Tag: microsoft
-
Gefälschte KIErweiterungen gefährden Unternehmens-Chats
Die Warnung von Microsoft vor bösartigen, KI-thematischen Browser-Erweiterungen, die Nutzerdaten abgreifen, zeigt, wie schnell Cyberkriminelle auf die rasche Verbreitung generativer KI-Tools reagieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/gefalschte-ki-browser-unternehmens-chats
-
Microsoft Edge 146 adds IP privacy and local network access controls
Microsoft Edge version 146 (Stable) became available on March 13, 2026, bringing updates to tracking protection, IP privacy, and enterprise network security policies. One … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/16/microsoft-edge-146-security-updates/
-
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo’s LAB52 threat intelligence team.The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed…
-
Microsoft warnt: Samsung-App macht Windows-PCs unbrauchbar
Einige Windows-Nutzer mit Samsung-PCs können nicht mehr auf ihr Systemlaufwerk zugreifen – mit entsprechend weitreichenden Folgen. First seen on golem.de Jump to article: www.golem.de/news/microsoft-warnt-samsung-app-macht-windows-pcs-unbrauchbar-2603-206519.html
-
Microsoft Issues OutBand Patch for Critical Windows 11 RRAS RCE Flaws
Microsoft released an urgent out-of-band security update on March 13, 2026, to address a series of critical vulnerabilities in Windows 11. The update, identified as hotpatch KB5084597, specifically resolves Remote Code Execution (RCE) flaws within the Windows Routing and Remote Access Service (RRAS) management tool. Because these security gaps pose an immediate risk of remote…
-
Neue Allianz für digitale Sicherheit: EPAM wird MISA-Mitglied
Tags: microsoftFür Kunden bedeutet die Mitgliedschaft in der MISA vor allem eine engere Abstimmung zwischen EPAM und Microsoft und eine schnellere Umsetzung von Sicherheitsmaßnahmen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neue-allianz-fuer-digitale-sicherheit-epam-wird-misa-mitglied/a44134/
-
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-11-oob-hotpatch-to-fix-rras-rce-flaw/
-
MY TAKE: The AI magic is back, whether it endured depends on Amazon’s next moves
I ran an experiment this week that I did not expect to be instructive, and it was. Related: How ChatGPT is becoming Microsoft Office The setup was simple. I had been working through a spontaneous personal essay, about cognitive… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/my-take-the-ai-magic-is-back-whether-it-endured-depends-on-amazons-next-moves/
-
MY TAKE: The AI magic is back, whether it endured depends on Amazon’s next moves
I ran an experiment this week that I did not expect to be instructive, and it was. Related: How ChatGPT is becoming Microsoft Office The setup was simple. I had been working through a spontaneous personal essay, about cognitive… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/my-take-the-ai-magic-is-back-whether-it-endured-depends-on-amazons-next-moves/
-
Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine…
-
D3 Morpheus for Your Microsoft Security Environment
You have Sentinel. You have Defender. Here is what fills the autonomous investigation gap between detection and autonomous resolution. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/d3-morpheus-for-your-microsoft-security-environment/
-
Windows 11 users can’t access C: drive on some Samsung PCs
Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-users-cant-access-c-drive-on-some-samsung-pcs/
-
Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions
A vulnerability in Microsoft Authenticator for Android and iOS could expose login codes to malicious apps on the same device. Microsoft has released a patch. The post Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-authenticator-vulnerability-android-ios-login-codes/
-
Microsoft investigates classic Outlook sync and connection issues
Microsoft is investigating several issues causing email synchronization and connection problems when using the classic Outlook desktop client. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-investigates-classic-outlook-sync-and-connection-issues/
-
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques.”The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients First seen on thehackernews.com…
-
Gefälschte KIErweiterungen gefährden Unternehmens-Chats
Die Warnung von Microsoft vor bösartigen, KI-thematischen Browser-Erweiterungen, die Nutzerdaten abgreifen, zeigt, wie schnell Cyberkriminelle auf die rasche Verbreitung generativer KI-Tools reagieren. Sicherheitsforscher identifizierten kürzlich gefälschte KI-Assistenten-Erweiterungen, die über Browser-Marktplätze verbreitet wurden und darauf ausgelegt waren, die Browseraktivität zu überwachen und leise Informationen von Nutzern zu sammeln, die mit beliebten KI-Plattformen wie ChatGPT oder Deepseek…
-
Academia and the “AI Brain Drain”
In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers (see go.nature.com/3lzf79q). Moreover, these firms are spending lavishly on one particular segment: top technical talent. Meta…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Microsoft Copilot Email and Teams Summarization Flaw Opens Door to Phishing Attacks
Artificial intelligence assistants have transformed daily business operations, helping teams manage overflowing inboxes and summarize complex communications. Microsoft Copilot integrates directly into these workflows, pulling context from various Microsoft 365 applications to streamline tasks. However, this convenience introduces a new security boundary: what happens when Copilot follows hidden instructions written by an attacker inside an…
-
The who, what, and why of the attack that has shut down Stryker’s Windows network
Company says it doesn’t know how long it will take to restore its Microsoft environment. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/03/whats-known-about-wiper-attack-on-stryker-a-major-supplier-of-lifesaving-devices/
-
Breach Roundup: Russian State Actors Target Signal, WhatsApp
Also, More ClickFix Attacks and Teen Booters Arrested in Poland. This week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress sites, Microsoft patched 80 bugs, a 14K-router botnet, Polish teens held over DDoS tools and Finland warned of Russian, Chinese espionage. North Korean IT workers for hire. First…
-
Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks
On March 11th, medical technology company Stryker disclosed that a cyberattack had disrupted portions of its global network infrastructure, affecting Microsoft systems used across the organization. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/destructive-activity-targeting-stryker-highlights-emerging-supply-chain-risks/
-
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe. First seen on hackread.com Jump to article: hackread.com/hackers-cloudflare-human-check-microsoft-365-phishing/
-
Stryker tells SEC that timeline for recovery from cyberattack unknown
In an 8-K filing with the SEC, Stryker confirmed that the cyberattack caused a global disruption to the company’s Microsoft environment and said external cybersecurity experts were brought in to “assess and to contain the threat.” First seen on therecord.media Jump to article: therecord.media/stryker-tells-sec-unknown-timeline-recovery
-
Microsoft Authenticator could leak login codes”, update your app now
A bug in Microsoft Authenticator on Android and iOS could allow malicious apps on the same device to intercept authentication codes or sign-in links. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/microsoft-authenticator-could-leak-login-codes-update-your-app-now/
-
Factors That Complicate Pricing When Using Microsoft Intune for Authentication
Learn how BYOD policies complicate Microsoft Intune authentication pricing, including Entra ID, Conditional Access, and additional security costs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/factors-that-complicate-pricing-when-using-microsoft-intune-for-authentication/