Tag: microsoft
-
News brief: Microsoft security vulnerabilities revealed
Check out the latest security news from TechTarget SearchSecurity’s sister sites, Cybersecurity Dive and Dark Reading. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366641824/News-brief-Microsoft-security-vulnerabilities-revealed
-
Some Teams users can’t join meetings after Edge update
Microsoft confirmed that a recent Microsoft Edge browser update introduced a bug that prevents Windows users from joining Teams meetings. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-some-teams-users-cant-join-meetings-after-edge-update/
-
Google gets agent-ready for the Mythos age
Wiz, AI-BOMs, and securing the AI development sprawl: Google has expanded its Wiz portfolio to tackle the chaos of AI development and multi-cloud risk.Wiz is being positioned as the connective tissue across environments, supporting everything from AWS and Azure to SaaS platforms and AI agent studios.”Wiz now supports Databricks as well as new agent studios…
-
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gopherwhisper-apt-group-abuses-outlook-slack-discord-for-comms/
-
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gopherwhisper-apt-group-abuses-outlook-slack-discord-for-comms/
-
Outlook Mailboxes Abused to Conceal Linux GoGra Backdoor Traffic
The Harvester APT group has quietly expanded its espionage arsenal with a new Linux variant of its GoGra backdoor, one that cleverly hides its command-and-control (C2) traffic within Microsoft Outlook mailboxes, making it significantly harder to detect with traditional network defenses. Researchers from Symantec and Carbon Black Threat Hunter Team discovered the malware. They linked…
-
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can.Mythos Preview, the model that led…
-
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-microsoft-defender-flaw-exploited-in-zero-day-attacks/
-
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-33825 is a Microsoft Defender flaw that can be exploited…
-
Microsoft Graph API misused by new GoGra Linux malware for hidden communication
A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is…
-
Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed
More than 1,300 internet-exposed SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft says was exploited as a zero-day. The post Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-1300-sharepoint-servers-unpatched-zero-day-flaw/
-
A tsunami of flaws: When frontier AI and Patch Tuesday collide
Microsoft’s April Patch Tuesday drop was the second-largest in history, falling just shy of an October 2025 record. What is behind the spike in vulnerability disclosures, and is there a connection to Anthropic’s bug-hunting Claude Mythos AI model? First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641789/A-tsunami-of-flaws-When-frontier-AI-and-Patch-Tuesday-collide
-
Microsoft issues emergency update for macOS and Linux ASP.NET threat
When authentication fails, things can go very, very wrong. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/
-
Microsoft issues emergency update for macOS and Linux ASP.NET threat
When authentication fails, things can go very, very wrong. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/
-
Microsoft issues emergency update for macOS and Linux ASP.NET threat
When authentication fails, things can go very, very wrong. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/
-
Microsoft’s GitHub grounds Copilot account sign-ups amid capacity crunch
Remember what we promised when you subscribed for a year? Well, we’ve got a new deal that’s better for us. First seen on theregister.com Jump to article: www.theregister.com/2026/04/20/microsofts_github_grounds_copilot_account/
-
Most Windows 11 Users Don’t Need Third-Party Antivirus
Microsoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection. The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-no-third-party-antivirus-needed/
-
Most Windows 11 Users Don’t Need Third-Party Antivirus
Microsoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection. The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-no-third-party-antivirus-needed/
-
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core
UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
-
Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data
Hackers are abusing Microsoft Teams chats to impersonate IT support, gain remote access, move laterally, and steal company data, Microsoft warns. The post Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hackers-microsoft-teams-social-engineering-it-help-desk-scam/
-
Microsoft SharePoint vulnerability widely exposed across multiple countries
The disclosure comes just weeks after a prior SharePoint flaw was discovered. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-sharepoint-vulnerability-exposed-multiple-countries/818201/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Microsoft outband updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access…
-
Teams increasingly abused in helpdesk impersonation attacks
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
-
Teams increasingly abused in helpdesk impersonation attacks
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
-
Microsoft Teams to get efficiency mode on PCs with limited resources
Tags: microsoftMicrosoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-gets-efficiency-mode-for-hardware-constrained-devices/
-
Microsoft Teams to get efficiency mode on PCs with limited resources
Tags: microsoftMicrosoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-gets-efficiency-mode-for-hardware-constrained-devices/