Tag: microsoft
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
Microsoft patched an ASP.NET Core flaw (CVE-2026-40372) that could let attackers forge tokens and gain SYSTEM-level access. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2026-40372-microsoft-patches-asp-net-core-privilege-escalation-vulnerability/
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
-
Microsoft outband updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7. An attacker could exploit the flaw to gain SYSTEM-level privileges, access…
-
Teams increasingly abused in helpdesk impersonation attacks
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
-
Teams increasingly abused in helpdesk impersonation attacks
First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
-
Microsoft Teams to get efficiency mode on PCs with limited resources
Tags: microsoftMicrosoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-gets-efficiency-mode-for-hardware-constrained-devices/
-
Microsoft Teams to get efficiency mode on PCs with limited resources
Tags: microsoftMicrosoft is preparing to roll out a new Efficiency Mode for Microsoft Teams for systems with limited CPU and memory resources to improve app responsiveness. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-gets-efficiency-mode-for-hardware-constrained-devices/
-
Attacken laufen bereits: Rund 1.300 Sharepoint-Instanzen sind angreifbar
Eine Lücke in Microsoft Sharepoint lässt Angreifer vertrauliche Daten lesen und ändern. Obwohl es einen Patch gibt, sind die meisten Systeme ungeschützt. First seen on golem.de Jump to article: www.golem.de/news/attacken-laufen-bereits-rund-1-300-sharepoint-instanzen-sind-angreifbar-2604-207864.html
-
Microsoft Error Codes Explained: Types, Fixes, and Troubleshooting Guide
Confused by a Microsoft error code? Learn about system, update, HTTP, and Azure-related codes, what they mean, and how to fix them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/microsoft-error-codes-explained-types-fixes-and-troubleshooting-guide/
-
Microsoft traces Universal Print issues to Graph API code change
Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-graph-api-code-change-causes-universal-print-share-issues/
-
OneDrive updates focus on AI, access control, and compliance
Microsoft OneDrive’s recent updates focus on improving intelligence, collaboration, and administrative control. “Last year, we made a promise: your files should work for you, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/microsoft-onedrive-intelligence-collaboration-updates/
-
New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/
-
Microsoft warns of fake IT worker identities infiltrating cloud environments
Microsoft is warning that North Korea”‘aligned group Jasper Sleet is abusing remote hiring to slip fake IT workers into cloud environments by posing as legitimate staff and then abusing trusted access. Since the pandemic, many companies hire globally, verify identities online, and onboard staff fully remotely. Jasper Sleet, tracked by Microsoft as a North Korean…
-
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges.The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It’s rated Important in severity. An anonymous researcher has been credited with discovering and reporting the flaw.”Improper verification of cryptographic First…
-
Microsoft releases emergency patches for critical ASP.NET flaw
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/
-
Microsoft releases emergency patches for critical ASP.NET flaw
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/
-
Microsoft releases emergency patches for critical ASP.NET flaw
Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/
-
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/
-
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
Microsoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China”‘nexus Mustang Panda espionage cluster with moderate confidence. The backdoor retains its espionage profile, offering remote shell access, file operations, and session management rather than any obvious monetization features. Communications are…
-
Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Microsoft has issued an emergency out-of-band security update to address a severe vulnerability within the .NET framework. The critical release of .NET 10.0.7 patches an Elevation of Privilege flaw that inadvertently surfaced after a recent routine system update. Out-of-band patches bypass normal release schedules and indicate a pressing threat, meaning organizations relying on ASP.NET Core…
-
Two MDO field reports every IT security lead should read
<div cla Tyler Swinehart, Director of Global IT & Security at IRONSCALES, has been publishing the kind of LinkedIn pieces I wish more practitioners would write. No vendor angle. No positioning. Just “here’s what I learned the hard way operating this thing in production, and here’s what nobody told me until it was too late.”…
-
Exploits Turn Windows Defender into Attacker Tool
Three proof-of-concept exploits are being used in active attacks against Microsoft’s built-in security platform; two are unpatched. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/exploits-turn-windows-defender-attacker-tool
-
Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns
Microsoft vulnerabilities fall, but critical flaws double, BeyondTrust report highlights rising risk in Microsoft Office, Azure, and cloud systems. First seen on hackread.com Jump to article: hackread.com/microsoft-vulnerabilities-drop-critical-flaws-double/
-
Gold für Coreview bei den Cybersecurity-Excellence-Awards 2026
Der Spezialist für den Schutz und das Management von Microsoft-365-Tenants, Coreview, wurde bei den diesjährigen Cybersecurity-Excellence-Awards in der Kategorie ‘SaaS Security Posture Management (SSPM)” mit Gold ausgezeichnet. Die Preise werden von Cybersecurity Insider, einem weltweiten Netzwerk von über 600.000 Security-Experten, verliehen und zeichnen Innovationen im Bereich der Cybersicherheit aus. Mit Coreview können Unternehmen die…
-
Gold für Coreview bei den Cybersecurity-Excellence-Awards 2026
Der Spezialist für den Schutz und das Management von Microsoft-365-Tenants, Coreview, wurde bei den diesjährigen Cybersecurity-Excellence-Awards in der Kategorie ‘SaaS Security Posture Management (SSPM)” mit Gold ausgezeichnet. Die Preise werden von Cybersecurity Insider, einem weltweiten Netzwerk von über 600.000 Security-Experten, verliehen und zeichnen Innovationen im Bereich der Cybersicherheit aus. Mit Coreview können Unternehmen die…
-
Gold für Coreview bei den Cybersecurity-Excellence-Awards 2026
Der Spezialist für den Schutz und das Management von Microsoft-365-Tenants, Coreview, wurde bei den diesjährigen Cybersecurity-Excellence-Awards in der Kategorie ‘SaaS Security Posture Management (SSPM)” mit Gold ausgezeichnet. Die Preise werden von Cybersecurity Insider, einem weltweiten Netzwerk von über 600.000 Security-Experten, verliehen und zeichnen Innovationen im Bereich der Cybersicherheit aus. Mit Coreview können Unternehmen die…
-
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
Tags: access, ai, api, automation, cloud, credentials, cybersecurity, data, data-breach, endpoint, finance, flaw, identity, infrastructure, microsoft, saas, service, toolWatching a privileged operator think out loud: The category of flaw should not be compared too closely to a conventional API bug, said Alexander Hagenah, cybersecurity researcher and executive director at Zurich-based financial infrastructure operator SIX Group.”A normal API issue is usually bound by a specific endpoint, dataset, or permission check. With an AI operations…