Collecting Cyber-News from over 60 sources

Tag: microsoft

Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops: reports

Jan 23, 2026 5:36 PM

Tags: encryption, fraud, microsoft

The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/
MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command

Jan 23, 2026 4:34 PM

Tags: access, attack, credentials, crypto, cyber, exploit, Hardware, login, macOS, malware, microsoft, phishing, service, social-engineering, tool

A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing redirects and culminates in persistent access through trojanized hardware wallet applications. The campaign initiates with credential harvesters impersonating Microsoft login pages. Analysis of crosoftonline[.]com/login[.]srf a domain spoofing official Microsoft…
Microsoft Introduces Brand Impersonation Protection Warning for Teams Calls

Jan 23, 2026 4:34 PM

Tags: cyber, microsoft

Microsoft is launching a new security feature designed to protect Teams users from fraudulent external callers impersonating trusted organizations. The Brand Impersonation Protection for Teams Calling will roll out starting mid-February 2026, with general availability expected by late February. The new protection mechanism evaluates inbound calls from external parties to identify signs of brand impersonation…
Outlook for iOS crashes, freezes due to coding error

Jan 23, 2026 3:31 PM

Tags: microsoft, mobile

Microsoft confirmed today that Outlook mobile may crash or freeze when launched on iPad devices due to a coding error. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-outlook-for-ios-crashes-freezes-due-to-coding-error/
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Jan 23, 2026 10:31 AM

Tags: attack, awareness, business, email, microsoft, phishing, service

Microsoft has warned of a multi”‘stage adversary”‘in”‘the”‘middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.”The campaign abused SharePoint file”‘sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness,” the Microsoft Defender Security Research Team said. First seen on thehackernews.com…
Microsoft introduces winapp, an open-source CLI for building Windows apps

Jan 23, 2026 7:31 AM

Tags: microsoft, open-source, tool, windows

Microsoft has released winapp, a new command line interface aimed at simplifying the process of building Windows applications. The open-source tool targets developers who rely … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/23/microsoft-introduces-winapp-an-open-source-cli-for-building-windows-apps/
Microsoft 365 hit by outage, preventing access to emails and files

Jan 22, 2026 11:30 PM

Tags: access, email, microsoft

An hours-long outage is preventing Microsoft’s enterprise customers from accessing their inboxes, files, and video meetings. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/22/microsoft-365-hit-by-outage-preventing-access-to-emails-and-files/
Crims compromised energy firms’ Microsoft accounts, sent 600 phishing emails

Jan 22, 2026 8:57 PM

Tags: email, microsoft, phishing

Logging in, not breaking in First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/crims_compromised_energy_firms_microsoft/
Microsoft Teams to add brand impersonation warnings to calls

Jan 22, 2026 6:46 PM

Tags: fraud, microsoft, social-engineering

Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-to-add-brand-impersonation-warnings-to-calls/
Microsoft updates Notepad and Paint with more AI features

Jan 22, 2026 4:30 PM

Tags: ai, intelligence, microsoft, update, windows

Microsoft is rolling out new artificial intelligence features with the latest updates to the Notepad and Paint apps for Windows 11 Insiders. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-updates-notepad-and-paint-with-more-ai-features/
DPRK Actors Deploy VS Code Tunnels for Remote Hacking

Jan 22, 2026 4:30 PM

Tags: hacking, infrastructure, korea, microsoft, phishing, spear-phishing

A spear-phishing campaign tied to the Democratic People’s Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dprk-vs-code-tunnels-remote-hacking
Energy sector orgs targeted with AiTM phishing campaign

Jan 22, 2026 3:31 PM

Tags: attack, email, microsoft, phishing

Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/22/energy-sector-aitm-phishing-sharepoint-misuse/
New Multi-Stage Windows Malware Disables Microsoft Defender, Deploys Malicious Payloads

Jan 22, 2026 11:30 AM

Tags: business, cloud, cyber, exploit, malicious, malware, microsoft, russia, service, social-engineering, windows

A sophisticated multi-stage malware campaign targeting Russian users, leveraging social engineering, legitimate cloud services, and native Windows functionality to achieve full system compromise without exploiting vulnerabilities. The campaign begins with deceptively crafted business-themed documents delivered via compressed archives. Victims receive Russian-language files that appear to be routine accounting tasks, but the archive contains a malicious…
Warum Microsoft-365-Konfigurationen geschützt werden müssen

Jan 22, 2026 9:30 AM

Tags: access, authentication, backup, ciso, cloud, compliance, framework, least-privilege, mail, mfa, microsoft, office, powershell, risk, zero-trust

Lesen Sie, warum CISOs den M365-Tenant stärker in den Blick nehmen müssen.Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentliches Element in den Bereichen Kommunikation, Zusammenarbeit und Sicherheit. Dienste wie Entra, Intune, Exchange, Defender, Teams…
Microsoft shares workaround for Outlook freezes after Windows update

Jan 21, 2026 5:20 PM

Tags: microsoft, update, windows

Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month’s Windows security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-outlook-freezes-after-windows-update/
Mehr Sicherheit und bessere Governance für Microsoft-365-Tenants

Jan 21, 2026 3:13 PM

Tags: governance, least-privilege, microsoft, resilience

Coreview bietet mit Tenant-Resilience und Tenant-Management ab sofort zwei neue Lösungen für den Schutz und das Management von Microsoft-365-Tenants über seine Coreview-One-Plattform an. Bei fast zwei Dritteln (63 %) der Microsoft-365-Tenants wird der Least-Privilege-Ansatz nicht umgesetzt. Gleichzeitig meldet Microsoft zunehmende Manipulationen von Konfigurationen bei Identitäts- und Gerätemanagementdiensten. Vor diesem Hintergrund gewinnt der Schutz und die…
Microsoft Intune changes to start biting unprepared admins

Jan 21, 2026 12:13 PM

Tags: microsoft, mobile, update

Mobile application management updates mean apps could soon be blocked First seen on theregister.com Jump to article: www.theregister.com/2026/01/19/microsoft_intune_deadline/
Patchday geht schief: Neue Windows-Updates lassen allerhand Apps einfrieren

Jan 21, 2026 11:13 AM

Tags: microsoft, update, windows

Seit dem Januar-Patchday hängt sich Outlook bei einigen Anwendern immer wieder auf. Jetzt gesteht Microsoft: Auch andere Apps sind betroffen. First seen on golem.de Jump to article: www.golem.de/news/patchday-geht-schief-neue-windows-updates-lassen-allerhand-apps-einfrieren-2601-204437.html
Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems

Jan 21, 2026 8:32 AM

Tags: attack, cyber, exploit, github, gitlab, hacker, infection, malicious, microsoft

The attack arsenal by extensively abusing Microsoft Visual Studio Code configuration files to deliver and execute malicious payloads on compromised systems. This evolution in the Contagious Interview campaign represents a sophisticated shift toward weaponizing legitimate developer tools. The infection chain begins when victims clone and open malicious Git repositories hosted on GitHub or GitLab, typically…
Integrating Enzoic Alerts into Microsoft Sentinel with Azure Logic Apps

Jan 21, 2026 5:13 AM

Tags: breach, cloud, credentials, data, data-breach, microsoft, siem, threat

Introduction Enzoic provides real-time alerts when user credentials are exposed in data breaches, and integrating these alerts into your security operations center (SOC) can greatly enhance your threat response. Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) platform in Azure that aggregates and analyzes security data across an organization. (Note: You will……
North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

Jan 20, 2026 8:29 PM

Tags: backdoor, hacker, korea, malicious, microsoft, north-korea, threat

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints.The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said.”This activity involved…
Microsoft PowerToys adds new CursorWrap mouse ‘teleport’ tool

Jan 20, 2026 6:45 PM

Tags: microsoft, tool

Microsoft has released PowerToys 0.97, with a new mouse utility for multi-monitor setups and significant improvements to the Command Palette quick launcher. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-powertoys-adds-new-cursorwrap-mouse-teleport-tool/
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers

Jan 20, 2026 6:45 PM

Tags: ai, cloud, microsoft, rce, remote-code-execution, risk, service

Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-anthropic-mcp-servers-risk-takeovers
New Windows Flaw Lets Attackers Bypass Mark of the Web

Jan 20, 2026 4:13 PM

Tags: flaw, malicious, microsoft, phishing, windows

Microsoft patched a Windows Remote Assistance flaw that lets attackers bypass Mark of the Web, weakening protections against malicious downloads and phishing files. The post New Windows Flaw Lets Attackers Bypass Mark of the Web appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-flaw-bypass-mark-of-the-web/
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Jan 20, 2026 3:13 PM

Tags: credentials, crypto, cybersecurity, malware, microsoft, software

Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem.”The malware is designed to exfiltrate sensitive information, including developer credentials and cryptocurrency-related data. Compromised developer First seen on thehackernews.com Jump to article: thehackernews.com/2026/01/evelyn-stealer-malware-abuses-vs-code.html
This Intune update isn’t optional, it’s a kill switch for outdated apps

Jan 20, 2026 6:13 AM

Tags: access, android, authentication, business, control, corporate, cybersecurity, data, infrastructure, malware, microsoft, mitigation, password, phone, risk, service, switch, threat, tool, update

iOS line-of-business (LOB) and custom iOS apps using the Intune App SDK must update to SDK version 20.8.0 or later for apps compiled with Xcode 16, and to 21.1.0 or later for apps compiled with Xcode 26.Apps using the wrapper must update to the new version of the Intune App Wrapping Tool for iOS: version…
Mandiant pushes organizations to dump insecure NTLMv1 by releasing a way to crack it

Jan 19, 2026 11:13 PM

Tags: attack, authentication, computer, credentials, crypto, cve, data, data-breach, email, encryption, group, Hardware, international, mandiant, microsoft, network, ntlm, phishing, risk, service, supply-chain, theft, threat, vulnerability, windows

pass-the-hash. The benefit is time and money saved: Mandiant reckons its rainbow table allows the recovery of an NTLMv1 key in 12 hours using a computer costing $600, rather than relying on third party services or expensive hardware to brute-force the keys.None of this makes NTLMv1 less secure or easier to target than it already…
Ransomware attack on Ingram Micro impacts 42,000 individuals

Jan 19, 2026 9:13 PM

Tags: apple, attack, cisco, cybersecurity, data, data-breach, jobs, microsoft, ransomware, service, supply-chain, technology

Ingram Micro says a ransomware attack exposed personal data of about 42,000 people, including names, birth dates, SSNs, and job-related details. Ingram Micro is a global technology distributor and supply-chain services company. It acts as a middleman between IT vendors (like Microsoft, Cisco, HP, Apple, and cybersecurity firms) and businesses, resellers, and service providers, helping…
Cop cops it after Copilot cops out: West Midlands police chief quits over AI hallucination

Jan 19, 2026 7:13 PM

Tags: ai, microsoft

Craig Guildford banned Israeli fans based on Microsoft’s match report, told MPs ‘we don’t use AI,’ then discovers… they did First seen on theregister.com Jump to article: www.theregister.com/2026/01/19/copper_chief_cops_it_after/
Microsoft Issues Emergency Fix After Some Windows 11 Systems Can’t Shut Down

Jan 19, 2026 5:21 PM

Tags: microsoft, windows

The fix is for a bug that prevents some systems from shutting down, while another bug that prevents hibernation has no workaround yet. The post Microsoft Issues Emergency Fix After Some Windows 11 Systems Can’t Shut Down appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-11-shutdown-bug/