Tag: microsoft
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
14 old software bugs that took way too long to squash
Tags: access, api, attack, authentication, automation, bug-bounty, communications, computer, control, credentials, cve, cvss, cyber, data, data-breach, dns, dos, encryption, exploit, flaw, hacker, Hardware, infosec, infrastructure, Internet, kaspersky, linux, malicious, malware, microsoft, mitigation, network, nist, open-source, password, programming, remote-code-execution, risk, service, software, stuxnet, supply-chain, technology, theft, threat, tool, update, usa, vulnerability, windows, zero-dayAge: 30 yearsDate introduced: 1995Date fixed: February 2026Researchers unearthed a legacy flaw in the widely used libpng open-source library that had existed since the technology was first released more than 30 years ago.The heap buffer overflow vulnerability (CVE-2026-25646) meant that applications using the flawed software would crash when presented with a maliciously constructed PNG raster…
-
Tycoon 2FA Phishing Operation Dismantled in Joint Raid by Microsoft and Europol
Microsoft, Europol, and industry partners have successfully dismantled the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform. Operating since August 2023, this immense adversary-in-the-middle (AiTM) operation allowed cybercriminals to bypass multi-factor authentication (MFA) and infiltrate over 96,000 distinct victims globally. This coordinated disruption marks a significant blow to the cybercriminal impersonation economy. Anatomy of the Tycoon 2FA Threat…
-
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
-
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
Stringent defenses needed: CSOs must employ stringent defenses against tools that use reverse proxies, Beggs said, including strengthening email filtering by enforcing DMARC, DKIM, and SPF; enforcing secure session handling at the edge by using client-bound session tokens tied to device or TLS certificates; ensuring continuous validation by issuing a new challenge when the device fingerprint…
-
Global coalition dismantles Tycoon 2FA phishing kit
Microsoft, which led the effort, said it seized 330 domains that powered the phishing platform’s core infrastructure. The alleged creator was also named in a civil complaint. First seen on cyberscoop.com Jump to article: cyberscoop.com/tycoon-2fa-phishing-kit-takedown-microsoft/
-
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks First seen on hackread.com Jump to article: hackread.com/fake-zoom-teams-invites-malware-certificates/
-
Windows 10 KB5075039 update fixes broken Recovery Environment
Microsoft has released the KB5075039 Windows Recovery Environment update for Windows 10 to fix a long-standing issue that prevented some users from accessing the Recovery environment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-10-kb5075039-update-fixes-broken-recovery-environment/
-
Users fume over Outlook.com email ‘carnage’
Email flow slowed or stopped by mysterious forces at Microsoft First seen on theregister.com Jump to article: www.theregister.com/2026/03/04/users_fume_at_outlookcom_email/
-
MY TAKE: ChatGPT is turning into Microsoft Office, and power users are paying the price
Something has been shifting inside the tools millions of us use every day, and it’s worth naming out loud. Related: AI is becoming a daily routine Over the past several months I’ve watched ChatGPT change. Not in some abstract, version-number… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/my-take-chatgpt-is-turning-into-microsoft-office-and-power-users-are-paying-the-price/
-
MY TAKE: ChatGPT is turning into Microsoft Office, and power users are paying the price
Something has been shifting inside the tools millions of us use every day, and it’s worth naming out loud. Related: AI is becoming a daily routine Over the past several months I’ve watched ChatGPT change. Not in some abstract, version-number… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/my-take-chatgpt-is-turning-into-microsoft-office-and-power-users-are-paying-the-price/
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Securing Microsoft 365: A Live Breakdown of Modern Attack Paths
An OnDemand Webinar with former NSA operative Kyle Hanslovan. Watch how hackers steal credentials, bypass Microsoft 365 MFA, and completely wreck enterprise systems in under 10 minutes. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-microsoft-365-live-breakdown-modern-attack-paths-a-30901
-
Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
Researchers have found that attackers are abusing OAuth to send users from legitimate Microsoft or Google login pages to phishing sites or malware downloads. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/attackers-abuse-oauths-built-in-redirects-to-launch-phishing-and-malware-attacks/
-
U.S. CISA adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, google, infrastructure, kev, microsoft, ransomware, vmware, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualcomm and Broadcom VMware Aria Operations flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: In…
-
AzCopy Utility Misused for Data Exfiltration in Ongoing Ransomware Attacks
Ransomware operators are increasingly abusing Microsoft’s trusted Azure data transfer utility, AzCopy, to quietly exfiltrate sensitive data before encryption, turning a routine cloud migration tool into a stealthy theft channel. Instead of relying on obviously malicious tools like Rclone or MegaSync, threat actors are pivoting to native, administrator-approved cloud utilities to blend into normal IT…
-
Microsoft Alerts Customers to New Phishing Attack Exploiting OAuth in Entra ID to Bypass Detection
Tags: attack, authentication, credentials, cyber, detection, exploit, google, government, microsoft, phishing, software, threat, vulnerabilityMicrosoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication flows in Microsoft Entra ID and Google Workspace. Rather than exploiting traditional software vulnerabilities or stealing credentials directly, this campaign abuses trusted protocol behavior to bypass…
-
Microsoft’s February Security Update of High-Risk Vulnerability Notice for Multiple Products
Tags: cyber, microsoft, network, office, remote-code-execution, risk, update, vulnerability, windowsOverview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, Microsoft Office, and Visual Studio Code. These vulnerabilities include privilege escalation, remote code execution, and other high-risk vulnerabilities. In this monthly update, 5 vulnerabilities are rated as…The…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest
<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
-
Hackers abuse OAuth error flows to spread malware
Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-abuse-oauth-error-flows-to-spread-malware/
-
$5M Microsoft Activation Key Fraud Ends in Prison Term
A Florida woman was sentenced for reselling improperly distributed Microsoft activation keys, underscoring gray-market software risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/5m-microsoft-activation-key-fraud-ends-in-prison-term/
-
NDSS 2025 Be Careful Of What You Embed: Demystifying OLE Vulnerabilities
Tags: conference, cve, data, detection, exploit, Internet, malicious, microsoft, network, office, remote-code-execution, risk, tool, vulnerability, windowsSession 14C: Vulnerability Detection Authors, Creators & Presenters: Yunpeng Tian (Huazhong University of Science and Technology), Feng Dong (Huazhong University of Science and Technology), Haoyi Liu (Huazhong University of Science and Technology), Meng Xu (University of Waterloo), Zhiniang Peng (Huazhong University of Science and Technology; Sangfor Technologies Inc.), Zesen Ye (Sangfor Technologies Inc.), Shenghui Li…
-
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
-
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
-
Florida woman gets 2 year sentence for trafficking Microsoft software labels
According to court documents, the defendant purchased millions of dollars of labels but did not sell them with the corresponding software. First seen on therecord.media Jump to article: therecord.media/florida-woman-sentenced-reselling-microsoft-labels
-
OAuth phishers make ‘check where the link points’ advice ineffective
Tags: authentication, automation, awareness, business, cloud, control, edr, email, encryption, endpoint, exploit, governance, identity, login, malicious, microsoft, monitoring, phishing, saas, threat, toolContext, not the URL, is the new red flag: Sakshi Grover, Senior Research Manager at IDC Asia/Pacific, said the longstanding advice to hover over a link and verify its domain was built for an era of lookalike domains and that it no longer holds in environments where authentication flows routinely pass through trusted identity providers.”Organizations…
-
Phishing campaign exploits OAuth redirection to bypass defenses
Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…
-
New Defender deployment tool streamlines Windows device onboarding with single executable
Microsoft’s Defender deployment tool for Windows helps administrators manage device onboarding at scale with updated progress visibility and additional controls. Simplified … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/microsoft-defender-deployment-tool-for-windows-update/