Tag: microsoft
-
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end”‘to”‘end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language models, it enables low- to mid-skill threat actors to run highly tailored BEC operations in minutes rather than days. First…
-
Keine neuen Windows-Versionen: Microsoft sperrt Veracrypt-Entwickler aus
Der Veracrypt-Entwickler kann die Windows-Variante seiner Verschlüsselungssoftware nicht mehr aktualisieren. Microsoft hat sein Konto gekündigt. First seen on golem.de Jump to article: www.golem.de/news/keine-neuen-windows-versionen-microsoft-sperrt-veracrypt-entwickler-aus-2604-207334.html
-
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
The article originally appeared in InfoWorld. First seen on csoonline.com Jump to article: www.csoonline.com/article/4155594/microsofts-new-agent-governance-toolkit-targets-top-owasp-risks-for-ai-agents-2.html
-
Microsoft hints at bit bunkers for war zones
President Brad Smith tells an interviewer that Microsoft is reconsidering datacenter design in light of Iran war First seen on theregister.com Jump to article: www.theregister.com/2026/04/08/microsoft_armored_datacenters/
-
Microsoft rolls out fix for broken Windows Start Menu search
Microsoft has pushed a server-side fix for a known issue that broke the Windows Start Menu search feature on some Windows 11 23H2 devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-fix-for-broken-windows-start-menu-search/
-
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
Tags: crypto, cyber, cybercrime, hacker, malicious, malware, microsoft, open-source, phishing, tacticsHackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets cryptocurrency professionals, Web3 developers, and investors, but its tactics are now expanding toward open-source communities.…
-
Russian Threat Actors Abuse Home Routers in Expanding DNS Hijacking Wave
Russian military-linked hackers are actively compromising poorly secured home and small-office routers to hijack internet traffic and spy on organizations worldwide. Microsoft Threat Intelligence recently exposed this massive global campaign by a group known as Forest Blizzard, which has already impacted over 200 organisations and 5,000 consumer devices. Forest Blizzard is a sophisticated state-sponsored threat…
-
What Anthropic Glasswing reveals about the future of vulnerability discovery
From backlog management to exposure-window risk: The issue, as Williams frames it, is not simply how many vulnerabilities exist, but how they are managed. “Mythos makes one thing painfully clear,” he says. “This is not a prioritization problem. It’s an exposure-window problem.”Traditional vulnerability management has been built around prioritization, ranking issues by severity, exploitability, and…
-
Feds quash widespread Russia-backed espionage network spanning 18,000 devices
Forest Blizzard, a threat group attributed to Russia’s GRU, hijacked network traffic to steal credentials and tokens for Microsoft accounts and other services. First seen on cyberscoop.com Jump to article: cyberscoop.com/forest-blizzard-apt28-routers-espionage-campaign-operation-masquerade/
-
Storm-1175 Deploys Medusa Ransomware at ‘High Velocity’
Microsoft says the financially motivated cybercrime group has exploited N-day and zero-day vulnerabilities in campaigns predicated on speed. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/storm-1175-medusa-ransomware-high-velocity
-
Anthropic Unveils Restricted AI Cyber Model in Unprecedented Industry Alliance
Anthropic introduced a new cybersecurity initiative that reflects both the promise and the deep unease surrounding AI, enlisting a rare alliance of industry heavyweights including Amazon, Microsoft, Apple, Google, and NVIDIA. The program, known as Project Glasswing, brings these firms together with cybersecurity and infrastructure partners to test a powerful AI model designed to identify..…
-
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
Who needs MFA when you’ve got EvilTokens? First seen on theregister.com Jump to article: www.theregister.com/2026/04/07/microsoft_device_code_phishing/
-
Russian Hackers Hit SOHO Routers in Cyberespionage Campaign
Tags: cloud, cyberespionage, dns, government, hacker, intelligence, microsoft, military, router, russia, spyHijacking DNS Settings Helps Russian Hackers Decrypt TLS Traffic, Microsoft Warns. Hackers tied to Russia’s GRU military intelligence agency are compromising SOHO routers to hijack their DNS settings and spy on the cloud activities of high-value government, IT, telecommunications and energy organizations, Microsoft warns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russian-hackers-hit-soho-routers-in-cyberespionage-campaign-a-31354
-
Russian Hackers Hit SOHO Routers in Cyberespionage Campaign
Tags: cloud, cyberespionage, dns, government, hacker, intelligence, microsoft, military, router, russia, spyHijacking DNS Settings Helps Russian Hackers Decrypt TLS Traffic, Microsoft Warns. Hackers tied to Russia’s GRU military intelligence agency are compromising SOHO routers to hijack their DNS settings and spy on the cloud activities of high-value government, IT, telecommunications and energy organizations, Microsoft warns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russian-hackers-hit-soho-routers-in-cyberespionage-campaign-a-31354
-
Russian Hackers Hit SOHO Routers in Cyberespionage Campaign
Tags: cloud, cyberespionage, dns, government, hacker, intelligence, microsoft, military, router, russia, spyHijacking DNS Settings Helps Russian Hackers Decrypt TLS Traffic, Microsoft Warns. Hackers tied to Russia’s GRU military intelligence agency are compromising SOHO routers to hijack their DNS settings and spy on the cloud activities of high-value government, IT, telecommunications and energy organizations, Microsoft warns. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russian-hackers-hit-soho-routers-in-cyberespionage-campaign-a-31354
-
Russian cyber spies targeting consumer, Soho routers
The UK’s NCSC and Microsoft have shared details of an ongoing cyber espionage campaign targeting vulnerable network routers, orchestrated by the Russian state actor Fancy Bear. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641403/Russian-cyber-spies-targeting-consumer-Soho-routers
-
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. First…
-
Russia’s Fancy Bear still attacking routers to boost fake sites, NCSC warns
200 orgs and 5,000 devices compromised so far in Vlad’s latest intelligence grab, Microsoft reckons First seen on theregister.com Jump to article: www.theregister.com/2026/04/07/russia_fancy_bear_ncsc_router_attack/
-
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/
-
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/
-
prompted 2026 Developing Deploying AI Fingerprints For Advanced Threat Detection
Author, Creator & Presenter: Natalie Isak, Software Engineer, Microsoft & Waris Gill, Applied Scientist, Microsoft Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’) YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-developing-deploying-ai-fingerprints-for-advanced-threat-detection/
-
The rise of proactive cyber: Why defense is no longer enough
Tags: attack, breach, ciso, control, country, cyber, cybersecurity, defense, framework, google, government, hacking, infrastructure, intelligence, korea, law, microsoft, network, north-korea, risk, threat, toolWhat ‘proactive cyber’ means: Despite the more aggressive language, this shift toward private-sector involvement doesn’t envision vigilante-style payback by aggrieved organizations. It instead embraces a more systematic effort to interfere with adversaries earlier in the attack chain using authorities and capabilities that already exist.”To be clear, this is not hacking back,” Joyce said. “This is…
-
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
Tags: ai, apache, api, cloud, compliance, control, crowdstrike, data, defense, detection, edr, endpoint, fedramp, finance, framework, incident response, infrastructure, intelligence, jobs, login, microsoft, monitoring, risk, saas, security-incident, service, siem, soc, software, strategy, threat, tool, update, vulnerability24/7/365 SOC monitoring: Round-the-clock coverage backed by global experts to validate and prioritize alerts.Proactive threat hunting: Active searches for hidden threats rather than just waiting for automated triggers.AI and machine learning integration: Leveraging everything from basic anomaly detection to “Agentic AI” to reduce noise and accelerate investigations.Active incident response and containment: Capabilities to isolate endpoints…
-
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/storm1175-medusa-attacks/
-
Microsoft deaktiviert Legacy-Authentifizierung schrittweise in Windows Server – NTLM vor dem Aus
First seen on security-insider.de Jump to article: www.security-insider.de/ntlm-vor-dem-aus-a-78bdabea09edd6ce516797cdd5e1f510/
-
Experts published unpatched Windows zero-day BlueHammer
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports. The researcher privately reported the vulnerability to Microsoft but criticized the waythe Microsoft’s Security…
-
Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign
Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on March 3, March 13, and March 23. The campaign primarily targeted organizations in Israel and the United Arab Emirates, impacting more than…
-
Zoff mit Microsoft: Frustrierter Forscher leakt Zero-Day-Exploit für Windows
Ein Forscher fühlt sich offenbar von Microsoft nicht ernst genommen. Aus Frust hat er einen Exploit-Code für eine ungepatchte Windows-Lücke geleakt. First seen on golem.de Jump to article: www.golem.de/news/zoff-mit-microsoft-frustrierter-forscher-leakt-zero-day-exploit-fuer-windows-2604-207270.html