Tag: microsoft
-
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI
Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
-
Hidden Commands Found in AI Summarize Buttons
Commands Push Lasting Preferences Into AI Assistants. Microsoft researchers found companies embedding hidden commands in summarize with AI buttons to plant lasting brand preferences in assistants’ memory. The tactic, dubbed AI recommendation poisoning, exploits persistent memory features to bias future responses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hidden-commands-found-in-ai-summarize-buttons-a-30784
-
AI platforms can be abused for stealthy malware communication
AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-platforms-can-be-abused-for-stealthy-malware-communication/
-
Flaws in Google, Microsoft products added to Cisa catalogue
Cisa has added six CVEs to its Kev catalogue this week, including newly-disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
-
Anti-phishing rules mistakenly blocked emails, Teams messages
Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-anti-phishing-rules-mistakenly-blocked-emails-teams-messages/
-
This former Microsoft PM thinks she can unseat CyberArk in 18 months
Though crowded, the identity management market seems eager for new solutions, and Venice is finding traction. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/the-former-microsoft-pm-who-thinks-she-can-unseat-cyberark-in-18-months/
-
This former Microsoft PM thinks she can unseat CyberArk in 18 months
Though crowded, the identity management market seems eager for new solutions, and Venice is finding traction. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/the-former-microsoft-pm-who-thinks-she-can-unseat-cyberark-in-18-months/
-
Microsoft says Office bug exposed customers’ confidential emails to Copilot AI
Microsoft said the bug meant that its Copilot AI chatbot was reading and summarizing paying customers’ confidential emails, bypassing data protection policies. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/
-
VS Code extensions with 125M+ installs expose users to cyberattacks
Four popular VS Code extensions with 125M+ installs have flaws that could let hackers steal files and run code remotely. OX Security researchers warn that security flaws in four widely used VS Code extensions (Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview) could allow attackers to steal local files and execute code…
-
AI Assistants Used as Covert CommandControl Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-assistants-covert-c2-relays/
-
Windows Admin Center: Verbreitetes Microsoft-Verwaltungstool ist angreifbar
Administratoren sollten zügig das Windows Admin Center patchen. Denn Angreifer können eine Sicherheitslücke in der Authentifizierung ausnutzen. First seen on golem.de Jump to article: www.golem.de/news/remote-verwaltungstool-gefaehrliche-sicherheitsluecke-in-windows-admin-center-2602-205555.html
-
Microsoft Edge 145 lands with major enterprise security upgrades
Microsoft has begun rolling out Edge 145 to the Stable release channel, adding several enterprise-focused security enhancements. The update is being deployed in phases, with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-edge-145-security-enhancements/
-
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely.The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and First seen…
-
Windows-Patch behebt Probleme im Austausch für neue Bugs
Vor dem Update vom Februar 2026 konnten einige User ihr Windows nicht mehr booten. Nach dem Patch hängen sie in einer Boot-Schleife fest. First seen on golem.de Jump to article: www.golem.de/news/microsoft-windows-patch-behebt-probleme-im-austausch-fuer-neue-bugs-2602-205556.html
-
Flaws in four popular VS Code extensions left 128 million installs open to attack
Tags: access, api, attack, cloud, credentials, cve, flaw, infrastructure, malicious, microsoft, risk, supply-chain, tool, update, vulnerability, xssMicrosoft quietly patched its own extension: The fourth vulnerability played out differently. Microsoft’s Live Preview extension, with 11 million downloads, contained a cross-site scripting flaw that, according to OX Security, let a malicious web page enumerate files in the root of a developer’s machine and exfiltrate credentials, access keys, and other secrets.The researchers reported the…
-
Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs
Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely.The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and First seen…
-
Microsoft says bug causes Copilot to summarize confidential emails
Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-copilot-to-summarize-confidential-emails/
-
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…
-
A new approach for GenAI risk protection
Solution 1: GenAI enterprise model: Implement enterprise licenses for approved GenAI solutions (such as ChatGPT Enterprise or Microsoft CoPilot 365, which is integrated into existing O365 tenants). Enterprise GenAI solutions typically include a robust set of built-in security tools that allow organizations to secure their data and implement DLP controls within the enterprise GenAI solution…
-
Notepad mit KI: Wie Microsoft einen 42 Jahre alten Editor zum Sicherheitsrisiko machte
First seen on t3n.de Jump to article: t3n.de/news/notepad-mit-ki-wie-microsoft-einen-42-jahre-alten-editor-zum-sicherheitsrisiko-machte-1729667/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Microsoft Defender update lets SOC teams manage, vet response tools
Microsoft introduced library management in Microsoft Defender to help security analysts working with live response manage scripts and tools they use to triage, investigate and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/18/microsoft-defender-library-management-interface/
-
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The vulnerability, described as an Elevation of Privilege issue, allows authorised attackers to escalate their permissions…
-
Critical Flaw in Windows Admin Center Exposes Systems to Privilege Escalation Attacks
Microsoft has officially released a security update addressing a severe vulnerability found within the Windows Admin Center. Tracking under the identifier CVE-2026-26119, this critical flaw presents a significant risk to enterprise environments relying on the platform for server management. The vulnerability, described as an Elevation of Privilege issue, allows authorised attackers to escalate their permissions…
-
Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies
Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection.The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok First seen on…
-
The 20 Coolest Endpoint And Managed Security Companies Of 2026: The Security 100
CRN’s Security 100 list of the coolest endpoint and managed security companies includes vendors with AI-powered EDR and MDR offerings such as CrowdStrike, Microsoft, SentinelOne and Sophos. First seen on crn.com Jump to article: www.crn.com/news/security/2026/the-20-coolest-endpoint-and-managed-security-companies-of-2026-the-security-100
-
Microsoft Teams outage affects users in United States, Europe
Tags: microsoftMicrosoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-outage-affects-users-in-united-states-europe/
-
Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations
New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the “Summarize with AI” button that’s being increasingly placed on websites in ways that mirror classic search engine poisoning (AI).The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The tech…