Tag: microsoft

Keeper Security Extends KeeperPAM

Feb 20, 2026 3:01 PM

Tags: access, cloud, control, google, infrastructure, microsoft

Keeper Security has expanded its Privileged Access Management (PAM) platform, KeeperPAM, with native support for Google Cloud Platform (GCP), enabling organisations to unify privileged access controls across Google Cloud, AWS and Microsoft Azure environments. The move addresses a growing security concern for enterprises operating in increasingly complex, multi-cloud infrastructures: unmanaged and overprivileged identities. Tackling Cloud…
Ongoing Campaign Targets Microsoft 365 to Steal OAuth Tokens for Persistent Access

Feb 20, 2026 8:01 AM

Tags: access, attack, cyber, exploit, microsoft, phishing, technology, unauthorized, usa

A new phishing campaign exploiting Microsoft’s OAuth 2.0 Device Authorization Grant flow to gain unauthorized and persistent access to Microsoft 365 accounts. The sophisticated attack active since December 2025 specifically targets professionals and enterprises in North America, with over 44% of identified victims based in the United States. Sectors hit hardest include technology, manufacturing, and…
10 Passwordless-Optionen für Unternehmen

Feb 20, 2026 6:01 AM

Tags: access, ai, apple, authentication, ciso, cloud, control, crypto, endpoint, fido, github, google, hacker, Hardware, iam, identity, infrastructure, mfa, microsoft, mobile, monitoring, okta, passkey, password, service, software, tool, vpn

Um Passwörter hinter sich zu lassen, gibt es bessere Lösungen. Wir zeigen Ihnen zehn. Passwörter sind seit Jahrzehnten der Authentifizierungsstandard für Computersysteme, obwohl sie sich immer wieder aufs Neue als anfällig für diverse Cyberangriffsformen erwiesen haben und kompromittierte Benutzerkonten auf regelmäßiger Basis zum Einfallstor für kriminelle Hacker werden. Ein Mittel für CISOs, um diesem Problem…
New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Feb 20, 2026 5:01 AM

Tags: access, attack, awareness, business, credentials, defense, email, google, identity, incident response, least-privilege, login, malicious, mfa, microsoft, monitoring, office, phishing, risk, saas, social-engineering, training

microsoft.com. But the attacker has pre-registered their device to get the code for [the victim] to verify.”David Shipley, head of Canadian security awareness training provider Beauceron Security, said OAuth device code attacks have been gaining steam since 2024. “It’s the natural evolutionary response to improvements in account security, particularly MFA”, he said. The easiest defense is…
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden

Feb 20, 2026 1:01 AM

Tags: access, ai, api, attack, business, ciso, data, defense, email, exploit, governance, guide, hacker, malicious, microsoft, network, office, risk, threat, tool, vulnerability, waf

Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center

Feb 19, 2026 9:01 PM

Tags: cve, flaw, microsoft, tool, vulnerability, windows

Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges.Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud.The high-severity vulnerability, tracked as CVE-2026-26119, carries a…
Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks

Feb 19, 2026 6:01 PM

Tags: attack, malicious, microsoft, threat

ClickFix, an attack technique used to trick victims into pasting or clicking on malicious commands, has rapidly become a favorite method of threat groups. Recent reports by Huntress, Microsoft, and Intego detail how quickly the ClickFix tactic is evolving. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/huntress-microsoft-detail-the-continued-popularity-evolution-of-clickfix-attacks/
Huntress, Microsoft Detail the Continued Popularity, Evolution of ClickFix Attacks

Feb 19, 2026 6:01 PM

Tags: attack, malicious, microsoft, threat

ClickFix, an attack technique used to trick victims into pasting or clicking on malicious commands, has rapidly become a favorite method of threat groups. Recent reports by Huntress, Microsoft, and Intego detail how quickly the ClickFix tactic is evolving. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/huntress-microsoft-detail-the-continued-popularity-evolution-of-clickfix-attacks/
Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119)

Feb 19, 2026 6:01 PM

Tags: infrastructure, microsoft, vulnerability, windows

Microsoft has disclosed a privilege-escalation vulnerability in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/windows-admin-center-cve-2026-26119/
Malvertising gegen Mac-Nutzer über Evernote-Links

Feb 19, 2026 4:01 PM

Tags: google, malware, microsoft, office, software, tool

Beliebte Software und Tools bleiben wirksame Lockvogel-Angebote im Dienste von Cyberkriminellen. Aktuell nutzen sie Google-Anzeigen für Mac-Nutzer mit Interesse an Anwendungen wie Microsoft-Office, Libre-Office, Notepad++, 7-Zip, VLC oder Final-Cut-Pro. Die Täter leiten ihre Opfer auf in Evernote geteilte Seiten mit bösartigen Links. Nach Klick auf die Links mit den vermeintlichen Angeboten führen die Opfer Kommandos…
Malvertising gegen Mac-Nutzer über Evernote-Links

Feb 19, 2026 4:01 PM

Tags: google, malware, microsoft, office, software, tool

Beliebte Software und Tools bleiben wirksame Lockvogel-Angebote im Dienste von Cyberkriminellen. Aktuell nutzen sie Google-Anzeigen für Mac-Nutzer mit Interesse an Anwendungen wie Microsoft-Office, Libre-Office, Notepad++, 7-Zip, VLC oder Final-Cut-Pro. Die Täter leiten ihre Opfer auf in Evernote geteilte Seiten mit bösartigen Links. Nach Klick auf die Links mit den vermeintlichen Angeboten führen die Opfer Kommandos…
Fehlerhafte Exchange-Regeln verschoben E-Mails in Quarantäne

Feb 19, 2026 3:01 PM

Tags: mail, microsoft

Diverse URLs in E-Mails wurden als Bedrohung eingestuft. Dabei waren sie legitim. Ein Fix dauerte länger als geplant. First seen on golem.de Jump to article: www.golem.de/news/microsoft-fehlerhafte-exchange-regeln-verschoben-e-mails-in-quarantaene-2602-205609.html
Flaws in Google and Microsoft products added to Cisa catalogue

Feb 19, 2026 2:01 PM

Tags: cisa, cve, flaw, google, kev, microsoft

Cisa has added six CVEs to its Kev catalogue this week, including newly disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
Hackers target Microsoft Entra accounts in device code vishing attacks

Feb 19, 2026 2:01 PM

Tags: attack, finance, hacker, microsoft, phishing, technology, threat

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/
Flaws in Popular Software Development App Extensions Allow Data Exfiltration

Feb 19, 2026 1:01 PM

Tags: data, flaw, microsoft, programming, software, vulnerability

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vulnerabilities-vs-code-cursor/
Microsoft signals breakthrough in data storage that can last for generations

Feb 19, 2026 11:01 AM

Tags: data, microsoft

Microsoft announced progress on Project Silica, its research initiative focused on developing durable, long-term quartz glass-based data storage technology. Close up of Writer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/19/microsoft-project-silica-data-storage-technology/
Microsoft Defender Introduces Centralized Script Library Powered by Copilot for Live Response

Feb 19, 2026 11:01 AM

Tags: cyber, microsoft, tool

Microsoft has unveiled a significant enhancement to its Defender platform: centralized library management for live response operations, powered by Microsoft Security Copilot. This new capability addresses a critical workflow limitation that previously required security analysts to upload scripts and tools during active investigation sessions. The library management feature transforms how Security Operations Center (SOC) teams…
Datenpanne bei Microsoft: Bug lässt Copilot vertrauliche Mails lesen

Feb 19, 2026 10:01 AM

Tags: ai, mail, microsoft, tool

Microsoft 365 Copilot konnte offenbar bei einigen Nutzern E-Mails zusammenfassen, die das KI-Tool gar nicht hätte lesen dürfen. First seen on golem.de Jump to article: www.golem.de/news/datenpanne-bei-microsoft-bug-laesst-copilot-vertrauliche-mails-lesen-2602-205583.html
New Threat Emerges as Attackers Leverage Grok and Copilot to Evade Security Monitoring

Feb 19, 2026 8:00 AM

Tags: ai, control, cyber, cybercrime, microsoft, monitoring, service, threat

Researchers at Check Point Research (CPR) have uncovered a novel technique where cybercriminals utilize popular AI platforms like Grok and Microsoft Copilot to orchestrate covert attacks. This method transforms benign AI web services into proxies for Command and Control (C2) communication. By leveraging the web browsing and URL-fetching capabilities of these assistants, attackers can tunnel…
Microsoft 365 Copilot Vulnerability Exposes Sensitive Emails Through AI Summaries

Feb 19, 2026 7:01 AM

Tags: ai, cyber, data, email, flaw, microsoft, unauthorized, vulnerability

A security flaw in Microsoft 365 Copilot is currently causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, essentially bypassing configured Data Loss Prevention (DLP) policies. This vulnerability exposes potentially sensitive organizational data to unauthorized AI processing. The issue, tracked under Microsoft reference CW1226324, was first flagged on February 4,…
Critical Windows Admin Center Flaw Allows Privilege Escalation

Feb 19, 2026 5:01 AM

Tags: flaw, microsoft, vulnerability, windows

A high-severity Windows Admin Center vulnerability (CVE-2026-26119) could allow privilege escalation in enterprise environments. Here’s what to know and how to mitigate risk. The post Microsoft: Critical Windows Admin Center Flaw Allows Privilege Escalation appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-admin-center-privilege-escalation-february-2026/
OWASP Agentic Top 10: Agent Goal Hijack FireTail Blog

Feb 19, 2026 1:01 AM

Tags: ai, attack, control, data, email, finance, LLM, malicious, microsoft, risk, strategy, tool, unauthorized, zero-trust

Feb 18, 2026 – Lina Romero – What is Agent Goal Hijack?Agent Goal Hijack occurs when an attacker manipulates an agent’s objectives or decision pathways. Unlike traditional LLM attacks that focus on altering a single response, ASI01 targets the planning logic of the agent.Agents rely on natural-language instructions, so they often can’t reliably distinguish between…
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

Feb 18, 2026 10:01 PM

Tags: ai, corporate, data, data-breach, email, flaw, microsoft, privacy

Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

Feb 18, 2026 10:01 PM

Tags: ai, corporate, data, data-breach, email, flaw, microsoft, privacy

Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
Hidden Commands Found in AI Summarize Buttons

Feb 18, 2026 10:01 PM

Tags: ai, exploit, microsoft

Commands Push Lasting Preferences Into AI Assistants. Microsoft researchers found companies embedding hidden commands in summarize with AI buttons to plant lasting brand preferences in assistants’ memory. The tactic, dubbed AI recommendation poisoning, exploits persistent memory features to bias future responses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hidden-commands-found-in-ai-summarize-buttons-a-30784
AI platforms can be abused for stealthy malware communication

Feb 18, 2026 10:01 PM

Tags: ai, control, malware, microsoft

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-platforms-can-be-abused-for-stealthy-malware-communication/
Flaws in Google, Microsoft products added to Cisa catalogue

Feb 18, 2026 9:03 PM

Tags: cisa, cve, flaw, google, kev, microsoft

Cisa has added six CVEs to its Kev catalogue this week, including newly-disclosed issues in Google Chromium and Dell RecoverPoint for Virtual Machines, and some older flaws as well. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639264/Flaws-in-Google-Microsoft-products-added-to-Cisa-catalogue
Anti-phishing rules mistakenly blocked emails, Teams messages

Feb 18, 2026 5:58 PM

Tags: credentials, detection, email, microsoft, phishing

Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-anti-phishing-rules-mistakenly-blocked-emails-teams-messages/
This former Microsoft PM thinks she can unseat CyberArk in 18 months

Feb 18, 2026 4:58 PM

Tags: identity, microsoft

Though crowded, the identity management market seems eager for new solutions, and Venice is finding traction. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/the-former-microsoft-pm-who-thinks-she-can-unseat-cyberark-in-18-months/
This former Microsoft PM thinks she can unseat CyberArk in 18 months

Feb 18, 2026 4:58 PM

Tags: identity, microsoft

Though crowded, the identity management market seems eager for new solutions, and Venice is finding traction. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/the-former-microsoft-pm-who-thinks-she-can-unseat-cyberark-in-18-months/