Tag: microsoft
-
Microsoft Outlook Add-In Stolen 4000 Accounts and Credit Card Numbers
Tags: breach, credentials, credit-card, cyber, data-breach, flaw, login, malicious, microsoft, officeA dormant Microsoft Outlook add-in has been weaponized by attackers to steal thousands of login credentials and credit card numbers. The incident, identified by security researchers as the first known malicious Office add-in found in the wild, exposed a critical flaw in how Microsoft distributes third-party tools. The >>Zombie<< App In 2022, a developer published…
-
Microsoft warns that poisoned AI buttons and links may betray your trust
Businesses are embedding prompts that produce content they want you to read, not the stuff AI makes if left to its own devices First seen on theregister.com Jump to article: www.theregister.com/2026/02/12/microsoft_ai_recommendation_poisoning/
-
Companies are using ‘Summarize with AI’ to manipulate enterprise chatbots
Pushing falsehoods: A factor driving the recent popularity of recommendation poisoning appears to be the availability of open-source tools that make it easy to hide this function behind website Summarize buttons.This raises the uncomfortable possibility that poisoned buttons aren’t being added as an afterthought by SEO developers who get carried away. More likely, the intention…
-
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild.In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The…
-
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-notepad-flaw-let-files-execute-silently-via-markdown-links/
-
Microsoft Patches Windows Flaw Causing VPN Disruptions
Microsoft patches CVE-2026-21525, an actively exploited RasMan flaw that can crash Windows VPN services and disrupt remote access. The post Microsoft Patches Windows Flaw Causing VPN Disruptions appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-rasman-cve-vpn/
-
Microsoft Store Outlook add-in hijacked to steal 4,000 Microsoft accounts
The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-store-outlook-add-in-hijacked-to-steal-4-000-microsoft-accounts/
-
Microsoft says hackers are exploiting critical zero-day bugs to target Windows and Office users
Critical security flaws targeting Windows and Office users allow hackers to take complete control of a victim’s computer by clicking a malicious link or opening a file. Patch now. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/11/microsoft-says-hackers-are-exploiting-critical-zero-day-bugs-to-target-windows-and-office-users/
-
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security
Microsoft patched an actively exploited Word flaw that bypasses OLE protections and executes malicious documents without standard warnings. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-21514-actively-exploited-word-flaw-evades-ole-security/
-
Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt
Chaos-inciting fake news right this way First seen on theregister.com Jump to article: www.theregister.com/2026/02/09/microsoft_one_prompt_attack/
-
Microsoft boffins figured out how to break LLM safety guardrails with one simple prompt
Chaos-inciting fake news right this way First seen on theregister.com Jump to article: www.theregister.com/2026/02/09/microsoft_one_prompt_attack/
-
Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days
Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-day vulnerabilities. Microsoft Patch Tuesday security updates for February 2026 fix 58 new security flaws across Windows, Office, Azure, Edge, Exchange, Hyper-V, WSL, and other components, rising to 62 CVEs when third-party updates are included. Five vulnerabilities are Critical, two Moderate, and most…
-
Microsoft’s Valentine’s gift to admins: 6 exploited zero-day fixes
Roses are red, violets are blue … now get patching First seen on theregister.com Jump to article: www.theregister.com/2026/02/10/microsofts_valentines_gift_to_admins/
-
Microsoft Beefs Up Runtime Security
Redmond Rolls Out 2 Desktop Security Initiatives. Microsoft is touting changes to Windows meant to ensure better runtime security and user prompts when apps access sensitive desktop resources such as files, a camera or microphone. Other controls include blocking legacy authentication protocols to ensure use of multifactor authentication. First seen on govinfosecurity.com Jump to article:…
-
Microsoft Discloses ‘Extraordinarily High’ Number Of Zero-Day Vulnerabilities: Researcher
Microsoft’s monthly release of security updates Tuesday included fixes for six vulnerabilities that are considered to be actively exploited in cyberattacks. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-discloses-extraordinarily-high-number-of-zero-day-vulnerabilities-researcher
-
Microsoft Patches 6 Actively Exploited Zero-Days
Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in multiple Microsoft products. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-fixes-6-actively-exploited-zero-days
-
Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities
Microsoft said three of the exploited vulnerabilities were publicly known, suggesting attackers already had details about the defects prior to Tuesday’s release. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-february-2026/
-
Microsoft releases Windows 10 KB5075912 extended security update
Microsoft has released the Windows 10 KB5075912 extended security update to fix February 2026 Patch Tuesday vulnerabilities, including six zero-days, and continue rolling out replacements for expiring Secure Boot certificates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5075912-extended-security-update/
-
Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws
Today is Microsoft’s February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-february-2026-patch-tuesday-fixes-6-zero-days-58-flaws/
-
Windows 11 KB5077181 & KB5075941 cumulative updates released
Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077181-and-kb5075941-cumulative-updates-released/
-
Windows 11 KB5077181 & KB5075941 cumulative updates released
Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077181-and-kb5075941-cumulative-updates-released/
-
Windows 11 KB5077181 & KB5075941 cumulative updates released
Microsoft has released Windows 11 KB5077181 and KB5075941 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5077181-and-kb5075941-cumulative-updates-released/
-
Microsoft prepares to refresh Secure Boot’s digital certificate
Some customers, including in critical infrastructure sectors, will need to manually review their devices’ readiness for the update. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-secure-boot-certificate-update/811846/
-
Microsoft rolls out new Secure Boot certificates before June expiration
Microsoft has begun rolling out updated Secure Boot certificates through monthly Windows updates to replace the original 2011 certificates that will expire in late June 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-new-secure-boot-certificates-before-june-expiration/
-
Microsoft 365 outage takes down admin center in North America
Microsoft is investigating an outage that blocks some administrators with business or enterprise subscriptions from accessing the Microsoft 365 admin center. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-admin-center-in-north-america/
-
Microsoft tightens Windows security with app transparency and user consent
Microsoft is strengthening default protections in Windows through two security initiatives, Windows Baseline Security Mode and User Transparency and Consent. User Transparency … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/10/windows-security-app-transparency-user-consent/
-
Microsoft announces new mobile-style Windows security controls
Microsoft wants to introduce smartphone-style app permission prompts in Windows 11 to request user consent before apps can access sensitive resources such as files, cameras, and microphones. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-mobile-style-windows-security-controls/
-
Single prompt breaks AI safety in 15 major language models
Fundamental changes to safety mechanisms: The research went beyond measuring attack success rates to examine how the technique alters models’ internal safety mechanisms. When Microsoft tested Gemma3-12B-It on 100 diverse prompts, asking the model to rate their harmfulness on a 0-9 scale, the unaligned version systematically assigned lower scores, with mean ratings dropping from 7.97…
-
Threat Actors Weaponize Bing Ads for Azure Tech Support Scams
A sophisticated tech support scam campaign has emerged, exploiting malicious advertisements on Bing search results to redirect victims to fraudulent websites hosted on Microsoft’s Azure Blob Storage platform. The attack, first detected on February 2, 2026, affected users across 48 organizations in the United States within hours, demonstrating the effectiveness of weaponizing legitimate advertising channels…
-
VoidLink Linux C2 Uses LLM-Generated Malware with Kernel-Level Stealth
VoidLink represents a concerning evolution in malware development: a sophisticated Linux command-and-control framework that shows clear signs of being built with AI assistance. This Linux malware operates as a modular implant designed for long-term access to compromised systems. It doesn’t discriminate between cloud providers, actively harvesting credentials from AWS, Google Cloud Platform, Microsoft Azure, Alibaba Cloud, and…