Tag: microsoft
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
Microsoft Teams Relay Abused by Hackers to Hide Malicious Traffic
Tags: communications, control, cyber, exploit, hacker, infrastructure, malicious, microsoft, ransomware, threatMicrosoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel technique in which attackers exploit Microsoft Teams’ TURN (Traversal Using Relays around NAT) servers to conceal command-and-control (C2) communications, making malicious activity…
-
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dragonforce-ransomware-hidden/
-
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
DragonForce ransomware used a custom malware named ‘Backdoor.Turn’ to hide command-and-control traffic inside Microsoft Teams relay infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/
-
Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts
An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to complete a genuine Microsoft authentication process that, unbeknownst to them, authorizes an attacker-controlled “device.” The result: fully…
-
Microsoft 365: Datenklau über Copilot mit nur einem Klick
Durch eine Verkettung mehrerer Sicherheitslücken konnten Angreifer über Microsoft 365 Copilot unter anderem E-Mails und Onedrive-Dateien ausleiten. First seen on golem.de Jump to article: www.golem.de/news/microsoft-365-datenklau-ueber-copilot-mit-nur-einem-klick-2606-209812.html
-
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.”The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible First seen on…
-
Critical SearchLeak Flaw in Microsoft 365 Copilot Exposed Sensitive Enterprise Data
A newly disclosed SearchLeak vulnerability in Microsoft 365 Copilot Enterprise exposed a critical pathway for attackers to steal sensitive organizational data through a specially crafted URL. The flaw chain, now tracked as CVE-2026-42824, was patched by Microsoft earlier this month and assigned a critical severity rating due to its potential impact. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/searchleak-vulnerability-microsoft-365-copilot/
-
Microsoft Website Displays Security Warning After Certificate Expiry
Microsoft has triggered widespread browser security warnings after allowing the TLS certificate for a critical Microsoft 365 connectivity testing domain to expire, raising concerns over certificate lifecycle management practices. The affected domain, connectivity.office.com, widely used by system administrators and enterprise IT teams to validate network access to Microsoft 365 services, began returning NET::ERR_CERT_DATE_INVALID errors in…
-
Microsoft 365 Copilot Vulnerability Exposes Sensitive Data Through One-Click Attack
Microsoft 365 Copilot has been found vulnerable to a critical one-click data exfiltration attack chain dubbed “SearchLeak,” exposing sensitive enterprise data through a combination of AI-specific and traditional web vulnerabilities. Discovered by Varonis Threat Labs, the flaw, tracked as CVE-2026-42824 and rated critical, demonstrates how modern AI integrations can unintentionally expand attack surfaces by linking…
-
SearchLeak vulnerability allows data theft from Microsoft 365 Copilot Enterprise
First seen on scworld.com Jump to article: www.scworld.com/brief/searchleak-vulnerability-allows-data-theft-from-microsoft-365-copilot-enterprise
-
Gefährliche Angriffe – Ein Klick und M365-Copilot Enterprise wird zum Datendieb
Forscher haben eine Angriffskette entdeckt, mit der sich Microsoft 365 Copilot Enterprise zum Diebstahl sensibler Daten missbrauchen lässt. First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/gefaehrliche-angriffe-ein-klick-und-m365-copilot-enterprise-wird-zum-datendieb.97925
-
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL…
-
Kasper Lindgaard ist neuer Vice President of Security Strategy bei Coreview
Der Spezialist für den Schutz und das Management von Microsoft-365-Tenants, Coreview, baut mit Kasper Lindgaard als Vice President of Security Strategy seine Bedrohungsforschung im Bereich Microsoft-365 weiter aus. Lindgaard verfügt über mehr als zwei Jahrzehnte Erfahrung im Bereich der Sicherheit von Microsoft-Plattformen. So hatte er unter anderem eine leitende Rolle bei Secunia Research inne, einem…
-
New attack turned Microsoft 365 Copilot into 1-click data theft tool
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target’s mailbox, OneDrive, or SharePoint account through a specially crafted URL. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/
-
Windows 11 Update Causes System Freezes, Triggers BitLocker Recovery, and Breaks OneDrive
Windows 11 cumulative update KB5094126, released on June 9, 2026, for builds 26200.8655 and 26100.8655, is triggering a wave of user reports about system freezes, forced BitLocker recovery screens, and broken OneDrive integration in File Explorer on some devices. While Microsoft positions the patch as a critical security and reliability update, early feedback suggests serious…
-
Microsoft’s workplace check-in via Wi-Fi tracks who’s in the office, and not everyone’s happy
Microsoft is rolling out workplace check-in via Wi-Fi for Teams and Microsoft Places. Connect to your office network and your in-office presence updates automatically, no … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/microsoft-teams-workplace-wi-fi-check-in/
-
Wurm Miasma infiltriert 73 Microsoft-Repositories
GitHub hat 73 infizierte Microsoft-Repositories gesperrt. Der Krypto-Wurm Miasma stahl dort gezielt Passwörter und API-Schlüssel von Entwicklern. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/wurm-miasma-microsoft-repositories
-
Streit mit Microsoft: Anonymer Sicherheitsforscher veröffentlicht nächsten Windows-Exploit
First seen on t3n.de Jump to article: t3n.de/news/streit-mit-microsoft-anonymer-sicherheitsforscher-veroeffentlicht-naechsten-windows-exploit-1747312/
-
The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-the-fcc-wants-to-kill-burner-phones/
-
inforcer targets Microsoft 365 alert fatigue with new TDR platform
Tags: microsoftFirst seen on scworld.com Jump to article: www.scworld.com/news/inforcer-targets-microsoft-365-alert-fatigue-with-new-tdr-platform
-
New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight
A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact. The post New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-bitlocker-zero-day-june-2026/
-
Microsoft fixes Windows update failures linked to WUSA installer
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-update-failures-linked-to-wusa-installer/
-
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code
Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code on targeted systems. The flaws, tracked as CVE-2026-45456, CVE-2026-45458, and CVE-2026-47635, were released on June 9, 2026, and carry high severity ratings with CVSS scores of 8.4. Security researchers warn that…
-
Microsoft Teams Android Flaw Could Let Attackers Disclose Sensitive Information
Microsoft has disclosed a high-severity information disclosure vulnerability affecting its Teams application for Android, tracked as CVE-2026-42835. The flaw, publicly released on June 9, 2026, has been assigned a CVSS v3.1 base score of 8.1, categorizing it as an “Important” severity issue. According to Microsoft’s advisory, the vulnerability stems from improper neutralization of special elements…
-
Microsoft Restricts Claude Fable 5 Access Amid AI Safety Review
Microsoft reportedly limited internal use of Claude Fable 5 while legal teams review Anthropic’s 30-day data-retention policy. The post Microsoft Restricts Claude Fable 5 Access Amid AI Safety Review appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-claude-fable-5-data-retention/
-
Breach Roundup: CISA Says Agencies Should ‘Patch Smarter’
Also, France Probes Tchap Breach, M&S Cancels Bonuses, June Patch Tuesday. This week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court. Microsoft warned of AI-themed attacks. M&S canceled bonuses. France probed a Tchap breach. NHS trusts disclosed stolen data and a Telegram campaign targeted Russian troops. First…
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender.”This was an accidental discovery, it took a total of 4 hours to find this,” the researcher said in a post on Blogger. “If you ever attempted to use…
-
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bitlocker-recovery-bug-on-windows-server-2025/