Tag: microsoft

Microsoft to Integrate Sysmon Threat Detection Natively into Windows 11

Feb 5, 2026 6:14 AM

Tags: cyber, detection, microsoft, threat, tool, update, windows

Microsoft has officially begun rolling out native System Monitor (Sysmon) functionality to Windows 11, marking a significant shift for threat hunters and security operations centers (SOCs). Released via the Windows 11 Insider Preview Build 26300.7733 (Dev Channel) on February 3, 2026, this update embeds the popular Sysinternals tool directly into the operating system’s optional features.…
Microsoft releases urgent Office patch. Russian-state hackers pounce.

Feb 5, 2026 1:13 AM

Tags: hacker, microsoft, office, russia, update, vulnerability

The window to patch vulnerabilities is shrinking rapidly. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/02/russian-state-hackers-exploit-office-vulnerability-to-infect-computers/
When Documents Become the Attack Vector: Inside APT28’s Latest Microsoft Office Exploit

Feb 4, 2026 10:14 PM

Tags: attack, awareness, email, exploit, hacker, microsoft, office, russia, threat, training

Email attachments remain one of the most trusted entry points into enterprise environments. Despite years of awareness training and secure email gateways, attackers continue to rely on documents because they blend seamlessly into everyday workflows. New reporting from The Hacker News details how APT28, a Russia-linked threat actor, is actively exploiting a newly disclosed Microsoft…
Microsoft Hires Ex-Google Cloud President Hayete Gallot As New Security Chief

Feb 4, 2026 9:14 PM

Tags: cloud, google, jobs, microsoft

Microsoft confirmed Wednesday that it has hired former Google Cloud executive Hayete Gallot to head its security division, replacing Charlie Bell. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-hires-ex-google-cloud-president-hayete-gallot-as-new-security-chief
Microsoft Develops Scanner to Detect Backdoors in Open-Weight Large Language Models

Feb 4, 2026 8:15 PM

Tags: ai, backdoor, intelligence, microsoft

Microsoft on Wednesday said it built a lightweight scanner that it said can detect backdoors in open-weight large language models (LLMs) and improve the overall trust in artificial intelligence (AI) systems.The tech giant’s AI Security team said the scanner leverages three observable signals that can be used to reliably flag the presence of backdoors while…
Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms

Feb 4, 2026 5:13 PM

Tags: microsoft, windows

Microsoft confirms a Windows bug preventing some PCs from shutting down or hibernating after January 2026 updates. A fix is still pending. The post Windows Shutdown Bug Spreads to Windows 10, Microsoft Confirms appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-shutdown-bug-secure-launch-vsm/
Microsoft rolls out native Sysmon monitoring in Windows 11

Feb 4, 2026 3:13 PM

Tags: microsoft, monitoring, windows

Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-native-windows-11-sysmon-security-monitoring/
Russian hackers exploited a critical Office bug within days of disclosure

Feb 4, 2026 2:13 PM

Tags: access, attack, cisa, cloud, control, cve, data, data-breach, detection, email, espionage, exploit, flaw, framework, github, group, hacker, infection, intelligence, kev, malicious, malware, microsoft, mitigation, office, risk, russia, update, vulnerability, windows

One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
Info-Stealing malware expands from Windows to macOS

Feb 4, 2026 2:13 PM

Tags: attack, macOS, malware, microsoft, social-engineering, windows

Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake…
Azure outages ripple across multiple dependent Microsoft services

Feb 4, 2026 1:13 PM

Tags: cloud, identity, microsoft, service

Managed Identity and virtual machine failures triggered knock-on problems throughout cloud platform First seen on theregister.com Jump to article: www.theregister.com/2026/02/03/azure_virtual_machine_outage/
Cyberangriffe auf Europa: Russische Hacker attackieren Office-Nutzer

Feb 4, 2026 12:14 PM

Tags: cyberattack, hacker, malware, microsoft, military, office

Die dem russischen Militär zugeordnete Hackergruppe APT28 hat es auf Nutzer von Microsoft Office abgesehen und schleust durch eine Lücke Malware ein. First seen on golem.de Jump to article: www.golem.de/news/cyberangriffe-auf-europa-russische-hacker-attackieren-office-nutzer-2602-204982.html
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Feb 4, 2026 10:13 AM

Tags: apple, attack, macOS, microsoft, social-engineering, windows

Microsoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.The tech giant’s Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since First seen on thehackernews.com Jump…
Microsoft and Google Platforms Abused in New Enterprise Cyberattacks

Feb 4, 2026 9:13 AM

Tags: attack, cloud, cyber, cyberattack, defense, google, infrastructure, malicious, microsoft, phishing, service, tactics, threat

A dangerous shift in phishing tactics, with threat actors increasingly hosting malicious infrastructure on trusted cloud platforms like Microsoft Azure, Google Firebase, and AWS CloudFront. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks leverage legitimate cloud services to bypass security defenses and target enterprise users globally. When malicious content is…
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Feb 4, 2026 9:13 AM

Tags: malicious, microsoft, open-source, supply-chain

The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats.The move marks a shift from a reactive to a proactive approach to ensure that malicious extensions don’t end up getting…
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

Feb 4, 2026 12:13 AM

Tags: attack, hacker, infection, malicious, microsoft, office, russia

APT28’s attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
Microsoft Takes Major Security Step by Disabling NTLM Authentication by Default

Feb 3, 2026 11:14 PM

Tags: authentication, cyber, microsoft, ntlm, technology, windows

Microsoft is making a significant move to strengthen Windows security by phasing out NTLM (New Technology LAN Manager). This legacy authentication protocol has been part of Windows for over 30 years. The company plans to disable NTLM by default in upcoming Windows releases, replacing it with more secure Kerberos-based alternatives. NTLM is an old authentication…
Op Neusploit: Russian APT28 Uses Microsoft Office Flaw in Malware Attacks

Feb 3, 2026 8:13 PM

Tags: attack, control, email, exploit, flaw, group, malware, microsoft, office, russia, ukraine

A new campaign by the Russian-linked group APT28, called Op Neusploit, exploits a Microsoft Office flaw to steal emails for remote control of devices in Ukraine, Slovakia, and Romania. First seen on hackread.com Jump to article: hackread.com/op-neusploit-russia-apt28-microsoft-office-malware/
New Microsoft Update Improves Windows Sign-In Experience

Feb 3, 2026 7:13 PM

Tags: microsoft, password, update, windows

Windows 11’s optional KB5074105 update fixes the missing password icon bug linked to August 29, 2025’s KB5064081 and delivers 32 improvements. The post New Microsoft Update Improves Windows Sign-In Experience appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-stability-patch/
Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU

Feb 3, 2026 6:14 PM

Tags: attack, computer, cve, exploit, flaw, hacker, microsoft, office, russia, ukraine

Ukraine’s computer emergency response team, CERT-UA, said attackers began abusing the flaw, tracked as CVE-2026-21509, shortly after Microsoft disclosed it in early January. First seen on therecord.media Jump to article: therecord.media/russian-state-hackers-exploit-new-microsoft-flaw
The State of Microsoft 365 Security 2025 – Microsoft 365 ist sicher oder?

Feb 3, 2026 6:14 PM

Tags: microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-365-ist-sicher-oder-a-d2884dcbe79eb3698282e996f7a5f2dc/
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)

Feb 3, 2026 5:14 PM

Tags: apt, cve, exploit, hacker, microsoft, office, russia, vulnerability

Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/russian-hackers-are-exploiting-recently-patched-microsoft-office-vulnerability-cve-2026-21509/
Microsoft finally sends TLS 1.0 and 1.1 to the cloud retirement home

Feb 3, 2026 3:13 PM

Tags: cloud, microsoft

Azure Storage now requires version 1.2 or newer for encrypted connections First seen on theregister.com Jump to article: www.theregister.com/2026/02/03/microsoft_tls_deprecations/
APT28 exploits Microsoft Office flaw in Operation Neusploit

Feb 3, 2026 2:13 PM

Tags: exploit, flaw, group, microsoft, office, russia, vulnerability

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations…
Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

Feb 3, 2026 1:13 PM

Tags: access, ai, apt, attack, backdoor, china, control, cybersecurity, detection, edr, email, espionage, exploit, framework, government, group, incident response, infrastructure, malicious, malware, microsoft, network, software, supply-chain, tool, update

Rapid7 identifies custom malware: Cybersecurity firm Rapid7 also published a detailed technical analysis corroborating Ho’s disclosure and identifying the attack as part of a broader campaign deploying previously undocumented malware. Rapid7’s investigation uncovered a custom backdoor the firm dubbed “Chrysalis,” alongside Cobalt Strike and Metasploit frameworks.”Forensic analysis conducted by the MDR team suggests that the…
Kostenfreier Microsoft-365-Security-Scanner

Feb 3, 2026 1:13 PM

Tags: Internet, microsoft, zero-trust

Der Microsoft-365-Spezialist Coreview stellt ab sofort seinen kostenlosen <<Microsoft 365 Tenant Security Scanner <<zur Verfügung. Er analysiert unkompliziert die Tenant-Konfigurationen anhand der Center-for-Internet-Security (CIS) -Microsoft-365-v6.0.0-Richtlinien sowie bewährter Zero-Trust-Praktiken. Auf diese Weise erhalten Sicherheitsverantwortliche ein klares Bild der Sicherheitslage und können gezielt Abhilfemaßnahmen einleiten. Im Gegensatz zu herkömmlichen portalbasierten Bewertungen, bei denen verschiedene Bereiche wie Entra-ID,…
APT28 Exploits Active Microsoft Office Zero-Day to Deliver Malware

Feb 3, 2026 11:13 AM

Tags: attack, cyber, exploit, group, malware, microsoft, office, russia, threat, ukraine, vulnerability, zero-day

The Russia-linked advanced persistent threat group APT28 has been observed actively exploiting a zero-day vulnerability in Microsoft Office to deliver malware through a sophisticated multi-stage attack campaign. Security researchers from Zscaler ThreatLabz identified this new operation, dubbed Operation Neusploit, targeting users across Central and Eastern Europe with weaponized RTF documents. The campaign specifically targeted Ukraine,…
APT28 Uses Microsoft Office CVE-2026-21509 in Espionage-Focused Malware Attacks

Feb 3, 2026 11:13 AM

Tags: attack, cve, espionage, exploit, flaw, group, hacking, malware, microsoft, office, russia, threat, ukraine

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit.Zscaler ThreatLabz said it observed the hacking group weaponizing the shortcoming on January 29, 2026, in attacks targeting users in Ukraine, Slovakia, and Romania,…
Nach Monaten gefixt: Verschwundener Passwortin unter Windows 11

Feb 3, 2026 10:13 AM

Tags: microsoft, password, windows

Schon seit August 2025 behindert ein nerviger Bug unter Windows 11 die Anmeldung mit einem Passwort. Einen Fix liefert Microsoft erst jetzt. First seen on golem.de Jump to article: www.golem.de/news/nach-monaten-gefixt-windows-11-und-der-verschwundene-passwort-log-in-2602-204922.html
APT28 Leverages CVE-2026-21509 in Operation Neusploit

Feb 3, 2026 8:13 AM

Tags: access, api, attack, backdoor, cloud, communications, control, cve, data, detection, email, encryption, endpoint, exploit, github, group, infection, malicious, malware, microsoft, office, open-source, phishing, russia, service, startup, threat, tool, ukraine, update, vulnerability, windows

IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
Russian hackers exploit recently patched Microsoft Office bug in attacks

Feb 2, 2026 11:14 PM

Tags: attack, computer, cve, exploit, hacker, microsoft, office, russia, ukraine, vulnerability

Ukraine’s Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-exploit-recently-patched-microsoft-office-bug-in-attacks/