Tag: microsoft
-
Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion
Microsoft’s latest incident write-up shows that a single intrusion can mask two parallel threat activity streams, one tied to Storm-2603 and another to an unknown actor, making the attack far more complex than a conventional ransomware case. The incident began with activity against on-premises SharePoint servers and an attempt to establish internal footholds through exposed…
-
Phishing hides in routine Microsoft 365 workflows
Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. >>The technique shifts … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/23/microsoft-365-collaboration-features-phishing/
-
CodeStorm Phishing Campaign Targets M365 Tenants With Token Reuse and Replay Attacks
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-the-middle) phishing kit that combines rotating frontends and backend replay behavior under a stable controller path, /google.php. The human recipient rarely scrolls to that dummy conversation, but automated secure email gateways frequently do; the added “conversation…
-
CalPhishing Campaigns Use Outlook Calendar Invites to Deliver Persistent Phishing Lures
A growing trend in which attackers weaponize Microsoft 365 collaboration features to deliver persistent phishing lures via Outlook calendar invites. By abusing Microsoft 365 Groups and Outlook calendar functionality, threat actors move malicious intent out of a single suspicious message and into routine productivity workflows, increasing the chance that targets will treat the interaction as…
-
CalPhishing Campaigns Use Outlook Calendar Invites to Deliver Persistent Phishing Lures
A growing trend in which attackers weaponize Microsoft 365 collaboration features to deliver persistent phishing lures via Outlook calendar invites. By abusing Microsoft 365 Groups and Outlook calendar functionality, threat actors move malicious intent out of a single suspicious message and into routine productivity workflows, increasing the chance that targets will treat the interaction as…
-
North Korean Hackers Poison Mastra AI Framework
Tags: ai, attack, backdoor, credentials, framework, hacker, malicious, microsoft, north-korea, software, supply-chain, theft, toolMore Than 140 npm Packages Carried Credential-Stealing Code. Microsoft says North Korean-linked BlueNoroff compromised a Mastra npm maintainer account and published more than 140 malicious packages, using a software supply-chain attack to distribute infostealers, backdoors and credential theft tools through AI development environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korean-hackers-poison-mastra-ai-framework-a-32042
-
Microsoft Confirms Windows Recycle Bin Bug Affects All Supported Versions
Microsoft confirmed a Windows June update bug that shows internal Recycle Bin file names during permanent deletion, with a fix planned. The post Microsoft Confirms Windows Recycle Bin Bug Affects All Supported Versions appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-june-update-recycle-bin-file-name-bug/
-
Microsoft Confirms Windows Recycle Bin Bug Affects All Supported Versions
Microsoft confirmed a Windows June update bug that shows internal Recycle Bin file names during permanent deletion, with a fix planned. The post Microsoft Confirms Windows Recycle Bin Bug Affects All Supported Versions appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-june-update-recycle-bin-file-name-bug/
-
Microsoft says Windows 11 26H2 is coming soon, details upgrade process
Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-11-26h2-is-coming-soon-details-upgrade-process/
-
Microsoft fixes AutoGen Studio flaw that enabled code execution
A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-fixes-autogen-studio-flaw-that-enabled-code-execution/
-
Pakt für PACT Cloudflare und Browser-Hersteller entwickeln Datenschutz-Protokoll für das Internet
Datenschutz soll künftig direkt in die Infrastruktur des Internets eingebaut werden. Cloudflare hat gemeinsam mit führenden Browser-Herstellern wie Mozilla, Google, Microsoft und Shopify die Entwicklung eines neuen, datenschutzorientierten Internet-Protokolls angekündigt. Private-Access-Control-Tokens (PACT). Das Verfahren soll Websites helfen, legitime Nutzer und autorisierte KI-Agenten von schädlichem automatisiertem Traffic zu unterscheiden ganz ohne aufdringliche Captchas, Zwangs-Logins oder […]…
-
Lücke in Microsoft Defender erlaubt lokale Rechteausweitung auf Windows – RoguePlanet verschafft SYSTEM-Rechte trotz Juni-Patchday
First seen on security-insider.de Jump to article: www.security-insider.de/rogueplanet-microsoft-defender-system-rechte-race-condition-windows-a-b3a698b48c01fe16bba8ba86459d0cc2/
-
Microsoft 365 Sensitivity Labels Now Block AI-Powered Content Analysis in Office Apps
Microsoft has announced a significant update to its Microsoft 365 ecosystem to enhance data protection. This update will prevent AI-powered and connected content analysis in Office applications when sensitivity labels are applied. According to Microsoft, the company is expanding the enforcement of the existing sensitivity label setting, “Prevent some connected experiences that analyze content.” This…
-
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mastra-ai-supply-chain-attack/
-
Microsoft Confirms Windows 11 26H2 Upgrade via Enablement Package for Faster Deployment
Microsoft has announced that the upcoming Windows 11 version 26H2 will be delivered using an enablement package model. This approach aligns with their goal of providing streamlined, low-disruption feature updates specifically for enterprise environments. According to the Windows IT Pro Blog, this annual release builds on the same servicing architecture used in recent versions, allowing…
-
Microsoft warnt vor neuem USB-Wurm
Ein neuer USB-Wurm verbreitet Schadsoftware, die Krypto-Wallets ausspioniert und kopierte Adressen im Zwischenspeicher unbemerkt durch eigene ersetzt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neuer-usb-wurm-microsoft-warnt
-
Microsoft warnt vor neuem USB-Wurm
Ein neuer USB-Wurm verbreitet Schadsoftware, die Krypto-Wallets ausspioniert und kopierte Adressen im Zwischenspeicher unbemerkt durch eigene ersetzt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neuer-usb-wurm-microsoft-warnt
-
Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
-
AutoJack Exploit Chain Hits Microsoft AutoGen Studio With Zero-Click RCE Attack
A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and silently execute arbitrary code on the host machine, requiring no user interaction beyond submitting a URL. AutoJack targets AutoGen Studio, Microsoft Research’s open-source prototyping UI for multi-agent AI systems. The technique weaponizes the agent’s built-in web-browsing capabilities…
-
June 2026 Windows updates break Recycle Bin prompts
Microsoft has confirmed a confusing Windows bug that causes different filenames to appear in the confirmation dialog when deleting a file from the Recycle Bin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-recycle-bin-bug-on-all-supported-windows-releases/
-
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution.Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host.No credentials, no sign-in…
-
Microsoft warnt Kunden vor gestohlenen GitHub Miasma-Wurm befällt 73 Microsoft-Repositories und stiehlt KI-Logindaten
First seen on security-insider.de Jump to article: www.security-insider.de/miasma-wurm-microsoft-github-repositories-ki-zugangsdaten-a-c09832938b8e85e4c3326613248fc3b8/
-
Microsoft discovers new lightweight backdoor that steals cryptocurrency
Crypto Clipper spreads over USB and communicates over Tor. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/microsoft-spots-new-self-propagating-malware-for-stealing-cryptocurrency/
-
SearchLeak Flaw Exposed Sensitive Data in Microsoft 365 Copilot
SearchLeak could have enabled one-click theft of sensitive Microsoft 365 Copilot data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/searchleak-flaw-exposed-sensitive-data-in-microsoft-365-copilot/
-
Tor-Based Clipper Malware Targets Wallet Seed Phrases
USB .lnk malware steals crypto via clipboard hijack, replaces wallet addresses, steals seed phrases, and screenshots. Microsoft Threat Intelligence has been tracking a clipboard-stealing malware (Clipper) campaign since February 2026 that targets cryptocurrency wallets. A clipper is a type of malicious software that monitors and manipulates your clipboard, the temporary memory where data is stored…
-
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026.”The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command-and-control] server,” the Microsoft Defender Security Research Team said in an analysis published Tuesday. “It…
-
5 reasons Microsoft 365 backup isn’t enough for business data protection
Microsoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft 365 data protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/5-reasons-microsoft-365-backup-isnt-enough-for-business-data-protection/
-
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure.According to findings from Broadcom-owned Symantec and Carbon Black, the backdoor was deployed against a major U.S. services firm. The name of the company was First…
-
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity
DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm. First seen on hackread.com Jump to article: hackread.com/dragonforce-ransomware-microsoft-teams-malware/
-
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity
DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm. First seen on hackread.com Jump to article: hackread.com/dragonforce-ransomware-microsoft-teams-malware/