Tag: microsoft
-
Edge Version 143.0.3650.66; Security Baseline veröffentlicht
Microsoft hat zum 4. Dezember 2025 ein Update für den Edge-Browser auf die Version 143.0.3650.66 veröffentlicht. Dieses behebt 14 Sicherheitslücken und bringt neue Funktion. Einen Tag vorher gab es eine neue Security Baseline für den Edge 143. Ich fasse mal … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/05/edge-version-143-0-3650-66-security-baseline-veroeffentlicht/
-
Edge Version 143.0.3650.66; Security Baseline veröffentlicht
Microsoft hat zum 4. Dezember 2025 ein Update für den Edge-Browser auf die Version 143.0.3650.66 veröffentlicht. Dieses behebt 14 Sicherheitslücken und bringt neue Funktion. Einen Tag vorher gab es eine neue Security Baseline für den Edge 143. Ich fasse mal … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/05/edge-version-143-0-3650-66-security-baseline-veroeffentlicht/
-
Merkliche Preiserhöhung ab Juli 2026 – Microsoft 365 für Geschäftskunden wird teurer
Mehr KI- und Sicherheitsfunktionen kündigt Microsoft für Microsoft-365- und Office-365-Lizenzen an. Die Preise verteuern sich ebenfalls. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/merkliche-preiserhoehung-ab-juli-2026-microsoft-365-fuer-geschaeftskunden-wird-teurer.95339
-
Merkliche Preiserhöhung ab Juli 2026 – Microsoft 365 für Geschäftskunden wird teurer
Mehr KI- und Sicherheitsfunktionen kündigt Microsoft für Microsoft-365- und Office-365-Lizenzen an. Die Preise verteuern sich ebenfalls. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/merkliche-preiserhoehung-ab-juli-2026-microsoft-365-fuer-geschaeftskunden-wird-teurer.95339
-
Hackers Abuse Microsoft Teams Notifications to Launch Callback Phishing Attacks
A sophisticated phishing campaign is targeting users through Microsoft Teams notifications, exploiting the platform’s trusted status to deliver deceptive messages that appear legitimate to both recipients and email security filters. Threat actors are leveraging Teams’ official notification system to send emails from the no-reply@teams.mail.microsoft address, creating a false sense of authenticity that makes detection increasingly difficult. The…
-
Hackers Abuse Microsoft Teams Notifications to Launch Callback Phishing Attacks
A sophisticated phishing campaign is targeting users through Microsoft Teams notifications, exploiting the platform’s trusted status to deliver deceptive messages that appear legitimate to both recipients and email security filters. Threat actors are leveraging Teams’ official notification system to send emails from the no-reply@teams.mail.microsoft address, creating a false sense of authenticity that makes detection increasingly difficult. The…
-
Patchday von Microsoft, SAP & Co – Was ist der Patchday?
First seen on security-insider.de Jump to article: www.security-insider.de/was-ist-der-patchday-a-e4fc5ad550cb9fd8bfa6838fc13f2be6/
-
Windows 11: Microsoft schließt stillschweigend LNK-Schwachstelle CVE-2025-9491
Seit Ende August 2025 ist eine LNK-File-Schwachstelle (CVE-2025-9491) bekannt. Diese lässt sich unter Windows für eine Remote Code-Ausführung missbrauchen. Microsoft wollte erst keinen Patch bereitstellen, hat dann aber doch was per Update getan. 0patch hatte bereits seit Monaten einen Micropatch … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/03/microsoft-schliesst-stillschweigend-lnk-schwachstelle-cve-2025-9491/
-
Breach Roundup: React Flaw Incites Supply Chain Risk
Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for ‘Evil Twin’ Hack. This week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth’s Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi evil twin crimes. The US FTC will send $15.3 million to Avast users. A London…
-
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China
The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos…
-
Windows shortcuts’ use as a vector for malware may be cut short
Windows shortcut files (.lnk) have long been a convenient hiding place for attackers because Windows Explorer only displayed the first 260 characters of the command in a shortcut’s properties. Anything appended after a long string of spaces stayed invisible to the user.The issue is tracked as CVE-2025-9491, with security analysts assigning a high-severity CVSS rating…
-
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files First seen on theregister.com Jump to article: www.theregister.com/2025/12/04/microsoft_lnk_bug_fix/
-
Microsoft 365 license check bug blocks desktop app downloads
Tags: microsoftMicrosoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-bug-in-microsoft-365-license-checks-blocks-desktop-app-downloads/
-
Microsoft Silently Fixes 8-Year Windows Security Flaw
The flaw, tracked as CVE-2025-9491, allowed cybercriminals to hide malicious commands from users inspecting files through Windows’ standard interface. The post Microsoft Silently Fixes 8-Year Windows Security Flaw appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-fixes-security-flaw/
-
‘ShadyPanda’ Hackers Weaponize Millions of Browsers
The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/shadypanda-hackers-weaponize-browsers
-
Microsoft mops up Mesh after another metaverse misfire
Tags: microsoftDreams of a virtual world linger on in Teams First seen on theregister.com Jump to article: www.theregister.com/2025/12/02/microsoft_mesh_axed/
-
Newly discovered malicious extensions could be lurking in enterprise browsers
Tags: attack, browser, chrome, data, detection, exploit, google, malicious, marketplace, microsoft, technology, tool, update, vulnerabilityShadyPanda played the long game, with extensions including the popular Clean Master utility with 200,000 installs distributed as completely legitimate tools early on, earning them positive user ratings and, in some cases, trust signals such as “Featured” or “Verified” badges in the Chrome Web Store and Microsoft Edge Add-ons store. No review after submission: This…
-
Newly discovered malicious extensions could be lurking in enterprise browsers
Tags: attack, browser, chrome, data, detection, exploit, google, malicious, marketplace, microsoft, technology, tool, update, vulnerabilityShadyPanda played the long game, with extensions including the popular Clean Master utility with 200,000 installs distributed as completely legitimate tools early on, earning them positive user ratings and, in some cases, trust signals such as “Featured” or “Verified” badges in the Chrome Web Store and Microsoft Edge Add-ons store. No review after submission: This…
-
Microsoft Defender portal outage disrupts threat hunting alerts
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-defender-portal-outage-blocks-access-to-security-alerts/
-
Microsoft Defender portal outage disrupts threat hunting alerts
Microsoft is working to mitigate an ongoing incident that has been blocking access to some Defender XDR portal capabilities for the past 10 hours. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-defender-portal-outage-blocks-access-to-security-alerts/
-
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform…
-
nopCommerce Flaw Lets Attackers Access Accounts Using Captured Cookies
Security researchers have uncovered a serious vulnerability in nopCommerce, a popular open-source ecommerce platform used by major companies, including Microsoft, Volvo, and BMW. The flaw allows attackers to hijack user accounts by exploiting captured session cookies, even after legitimate users have logged out. Field Details CVE ID CVE-2025-11699 Vulnerability Title Insufficient Session Cookie Invalidation Platform…
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX with 24 extensions impersonating popular developer tools and frameworks like Flutter, React, Tailwind, Vim, and Vue.GlassWorm was first documented in October 2025, detailing its use of the Solana blockchain for command-and-control (C2) and…
-
KB5070311 triggers File Explorer white flash in dark mode
Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-kb5070311-triggers-file-explorer-bright-white-flashes-in-dark-mode/
-
Windows 11 KB5070311 update fixes File Explorer freezes, search issues
Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/
-
Windows 11 KB5070311 update fixes File Explorer freezes, search issues
Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/
-
Azure API Management Vulnerability Lets Attackers Create Accounts Across Tenants
A critical security flaw in the Azure API Management Developer Portal enables attackers to bypass administrator controls and register accounts across multiple tenants, even when user sign-up has been explicitly disabled. The vulnerability remains unpatched as Microsoft considers it working >>by design.