Tag: microsoft
-
Microsoft expands Windows restore to more enterprise devices
Microsoft now allows more enterprise users to restore their personal settings and Microsoft Store apps from a previous Windows 11 device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-expands-windows-restore-to-more-enterprise-devices/
-
Optionales Februar-Update für Windows 11 Update – – Speed-Test in der Taskleiste ist eine Browser-Weiterleitung
Microsoft verteilt das optionale Februar-Update für Windows 11. Zu den Neuerungen zählt eine Speed-Test-Weiterleitung. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/optionales-februar-update-fuer-windows-11-speed-test-in-der-taskleiste-ist-eine-browser-weiterleitung.96299
-
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and establish persistent access to compromised machines.”The activity aligns with a broader cluster of threats that use job-themed lures to blend into routine developer workflows and increase the likelihood of code First seen…
-
Fake Next.js job interview tests backdoor developer’s devices
The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, including recruiting coding tests. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-nextjs-job-interview-tests-backdoor-developers-devices/
-
Microsoft gives Windows laggards the ‘gift of time’ wrapped in licensing fees
With Server 2016 and other OSes for the chop, security fixes can continue to flow for a price First seen on theregister.com Jump to article: www.theregister.com/2026/02/24/microsoft_windows_support/
-
Microsoft execs worry AI will eat entry level coding jobs
Russinovich and Hanselman say firms must train juniors to fix agent mistakes not replace them with prompts First seen on theregister.com Jump to article: www.theregister.com/2026/02/23/microsoft_ai_entry_level_russinovich_hanselman/
-
Optionales Februar-Update für Windows 11 – Speed-Test in der Taskleiste ist eine Browser-Weiterleitung
Microsoft verteilt das optionale Februar-Update für Windows 11. Zu den Neuerungen zählt eine Speed-Test-Weiterleitung. First seen on computerbase.de Jump to article: www.computerbase.de/news/betriebssysteme/optionales-februar-update-fuer-windows-11-speed-test-in-der-taskleiste-ist-eine-browser-weiterleitung.96299
-
Windows 11 KB5077241 update improves BitLocker, adds Sysmon tool
Microsoft has released the KB5077241 optional cumulative update for Windows 11, which comes with 29 changes, including improvements to BitLocker, a new network speed test tool, and native System Monitor (Sysmon) functionality. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077241-update-improves-bitlocker-adds-sysmon-tool/
-
Microsoft adds domain libraries and Copilot integration to the quantum development kit
The Microsoft Quantum Development Kit (QDK) is an open-source toolkit that runs on laptops and in common development environments. It includes code, simulators, libraries, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/microsoft-quantum-development-kit-qdk/
-
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become a vehicle if permissions are abused. In this hypothetical case, a user in an Entra ID tenant adds the legitimate ChatGPT service principal and grants it Microsoft Graph OAuth permissions,…
-
Microsoft Alerts Developers of Malicious Next.js Repositories Used in Ongoing Hacker Attacks
Microsoft has warned that threat actors are weaponizing malicious Next.js repositories to compromise developers through what appear to be legitimate projects and recruiting”‘style technical assessments. The campaign abuses normal workflows in Visual Studio Code and Node.js to reach a staged command”‘and”‘control (C2) backdoor without relying on traditional malware installers. Attackers publish repositories that appear to…
-
Microsoft adds Copilot data controls to all storage locations
Microsoft is expanding data loss prevention (DLP) controls to block the Microsoft 365 Copilot AI assistant from processing confidential Word, Excel, and PowerPoint documents, regardless of their location. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-adds-copilot-data-controls-to-all-storage-locations/
-
Microsoft expands Sovereign Cloud security with governance, local productivity and AI
Microsoft expands Microsoft Sovereign Cloud with new disconnected and AI capabilities that help organizations run critical infrastructure, productivity services and large AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/microsoft-sovereign-cloud-updates-ai-capabilities/
-
Windows 365 for Agents brings managed cloud PCs to autonomous workflows
Microsoft’s Windows 365 for Agents is a cloud platform that gives AI agents secure access to cloud PCs. It lets builders run copilots, agents, and automated workflows in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/microsoft-windows-365-for-agents/
-
Microsoft extends security patching for three Windows products at a price
Support is ending for three Windows products released in 2016, with deadlines beginning in October 2026. Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/windows-extended-security-updates-program-deadlines/
-
The rise of the evasive adversary
Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-dayBig game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
-
Microsoft Copilot Ignored Sensitivity Labels, Processed Confidential Emails
A code bug blew past every security label in the book”¦ and exposed the fatal flaw in how we govern AI. The post Microsoft Copilot Ignored Sensitivity Labels, Processed Confidential Emails appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-copilot-bug-confidential-emails/
-
Inside Attacker’s Defensive Funnel: How Sneaky 2FA Cloaks Itself from Security Scanners Blog – Menlo Security
Learn how Menlo Security identified a massive Sneaky 2FA phishing campaign using 3.4K domains to bypass Microsoft 365 MFA and steal session cookies. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/inside-attackers-defensive-funnel-how-sneaky-2fa-cloaks-itself-from-security-scanners-blog-menlo-security/
-
Microsoft says bug in classic Outlook hides the mouse pointer
Microsoft is investigating a known issue that causes the mouse pointer to disappear in the classic Outlook desktop email client for some users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-in-classic-outlook-hides-the-mouse-pointer/
-
Künstliche Intelligenz wird zur neuen Befehls- und Kontrollschicht
Die Sicherheitsforscher von Check Point Research haben eine neue Forschungsanalyse veröffentlicht, die sich auf KI-Assistenten als verdeckte Befehls- und Kontrollkanäle und KI-gesteuerte Malware konzentriert. Ein Wendepunkt im modernen Cyber-Risiko mit Auswirkungen auf alle Branchen, die die Einführung von KI vorantreiben. KI-Assistenten wie Microsoft-Copilot und Grok unterstützen Webbrowsing- oder URL-Abruf-Funktionen. Sie können als verdeckte C2-Proxys missbraucht…
-
Phishing-Kampagne umgeht Multi-Faktor-Authentifizierung von Microsoft 365
KnowBe4 Threat Labs hat eine komplexe Phishing-Kampagne entdeckt, die auf US-amerikanische Unternehmen und Fachkräfte abzielt. Die Angriffe kompromittieren Microsoft-365-Konten (Outlook, Teams, Onedrive), indem sie den OAuth-2.0-Geräteautorisierungsfluss missbrauchen und dadurch selbst starke Passwörter und Multi-Faktor-Authentifizierung (MFA) überlisten. Das Opfer wird auf das legitime Microsoft-Portal ‘https://microsoft.com/devicelogin” weitergeleitet, um einen vom Angreifer bereitgestellten Gerätecode einzugeben. Durch die Eingabe…
-
VPN in Microsoft Edge ist kein VPN
Ein Forscher hat sich das von Microsoft beworbene VPN-Feature in Edge angeschaut. Es werde dem Begriff VPN nicht gerecht. First seen on golem.de Jump to article: www.golem.de/news/browser-vpn-in-microsoft-edge-ist-kein-vpn-2602-205720.html
-
TDL 016 – Speed, Risk, and Responsibility in the Age of AI – Rafael Ramirez
Tags: access, ai, antivirus, automation, awareness, business, ciso, cloud, control, country, cyber, data, defense, detection, dns, firewall, governance, government, hacker, ibm, incident response, intelligence, Internet, law, linkedin, login, mfa, microsoft, network, risk, saas, service, skills, software, startup, strategy, technology, threat, tool, training, update, vulnerability, windows, zero-trustSummary In a recent episode of The Defenders Log, host David Redekop sat down with cyber security expert Rafael Ramirez to navigate the rapidly shifting landscape of AI security. As we move deeper into 2026, the duo explored how artificial intelligence has evolved from simple chatbots into powerful, autonomous “agentic” systems. The Double-Edged Sword of…
-
UK AI alignment project gets OpenAI and Microsoft boost
Altogether, £27m is now available to fund the AI Security Institute’s work to collaborate on safe, secure artificial intelligence First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639303/UK-AI-alignment-project-gets-OpenAI-and-Microsoft-boost
-
News brief: 6 Microsoft zero days and a warning from CISA
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366639010/News-brief-6-Microsoft-zero-days-and-a-warning-from-CISA
-
Critical Security Issue Found in Windows Notepad
Microsoft patches CVE-2026-20841, a high-severity Windows Notepad flaw that could allow code execution via malicious Markdown files. The post Microsoft: Critical Security Issue Found in Windows Notepad appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/critical-windows-notepad-flaw-february-2026/
-
‘God-Like’ Attack Machines: AI Agents Ignore Security Policies
Microsoft Copilot recently summarized and leaked user emails; but any AI agent will go above and beyond to complete assigned tasks, even breaking through their carefully designed guardrails. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ai-agents-ignore-security-policies
-
Dynamic Objects in Active Directory: The Stealthy Threat
Active Directory’s “dynamic objects” feature offers attackers a perfect evasion cloak. These objects automatically self-destruct without a trace, so they allow adversaries to bypass quotas, pollute access lists, and persist in the cloud, leaving forensic investigators with nothing to analyze. Key takeaways The threat: Dynamic objects self-delete without leaving any traces, or “tombstones” in AD…
-
Microsoft 365 Copilot Bug Circumvented DLP Controls
Microsoft confirmed a Copilot Chat bug that summarized confidential emails despite active DLP controls, raising AI governance concerns in Microsoft 365. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-365-copilot-bug-circumvented-dlp-controls/