Collecting Cyber-News from over 60 sources

Tag: microsoft

Microsoft Alerts Customers to New Phishing Attack Exploiting OAuth in Entra ID to Bypass Detection

Mar 4, 2026 8:47 AM

Tags: attack, authentication, credentials, cyber, detection, exploit, google, government, microsoft, phishing, software, threat, vulnerability

Microsoft recently uncovered sophisticated phishing campaigns that exploit the by-design redirection mechanisms of the OAuth 2.0 protocol. Threat actors are targeting government and public-sector organizations by manipulating legitimate authentication flows in Microsoft Entra ID and Google Workspace. Rather than exploiting traditional software vulnerabilities or stealing credentials directly, this campaign abuses trusted protocol behavior to bypass…
Microsoft’s February Security Update of High-Risk Vulnerability Notice for Multiple Products

Mar 4, 2026 6:47 AM

Tags: cyber, microsoft, network, office, remote-code-execution, risk, update, vulnerability, windows

Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, Microsoft Office, and Visual Studio Code. These vulnerabilities include privilege escalation, remote code execution, and other high-risk vulnerabilities. In this monthly update, 5 vulnerabilities are rated as…The…
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest

Mar 4, 2026 5:46 AM

Tags: ai, attack, authentication, credentials, dkim, dmarc, email, finance, google, identity, infrastructure, law, login, malicious, microsoft, phishing, risk, service, threat

<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
The DocuSign Email That Wasn’t A Three-Redirect Credential Harvest

Mar 4, 2026 5:46 AM

Tags: ai, attack, authentication, credentials, dkim, dmarc, email, finance, google, identity, infrastructure, law, login, malicious, microsoft, phishing, risk, service, threat

<div cla TL;DR Attackers sent a convincing DocuSign notification with a “Review & Sign” button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first…
Hackers abuse OAuth error flows to spread malware

Mar 3, 2026 10:47 PM

Tags: email, hacker, malicious, malware, microsoft, phishing

Hackers are abusing the legitimate OAuth redirection mechanism to bypass phishing protections in email and browsers to take users to malicious pages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-abuse-oauth-error-flows-to-spread-malware/
$5M Microsoft Activation Key Fraud Ends in Prison Term

Mar 3, 2026 7:47 PM

Tags: fraud, microsoft, software

A Florida woman was sentenced for reselling improperly distributed Microsoft activation keys, underscoring gray-market software risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/5m-microsoft-activation-key-fraud-ends-in-prison-term/
NDSS 2025 Be Careful Of What You Embed: Demystifying OLE Vulnerabilities

Mar 3, 2026 6:47 PM

Tags: conference, cve, data, detection, exploit, Internet, malicious, microsoft, network, office, remote-code-execution, risk, tool, vulnerability, windows

Session 14C: Vulnerability Detection Authors, Creators & Presenters: Yunpeng Tian (Huazhong University of Science and Technology), Feng Dong (Huazhong University of Science and Technology), Haoyi Liu (Huazhong University of Science and Technology), Meng Xu (University of Waterloo), Zhiniang Peng (Huazhong University of Science and Technology; Sangfor Technologies Inc.), Zesen Ye (Sangfor Technologies Inc.), Shenghui Li…
Threat actors weaponize OAuth redirection logic to deliver malware

Mar 3, 2026 5:47 PM

Tags: authentication, defense, email, malware, microsoft, phishing, threat

An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
Threat actors weaponize OAuth redirection logic to deliver malware

Mar 3, 2026 5:47 PM

Tags: authentication, defense, email, malware, microsoft, phishing, threat

An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/attackers-abusing-oauth-redirection-phishing-malware/
Florida woman gets 2 year sentence for trafficking Microsoft software labels

Mar 3, 2026 4:46 PM

Tags: microsoft, software

According to court documents, the defendant purchased millions of dollars of labels but did not sell them with the corresponding software. First seen on therecord.media Jump to article: therecord.media/florida-woman-sentenced-reselling-microsoft-labels
Phishing campaign exploits OAuth redirection to bypass defenses

Mar 3, 2026 2:47 PM

Tags: credentials, defense, email, exploit, flaw, government, microsoft, phishing, software, threat

Microsoft researchers warn that threat actors abuse OAuth redirects to target government users and deliver malware. Microsoft has warned of phishing campaigns targeting government and public-sector organizations by abusing OAuth URL redirection. Instead of stealing credentials or exploiting software flaws, attackers leverage OAuth’s legitimate by-design behavior to bypass email and browser defenses. The tactic redirects…
OAuth phishers make ‘check where the link points’ advice ineffective

Mar 3, 2026 2:47 PM

Tags: authentication, automation, awareness, business, cloud, control, edr, email, encryption, endpoint, exploit, governance, identity, login, malicious, microsoft, monitoring, phishing, saas, threat, tool

Context, not the URL, is the new red flag: Sakshi Grover, Senior Research Manager at IDC Asia/Pacific, said the longstanding advice to hover over a link and verify its domain was built for an era of lookalike domains and that it no longer holds in environments where authentication flows routinely pass through trusted identity providers.”Organizations…
New Defender deployment tool streamlines Windows device onboarding with single executable

Mar 3, 2026 1:47 PM

Tags: microsoft, tool, windows

Microsoft’s Defender deployment tool for Windows helps administrators manage device onboarding at scale with updated progress visibility and additional controls. Simplified … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/03/microsoft-defender-deployment-tool-for-windows-update/
Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Mar 3, 2026 12:47 PM

Tags: defense, email, government, infrastructure, malware, microsoft, phishing

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers.The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described First seen on thehackernews.com…
KI-Anwendungsfälle mit Microsoft Copilot – Microsoft AI Tour: Souveränität as a Service und Use Cases

Mar 3, 2026 10:47 AM

Tags: ai, microsoft, service

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-ai-tour-souveraenitaet-as-a-4603d005e59798ec95a6dd881cedca59/
Hackerbot-Claw Bot Exploits GitHub Actions CI/CD Flaw to Attack Microsoft and DataDog

Mar 3, 2026 8:46 AM

Tags: ai, attack, automation, cyber, exploit, flaw, github, microsoft, open-source, remote-code-execution

Hackerbot-claw, an autonomous AI bot, has launched a week-long campaign abusing GitHub Actions misconfigurations to hit CI/CD pipelines at Microsoft, DataDog, and other major open-source projects, achieving remote code execution (RCE) and even full repo compromise in some cases. The attacks highlight how unsafe pull_request_target workflows and shell interpolation bugs can turn routine automation into…
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Mar 3, 2026 5:47 AM

Tags: access, malicious, malware, microsoft, phishing, scam

Crims hope for payday from malicious payloads rather than stealing access tokens First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/microsoft_oauth_scams/
Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery

Mar 3, 2026 5:47 AM

Tags: access, malicious, malware, microsoft, phishing, scam

Crims hope for payday from malicious payloads rather than stealing access tokens First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/microsoft_oauth_scams/
When Trusted Authentication Enables Privilege Escalation

Mar 2, 2026 9:48 PM

Tags: authentication, microsoft, ntlm, threat

Active Directory remains the backbone of enterprise identity. Despite years of modernization efforts, many organizations still rely on legacy authentication protocols that were never designed for today’s threat landscape. New reporting from Dark Reading highlights how attackers continue to abuse NTLM and Kerberos within Microsoft Active Directory environments to escalate privileges, move laterally, and maintain…
Florida woman imprisoned for massive Microsoft license fraud scheme

Mar 2, 2026 7:47 PM

Tags: breach, fraud, microsoft

A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/florida-woman-imprisoned-for-massive-microsoft-license-fraud-scheme/
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Mar 2, 2026 5:47 PM

Tags: control, cve, cvss, exploit, Internet, microsoft, russia, update, vulnerability, zero-day

Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code…
MSHTML Zero-Day in Windows Exploited by APT28 Prior to Feb 2026 Security Update

Mar 2, 2026 3:47 PM

Tags: cve, cyber, exploit, flaw, group, malware, microsoft, threat, update, vulnerability, windows, zero-day

Microsoft released its Patch Tuesday updates, addressing 59 vulnerabilities, including a critical zero-day flaw in the Windows MSHTML framework. Tracked as CVE-2026-21513, this actively exploited vulnerability allows attackers to bypass security features and execute arbitrary code. APT28 is a well-documented advanced persistent threat group known for sophisticated malware campaigns. Security researchers from Akamai discovered that…
How Microsoft, partners are tackling ‘huge, huge task’ of making security software safer

Mar 2, 2026 2:47 PM

Tags: microsoft, software, technology

The technology giant and third-party security vendors are plotting an ambitious overhaul of how their products interoperate. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-windows-resilience-initiative-security-kernel/813416/
APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

Mar 2, 2026 12:47 PM

Tags: cve, exploit, flaw, framework, microsoft, russia, threat, unauthorized, update, vulnerability, zero-day

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai.The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework.”Protection mechanism failure in MSHTML Framework allows an unauthorized First seen on…
MetaCompliance führt innovative ExposureFunktion ein

Mar 2, 2026 12:47 PM

Tags: deep-fake, microsoft, monitoring

MetaCompliance ist die Plattform, die Daten zu Sicherheitsverletzungen von Drittanbietern direkt mit automatisierten, gezielten Schulungsmaßnahmen verknüpft. Die nahtlose Integration mit Microsoft Power BI und Slack sowie die ausgereiften Deepfake-Simulationen sorgen dafür, dass Insights und Maßnahmen direkt in den Arbeitsalltag einfließen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/metacompliance-fuehrt-innovative-exposure-monitoring-funktion-ein/a43910/
MetaCompliance führt innovative ExposureFunktion ein

Mar 2, 2026 12:47 PM

Tags: deep-fake, microsoft, monitoring

MetaCompliance ist die Plattform, die Daten zu Sicherheitsverletzungen von Drittanbietern direkt mit automatisierten, gezielten Schulungsmaßnahmen verknüpft. Die nahtlose Integration mit Microsoft Power BI und Slack sowie die ausgereiften Deepfake-Simulationen sorgen dafür, dass Insights und Maßnahmen direkt in den Arbeitsalltag einfließen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/metacompliance-fuehrt-innovative-exposure-monitoring-funktion-ein/a43910/
MetaCompliance führt innovative ExposureFunktion ein

Mar 2, 2026 12:47 PM

Tags: deep-fake, microsoft, monitoring

MetaCompliance ist die Plattform, die Daten zu Sicherheitsverletzungen von Drittanbietern direkt mit automatisierten, gezielten Schulungsmaßnahmen verknüpft. Die nahtlose Integration mit Microsoft Power BI und Slack sowie die ausgereiften Deepfake-Simulationen sorgen dafür, dass Insights und Maßnahmen direkt in den Arbeitsalltag einfließen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/metacompliance-fuehrt-innovative-exposure-monitoring-funktion-ein/a43910/
Digitale Souveränität, resiliente Cloud und KI aus Europa – Microsoft eröffnet erstes Studio für souveräne Cloud- und KI-Architekturen

Mar 2, 2026 9:46 AM

Tags: ai, cloud, microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-eroeffnet-erstes-studio-fuer-souveraene-cloud-und-ki-architekturen-a-730da0134637b74513cbe6dd6030ff60/
Microsoft to auto-launch Copilot in Edge whenever you click a link from Outlook

Feb 28, 2026 2:36 PM

Tags: microsoft

Whac-A-Mole season continues as Redmond finds yet another corner to stuff its 21st century Clippy First seen on theregister.com Jump to article: www.theregister.com/2026/02/26/copilot_pane_edge_outlook/
Microsoft warns of RAT delivered through trojanized gaming utilities

Feb 28, 2026 10:37 AM

Tags: access, microsoft, powershell, rat, threat, tool

Attackers spread trojanized gaming tools to deliver a stealthy RAT using PowerShell, LOLBins, and Defender evasion tactics. Threat actors are tricking users into running trojanized gaming utilities shared through browsers and chat platforms to deploy a remote access trojan. >>Microsoft Defender researchers uncovered a campaign that lured users into running trojanized gaming utilities (Xeno.exe or…