Tag: microsoft
-
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack
Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
-
Kostenfreier Microsoft-365-Security-Scanner
Der Microsoft-365-Spezialist Coreview stellt ab sofort seinen kostenlosen <<Microsoft 365 Tenant Security Scanner <<zur Verfügung. Er analysiert unkompliziert die Tenant-Konfigurationen anhand der Center-for-Internet-Security (CIS) -Microsoft-365-v6.0.0-Richtlinien sowie bewährter Zero-Trust-Praktiken. Auf diese Weise erhalten Sicherheitsverantwortliche ein klares Bild der Sicherheitslage und können gezielt Abhilfemaßnahmen einleiten. Im Gegensatz zu herkömmlichen portalbasierten Bewertungen, bei denen verschiedene Bereiche wie Entra-ID,…
-
APT28 Exploits Active Microsoft Office Zero-Day to Deliver Malware
The Russia-linked advanced persistent threat group APT28 has been observed actively exploiting a zero-day vulnerability in Microsoft Office to deliver malware through a sophisticated multi-stage attack campaign. Security researchers from Zscaler ThreatLabz identified this new operation, dubbed Operation Neusploit, targeting users across Central and Eastern Europe with weaponized RTF documents. The campaign specifically targeted Ukraine,…
-
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania,…
-
Nach Monaten gefixt: Verschwundener Passwortin unter Windows 11
Schon seit August 2025 behindert ein nerviger Bug unter Windows 11 die Anmeldung mit einem Passwort. Einen Fix liefert Microsoft erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/nach-monaten-gefixt-windows-11-und-der-verschwundene-passwort-log-in-2602-204922.html
-
APT28 Leverages CVE-2026-21509 in Operation Neusploit
IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
-
Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-exploit-recently-patched-microsoft-office-bug-in-attacks/
-
Zero-Day in Microsoft Office Enables Stealthy Malware Infections
Tags: cve, cyber, exploit, government, infection, infrastructure, malicious, malware, microsoft, office, vulnerability, zero-dayMicrosoft disclosed a critical zero-day vulnerability in Office products on January 26, 2026, tracked as CVE-2026-21509, with active exploitation in the wild confirmed. The vulnerability enables attackers to deploy sophisticated malware through malicious document files, targeting government organizations and critical infrastructure. Indicator Type Value CVE CVE-2026-21509 Malicious Domains freefoodaid[.]com, wellnesscaremed[.]com, wellnessmedcare[.]org C2 Infrastructure *.filen.net, *.filen.io…
-
Russia-linked APT28 attackers already abusing new Microsoft Office zero-day
Ukraine’s CERT says the bug went from disclosure to active exploitation in days First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/russialinked_apt28_microsoft_office_bug/
-
What’s New in Tenable Cloud Security: Multi-cloud Risk Analysis, Attack Surface Assessments, Improved IAM Security and More
Tags: ai, attack, cloud, compliance, data, data-breach, endpoint, gartner, google, governance, iam, identity, infrastructure, Internet, least-privilege, microsoft, mitigation, network, radius, risk, risk-analysis, service, supply-chain, switch, tool, training, vulnerabilityTenable Cloud Security continues to expand the technical depth of our Tenable One exposure management platform. Our latest enhancements include unified multi-cloud exploration, high-fidelity network validation, and expanded entitlement visibility across infrastructure and identity providers. Key takeaways Graph-based multi-cloud exploration: We’ve leveraged our unified data model to provide deep visibility across all cloud environments. You…
-
January update shutdown bug affects more Windows PCs
Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-january-update-shutdown-bug-affects-more-windows-pcs/
-
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options.The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks…
-
Perfider Trick: Cyberkriminelle missbrauchen echte Microsoft-Adresse für Phishing-Angriff
First seen on t3n.de Jump to article: t3n.de/news/perfider-trick-cyberkriminelle-missbrauchen-echte-microsoft-adresse-fuer-pishing-angriff-1727257/
-
Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks
Russia-linked hacking group Fancy Bear is exploiting a brand-new vulnerability in Microsoft Office, CERT-UA says First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fancy-bear-exploits-office-flaw/
-
Microsoft sets a path to switch off NTLM across Windows
Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/02/microsoft-windows-ntlm-disabling/
-
Microsoft fixes bug causing password sign-in option to disappear
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-password-sign-in-option-to-disappear/
-
Update-Panne bei Microsoft: Auch Windows-10-Systeme lassen sich nicht runterfahren
Einige Windows-11-Systeme haben seit dem Januar-Patchday Probleme mit dem Shutdown. Jetzt gesteht Microsoft: Auch Windows 10 ist betroffen. First seen on golem.de Jump to article: www.golem.de/news/update-panne-bei-microsoft-auch-windows-10-systeme-lassen-sich-nicht-runterfahren-2602-204870.html
-
Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/01/week-in-review-microsoft-fixes-exploited-office-zero-day-fortinet-patches-forticloud-sso-flaw/
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…
-
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-ntlm-by-default-in-future-windows-releases/
-
Microsoft Acknowledges Windows 11 Backlash, Plans Major Improvements in 2026
Microsoft is shifting focus to fixing Windows 11 performance and reliability after months of buggy updates, boot failures, and growing user frustration. The post Microsoft Acknowledges Windows 11 Backlash, Plans Major Improvements in 2026 appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-performance-reliability-fixes/
-
Echte Microsoft-Mailadresse verschickt Spam: Wie Cyberkriminelle einen Dienst für ihre Zwecke missbrauchen
First seen on t3n.de Jump to article: t3n.de/news/echte-microsoft-mailadresse-verschickt-spam-1727257/
-
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk
Tags: backdoor, browser, chrome, credentials, cyber, defense, espionage, government, hacking, iran, login, microsoft, powershell, riskTAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent SpearSpecter campaign analysis.”‹ APT42 deploys TAMECAT in long-term espionage operations against senior defense and government…
-
Attackers Weaponize Microsoft 365 Outlook Add-ins to Quietly Exfiltrate Email Data
A stealthy data theft technique in Microsoft 365 that abuses Outlook add-ins to exfiltrate email content without leaving meaningful forensic traces. The technique, dubbed “Exfil Out&Look,” takes advantage of how Outlook Web Access (OWA) handles add-ins and audit logging, creating a blind spot that traditional Microsoft 365 monitoring cannot see. Outlook add-ins are small web-based…
-
Microsoft fixes Outlook bug blocking access to encrypted emails
Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recent update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-bug-blocking-access-to-encrypted-emails/
-
Windows 11 KB5074105 update fixes boot, sign-in, and activation issues
Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5074105-update-fixes-boot-sign-in-and-activation-issues/
-
Microsoft sets new timeline for Sentinel transition to Defender portal
Tags: microsoftMicrosoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/30/microsoft-transitioning-sentinel-to-defender-timeline/
-
Systemd daddy quits Microsoft to prove Linux can be trusted
Lennart Poettering’s Amutable aims to bring ‘cryptographically verifiable integrity’ to the other OS First seen on theregister.com Jump to article: www.theregister.com/2026/01/29/lennart_poettering_quits_microsoft/