Tag: microsoft

Microsoft sued for allegedly tricking millions into Copilot M365 subscriptions

Oct 28, 2025 7:26 PM

Tags: ai, microsoft

The Australian Competition and Consumer Commission (ACCC) is suing Microsoft for allegedly misleading 2.7 million Australians into paying for the Copilot AI assistant in the Microsoft 365 service. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-sued-for-allegedly-tricking-millions-into-copilot-m365-subscriptions/
Critical Microsoft WSUS Security Flaw is Being Actively Exploited

Oct 28, 2025 4:26 PM

Tags: access, control, exploit, flaw, malware, microsoft, network, threat, update

A critical security flaw in Microsoft’s WSUS feature is being actively exploited in the wild by threat actors who could gain access into unpatched servers, remotely control networks, and use them to deliver malware or do other damage. Microsoft is urging organizations to apply a patch to their systems. First seen on securityboulevard.com Jump to…
Critical Microsoft WSUS Security Flaw is Being Actively Exploited

Oct 28, 2025 4:26 PM

Tags: access, control, exploit, flaw, malware, microsoft, network, threat, update

A critical security flaw in Microsoft’s WSUS feature is being actively exploited in the wild by threat actors who could gain access into unpatched servers, remotely control networks, and use them to deliver malware or do other damage. Microsoft is urging organizations to apply a patch to their systems. First seen on securityboulevard.com Jump to…
9,9 von 10 Punkten: Microsoft schließt gefährlichste Sicherheitslücke aller Zeiten

Oct 28, 2025 2:26 PM

Tags: bug, microsoft

First seen on t3n.de Jump to article: t3n.de/news/9-9-von-10-punkten-microsoft-sicherheit-1713086/
Critical Flaw CVE-2025-55315 Exposes QNAP NetBak PC Agent to Security Bypass Attacks

Oct 28, 2025 1:26 PM

Tags: access, attack, backup, control, cve, data, flaw, microsoft, unauthorized, vulnerability

A critical vulnerability, tracked as CVE-2025-55315, has been identified in QNAP’s NetBak PC Agent, stemming from a flaw within Microsoft’s ASP.NET Core framework. The issue allows attackers to exploit HTTP Request Smuggling (CWE-444) techniques to bypass essential security controls, potentially granting unauthorized access to sensitive backup data and system files. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-55315-hits-qnap-netbak-pc-agent/
Critical Flaw CVE-2025-55315 Exposes QNAP NetBak PC Agent to Security Bypass Attacks

Oct 28, 2025 1:26 PM

Tags: access, attack, backup, control, cve, data, flaw, microsoft, unauthorized, vulnerability

A critical vulnerability, tracked as CVE-2025-55315, has been identified in QNAP’s NetBak PC Agent, stemming from a flaw within Microsoft’s ASP.NET Core framework. The issue allows attackers to exploit HTTP Request Smuggling (CWE-444) techniques to bypass essential security controls, potentially granting unauthorized access to sensitive backup data and system files. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2025-55315-hits-qnap-netbak-pc-agent/
Active Directory at Risk Due to Domain-Join Account Misconfigurations

Oct 28, 2025 1:26 PM

Tags: access, cyber, microsoft, network, risk

Active Directory domain join accounts are systematically exposing enterprise environments to compromise, even when administrators follow Microsoft’s official guidance. A comprehensive security analysis reveals that these specialized accounts inherit excessive privileges by default, creating a direct pathway for attackers to escalate access from internal networks to full domain control. During security assessments, domain join accounts…
Active Directory at Risk Due to Domain-Join Account Misconfigurations

Oct 28, 2025 1:26 PM

Tags: access, cyber, microsoft, network, risk

Active Directory domain join accounts are systematically exposing enterprise environments to compromise, even when administrators follow Microsoft’s official guidance. A comprehensive security analysis reveals that these specialized accounts inherit excessive privileges by default, creating a direct pathway for attackers to escalate access from internal networks to full domain control. During security assessments, domain join accounts…
Critical QNAP .NET Flaw Lets Attackers Bypass Security Protections

Oct 28, 2025 10:26 AM

Tags: access, backup, control, cve, cyber, data, exploit, flaw, microsoft, software, unauthorized, vulnerability

A significant security vulnerability has emerged affecting QNAP’s NetBak PC Agent software through a critical flaw in Microsoft ASP.NET Core. The vulnerability, tracked as CVE-2025-55315, exploits HTTP Request Smuggling techniques to bypass essential security controls and could expose thousands of backup-dependent systems to unauthorized access and data manipulation. Attribute Details CVE ID CVE-2025-55315 Vulnerability Type…
Attackers bypass patch in deprecated Windows Server update tool

Oct 27, 2025 9:26 PM

Tags: microsoft, tool, update, vulnerability, windows

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-windows-server-update-services-vulnerability-exploited-attacks/
Windows will soon prompt for memory scans after BSOD crashes

Oct 27, 2025 8:26 PM

Tags: microsoft, windows

Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-will-soon-prompt-for-memory-scans-after-bsod-crashes/
New policy removes pre-installed Microsoft Store apps

Oct 27, 2025 4:26 PM

Tags: microsoft

Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-admins-remove-pre-installed-microsoft-store-apps-via-policy/
Windows 11: Microsofts Credential Guard leakt Credentials, kein Fix geplant

Oct 27, 2025 11:26 AM

Tags: credentials, microsoft, windows

In Windows 11 und Windows Server 2025 soll der Credential Guard das Abfließen von Anmeldedaten verhindern. Sicherheitsforscher haben nun gezeigt, dass sich der Credential Guard in Windows austricksen lässt und weiterhin Anmeldedaten preisgeben kann. Angreifer können NTLMv1-Anmeldeinformationen abrufen. Microsoft teilte … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/27/windows-11-microsofts-credential-guard-leakt-credentials-kein-fix-geplant/
Critical CoPhish Exploit Uses Copilot Studio to Hijack OAuth Tokens

Oct 27, 2025 9:26 AM

Tags: attack, cyber, exploit, malicious, microsoft, phishing, theft

Security researchers at Datadog have uncovered a sophisticated phishing technique that weaponizes Microsoft Copilot Studio to conduct OAuth token theft attacks. Dubbed >>CoPhish,
Sicherheit: AI-Browser und Copilot-Schwachstellen

Oct 27, 2025 8:26 AM

Tags: ai, cyberattack, microsoft, vulnerability

Der von Perplexity vorgestellte Comet-Browser ist quasi eine perfekte Überwachungslösung und verursacht jede Menge Sicherheitsprobleme, Fall von geht gar nicht. Ähnliches gilt für weitere AI-Browser. Sicherheitsforscher haben einen Meermaid-Angriff auf den Microsoft 365 Copilot demonstriert, und bei Microsoft Teams können … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/27/sicherheitsprobleme-perplexity-comet-browser-copilot-teams-und-mehr/
Microsoft Adds WiBased Work Location Auto-Detection to Teams

Oct 27, 2025 8:26 AM

Tags: cyber, detection, microsoft, network, update, wifi

Microsoft is preparing to introduce a groundbreaking feature in Teams that will revolutionise how hybrid workers manage their presence information. The new capability will automatically identify and update users’ work locations by detecting their connection to organisational Wi-Fi networks, eliminating the need for manual status updates. Scheduled for deployment in December 2025, this opt-in functionality…
Microsoft Digital Defense Report 2025 – Deutschland ist das größte Ziel für Cyberangriffe in der EU

Oct 27, 2025 8:26 AM

Tags: cyberattack, defense, germany, microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/deutschland-digitaler-angriff-microsoft-report-2025-a-f334421a421db80ef7613a3647bd5d5d/
Microsoft Digital Defense Report 2025 – Deutschland ist das größte Ziel für Cyberangriffe in der EU

Oct 27, 2025 8:26 AM

Tags: cyberattack, defense, germany, microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/deutschland-digitaler-angriff-microsoft-report-2025-a-f334421a421db80ef7613a3647bd5d5d/
Exchange Online- und Teams-APIs: Änderungen der Standardeinstellungen

Oct 27, 2025 12:26 AM

Tags: api, microsoft

Es gibt Änderungen in den Standardeinstellungen der Exchange Online- und Teams-APIs, die die Sicherheit erhöhen sollen. Ab Ende Oktober bis November 2025 verlangt Microsoft die Zustimmung des Administrators für Drittanbieter-Apps, die über die von Microsoft verwaltete Standard-Zustimmungspolitik auf Exchange Online- … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/27/exchange-online-und-teams-apis-aenderungen-der-standardeinstellungen/
OpenAI goes after Microsoft 365 Copilot’s lunch with ‘company knowledge’ feature

Oct 26, 2025 2:26 PM

Tags: chatgpt, corporate, microsoft, openai

ChatGPT can now rummage through corporate files via connectors, though Redmond still has the deeper hooks First seen on theregister.com Jump to article: www.theregister.com/2025/10/24/openai_chatgpt_company_knowledge/
Security Affairs newsletter Round 547 by Pierluigi Paganini INTERNATIONAL EDITION

Oct 26, 2025 6:26 AM

Tags: attack, cve, ddos, email, international, microsoft, russia, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed CVE-2025-59287: Microsoft fixes critical WSUS…
New CoPhish attack steals OAuth tokens via Copilot Studio agents

Oct 25, 2025 7:26 PM

Tags: attack, microsoft, phishing

A new phishing technique dubbed ‘CoPhish’ weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-cophish-attack-steals-oauth-tokens-via-copilot-studio-agents/
CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild

Oct 25, 2025 7:26 PM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, hacker, microsoft, rce, remote-code-execution, service, update, vulnerability, windows

Cybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on vulnerable servers, and evidence suggests that these attacks are being carried out manually, a technique…
New ‘CoPhish’ technique wraps OAuth phishing in Microsoft Copilot

Oct 25, 2025 6:26 PM

Tags: microsoft, phishing

A new phishing technique dubbed ‘CoPhish’ weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-cophish-technique-wraps-oauth-phishing-in-microsoft-copilot/
CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

Oct 25, 2025 1:26 PM

Tags: attack, cve, flaw, microsoft, rce, remote-code-execution, update, vulnerability

Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical WSUS RCE flaw (CVSS 9.8) that is under active exploitation. Researchers MEOW and Markus Wulftange of CODE WHITE GmbH reported the vulnerability. >>To comprehensively address CVE-2025-59287, Microsoft has released…
Windows Server: OutBand Updates für WSUS-Schwachstelle CVE-2025-59287 (23.10.2025)

Oct 25, 2025 7:26 AM

Tags: cve, cvss, microsoft, update, vulnerability, windows

Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
Top 10 Best Cloud Security Companies For AWS, Azure And GCP in 2025

Oct 25, 2025 5:26 AM

Tags: cloud, cyber, google, microsoft, service, strategy

Organizations are not just adopting cloud; they are embracing multi-cloud and hybrid strategies as the new norm, distributing workloads across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) to optimize for cost, performance, and resilience. While the cloud offers unparalleled agility and innovation, it also introduces a unique set of security challenges.…
Hackers exploiting critical vulnerability in Windows Server Update Service

Oct 25, 2025 12:26 AM

Tags: exploit, hacker, microsoft, service, update, vulnerability, windows

Microsoft has issued an out-of-band update and is urging users to immediately apply the patch. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/hackers-exploiting-critical-vulnerability-windows-server-update-service/803810/
Microsoft Issues Emergency Patch for Critical Windows Server Bug

Oct 24, 2025 10:26 PM

Tags: attack, cve, flaw, microsoft, update, windows

Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-emergency-patch-windows-server-bug
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation

Oct 24, 2025 9:26 PM

Tags: cve, exploit, flaw, microsoft, remote-code-execution, service, update, vulnerability, windows

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech…