IIS Servers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-critical-iis-servers/
-
Recent Windows updates break RemoteApp connections
Microsoft has confirmed that recent Windows updates trigger RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices in Azure Virtual Desktop environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-recent-updates-break-azure-virtual-desktop-remoteapp-sessions/
-
Microsoft 365 Outage Disrupts Teams, Outlook, and Copilot in Japan and China
Thousands of users across Japan and China experienced significant disruptions to Microsoft 365 services on Thursday morning due to a critical routing issue affecting the company’s infrastructure. The outage affected essential workplace tools, including Teams, Outlook, OneDrive, and Copilot, resulting in widespread operational challenges for enterprises in the Asia-Pacific region. Service Disruption Details The incident…
-
Microsoft warns MSMQ may fail after update, breaking apps
MSMQ becoming inactive;Internet Information Services (IIS) sites failing with “Insufficient resources to perform operation” errors;applications unable to write to queues;errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files;misleading log entries such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available.Affected are servers running…
-
‘Ink Dragon’ threat group targets IIS servers to build stealthy global network
Tags: access, attack, china, control, credentials, data, exploit, firewall, government, group, infrastructure, intelligence, microsoft, network, office, threat, vulnerability, wafmodus operandi to several other Chinese threat groups engaged in nation-state surveillance, such as UNC6384, whose campaigns targeted European diplomats.However, during a recent investigation at the office of a European government, Check Point said it had discovered that the group has now pivoted towards what it called “an unusually sophisticated playbook” with longer term goals.Key…
-
Microsoft security update breaks MSMQ on older Win systems
Folder permission changes cause queue failures and misleading error messages, no real fix yet First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/microsoft_admits_that_message_queuing/
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
Microsoft Desktop Window Manager Flaw Allows Privilege Escalation
A critical vulnerability has been discovered in the Windows Desktop Window Manager (DWM) that could allow attackers to escalate privileges to system level. The flaw, tracked as CVE-2025-55681, resides in the dwmcore.dll component and was disclosed during the TyphoonPWN Windows security competition, where it earned second place recognition. The Vulnerability The vulnerability exists within the CBrushRenderingGraphBuilder::AddEffectBrush function in the DWM…
-
Microsoft to Block Exchange Online Access from Outdated Devices
Microsoft has announced a significant update to its device connectivity policies for Exchange Online, aimed at enhancing security and ensuring users are on modern protocols. Starting March 1, 2026, mobile devices running Exchange ActiveSync (EAS) versions older than 16.1 will no longer be able to connect to Exchange Online mailboxes. Exchange ActiveSync version 16.1 was originally…
-
Microsoft asks admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
Microsoft security updates breaks MSMQ on older Win systems
Folder permission changes cause queue failures and misleading error messages, no real fix yet First seen on theregister.com Jump to article: www.theregister.com/2025/12/17/microsoft_admits_that_message_queuing/
-
Microsoft asks IT admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/
-
Microsoft asks IT admins to reach out for Windows IIS failures fix
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-asks-it-admins-to-reach-out-for-windows-iis-failures-fix/