Collecting Cyber-News from over 60 sources

Tag: microsoft

Sicherheitstheater: Microsoft erhält FedRAMP-Zulassung trotz massiver Mängel

Mar 19, 2026 9:10 AM

Tags: fedramp, microsoft

Interne Berichte und Experten kritisieren die Zertifizierung von Microsofts-Cloudlösung GCC High für US-Behörden scharf. First seen on golem.de Jump to article: www.golem.de/news/sicherheitstheater-microsoft-erhaelt-fedramp-zulassung-trotz-massiver-maengel-2603-206672.html
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

Mar 19, 2026 8:10 AM

Tags: attack, cisa, cisco, cve, cybersecurity, exploit, flaw, government, infrastructure, microsoft, office, ransomware, vulnerability, zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild.The vulnerabilities in question are as follows -CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting First seen…
Outband getting out of hand as Microsoft pushes hotpatch for Bluetooth

Mar 19, 2026 7:10 AM

Tags: microsoft, windows

Second emergency fix in days targets Windows 11 24H2 and 25H2 First seen on theregister.com Jump to article: www.theregister.com/2026/03/17/microsoft_bluetooth_hotpatch/
U.S. CISA adds Microsoft SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog

Mar 18, 2026 11:10 PM

Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ([1, 2]) SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog, tracked…
ClickFix treibt neue Infostealer-Kampagnen an

Mar 18, 2026 11:11 AM

Tags: api, captcha, control, cyberattack, encryption, exploit, framework, github, infrastructure, intelligence, lazarus, login, malware, microsoft, powershell, rat, social-engineering, threat, windows, wordpress

ClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten.Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Bekannt ist das Ganze unter dem Namen ClickFix und zudem effektiv: In einer einzigen Kampagne wurden über 250 WordPress-Websites in zwölf Ländern infiziert.Während diese Kampagne zu unauffälligen, im Arbeitsspeicher ausgeführten Schadprogrammen führt, beobachtete Microsoft…
Big tech companies step in to support the open source security ecosystem

Mar 18, 2026 11:11 AM

Tags: github, google, linux, microsoft, open-source, openai

The Linux Foundation announced $12.5 million in grant funding backed by Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen open source … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/linux-foundation-open-source-security-12-5-million-funding/
Microsoft Teams-Based Vishing Attack Tricks Victims Into Quick Assist Takeover

Mar 18, 2026 10:09 AM

Tags: attack, breach, corporate, cyber, cyberattack, detection, identity, microsoft, phishing, social-engineering, software, threat, vulnerability

Threat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion where attackers successfully used Microsoft Teams voice phishing (vishing) to compromise a corporate device via Quick Assist. This incident, detailed in Microsoft’s latest Cyberattack…
Software-Rollout: Microsoft stoppt automatische Copilot-Installation

Mar 18, 2026 10:09 AM

Tags: microsoft, software

Nach Datenschutzkritik und Kurskorrekturen setzt Microsoft die automatische Verteilung der Copilot-App für Microsoft-365-Nutzer vorerst aus. First seen on golem.de Jump to article: www.golem.de/news/software-rollout-microsoft-stoppt-automatische-copilot-installation-2603-206628.html
Researchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM Access

Mar 18, 2026 8:09 AM

Tags: access, cve, cyber, exploit, flaw, microsoft, vulnerability, windows

Researchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as >>RegPwn<<. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry configurations for its built-in Accessibility features."‹ Windows Accessibility features, such as the On-Screen Keyboard and Narrator, run…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Mar 17, 2026 11:10 PM

Tags: ai, attack, injection, microsoft, phishing, risk

Researchers reveal how Microsoft Copilot can be manipulated by prompt injection attacks to generate convincing phishing messages inside trusted AI summaries. The post Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-copilot-prompt-injection-phishing-risk/
Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer

Mar 17, 2026 10:10 PM

Tags: cybercrime, fortinet, ivanti, microsoft, vpn

In mid-January 2026, Microsoft Defender Experts identified a devious way that cybercriminals are tricking people into giving away… First seen on hackread.com Jump to article: hackread.com/storm-2561-fake-fortinet-ivanti-vpn-sites-hyrax-infostealer/
Microsoft Confirms Windows 11 Bug Crippling PCs, Blocking Access to Core Drive

Mar 17, 2026 5:10 PM

Tags: access, microsoft, windows

Microsoft says a Windows 11 issue tied to Samsung Galaxy Connect can block access to the C: drive and prevent key apps from opening. The post Microsoft Confirms Windows 11 Bug Crippling PCs, Blocking Access to Core Drive appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-bug-c-drive-access-denied-samsung-fix/
Microsoft stops force-installing the Microsoft 365 Copilot app

Mar 17, 2026 4:10 PM

Tags: microsoft, windows

Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA) that have the Microsoft 365 desktop client apps. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-stops-force-installing-the-microsoft-365-copilot-app/
Risiken durch Copilot mindern: Analyst schlägt KI-Verbot am Freitagnachmittag vor

Mar 17, 2026 3:10 PM

Tags: ai, gartner, microsoft, risk

In einem Vortrag erörtert ein Gartner-Analyst fünf Risiken beim Einsatz von Microsoft 365 Copilot und zeigt Wege, diese zu vermeiden. First seen on golem.de Jump to article: www.golem.de/news/risiken-durch-copilot-mindern-analyst-schlaegt-ki-verbot-am-freitagnachmittag-vor-2603-206601.html
Microsoft shares fix for Windows C: drive access issues on Samsung PCs

Mar 17, 2026 2:10 PM

Tags: access, microsoft, windows

Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-fix-for-windows-c-drive-access-issues-on-samsung-pcs/
Windows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility Issues

Mar 17, 2026 2:10 PM

Tags: cyber, microsoft, update, windows

Microsoft has rolled out an unexpected out-of-band hotpatch, KB5084897, targeting Windows 11 versions 25H2 and 24H2. Released on March 16, 2026, this specific update resolves a highly disruptive visual bug affecting Bluetooth connectivity management. The patch elevates supported systems to OS builds 26200.7984 and 26100.7984, delivering immediate administrative relief for users struggling to monitor or…
New Windows 11 hotpatch fixes Bluetooth device visibility issue

Mar 17, 2026 1:09 PM

Tags: microsoft, update, windows

Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-11-hotpatch-fixes-bluetooth-device-visibility-issue/
Microsoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle Tools

Mar 17, 2026 1:09 PM

Tags: ai, cyber, data, intelligence, microsoft, open-source, tool

Microsoft has officially released a new open-source tool designed to simplify how IT and security administrators manage data governance. Announced on March 16, 2026, the DLM Diagnostics Model Context Protocol (MCP) Server brings artificial intelligence directly into the troubleshooting process for Microsoft Purview Data Lifecycle Management (DLM). Managing data lifecycles across Microsoft 365 workloads is…
Microsoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle Tools

Mar 17, 2026 1:09 PM

Tags: ai, cyber, data, intelligence, microsoft, open-source, tool

Microsoft has officially released a new open-source tool designed to simplify how IT and security administrators manage data governance. Announced on March 16, 2026, the DLM Diagnostics Model Context Protocol (MCP) Server brings artificial intelligence directly into the troubleshooting process for Microsoft Purview Data Lifecycle Management (DLM). Managing data lifecycles across Microsoft 365 workloads is…
Microsoft zeroes in on AI-driven data risks in Fabric

Mar 17, 2026 12:11 PM

Tags: ai, data, microsoft, risk, update

New Microsoft Purview innovations for Microsoft Fabric help organizations secure data and accelerate AI adoption. The updates focus on identifying risks, preventing data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/17/microsoft-purview-fabric-security-innovations/
Enabling Teams Meeting add-in breaks Outlook Classic

Mar 17, 2026 12:11 PM

Tags: email, microsoft

Microsoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-enabling-teams-meeting-add-in-breaks-outlook-classic/
Microsoft points at Samsung after Galaxy app bug locks users out of C:

Mar 17, 2026 10:09 AM

Tags: access, microsoft, windows

‘Access denied’ errors hit certain Windows 11 machines running vendor utility First seen on theregister.com Jump to article: www.theregister.com/2026/03/16/samsung_c_drive_windows/
Attack on Stryker’s Microsoft environment wiped employee devices without malware

Mar 17, 2026 10:09 AM

Tags: attack, cyberattack, malware, microsoft, technology

The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. The company confirmed that its medical devices were not…
Gartner suggests Friday afternoon Copilot ban because tired users may be too lazy to check its mistakes

Mar 17, 2026 8:10 AM

Tags: ai, gartner, jobs, microsoft

Admins may be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job First seen on theregister.com Jump to article: www.theregister.com/2026/03/17/gartner_copilot_security_mitigations/
Gartner suggests Friday afternoon Copilot ban because tired users may be too lazy to check its mistakes

Mar 17, 2026 8:10 AM

Tags: ai, gartner, jobs, microsoft

Admins may be even more exhausted by then, because securing Microsoft’s AI helper is not a trivial job First seen on theregister.com Jump to article: www.theregister.com/2026/03/17/gartner_copilot_security_mitigations/
Hackers Abuse Trusted Websites in New Attacks on Microsoft Teams Users

Mar 17, 2026 8:10 AM

Tags: attack, corporate, cyber, cybersecurity, hacker, infrastructure, malicious, microsoft, phishing, threat, tool

Threat actors are increasingly turning to trusted infrastructure to launch their attacks, making it harder for automated security tools to flag malicious activity. A newly identified phishing campaign highlights this growing trend by abusing compromised websites to harvest valuable corporate credentials. Cybersecurity researchers have uncovered a sophisticated new phishing campaign where attackers hijack legitimate websites…