Tag: microsoft
-
Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastructure. Attribute Details CVE ID CVE-2025-59287 Released October 14, 2025 Last Updated October 23, 2025 Vulnerability Type Remote…
-
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space…
-
Skript dreht durch: Update-Panne wirft HP-Nutzer aus Microsoft-Umgebungen
Ein per Update für HP Oneagent verteiltes Powershell-Skript hat gravierende Folgen. Es löscht wild und ohne Rückfrage teils wichtige Zertifikate. First seen on golem.de Jump to article: www.golem.de/news/skript-dreht-durch-update-panne-wirft-hp-nutzer-aus-microsoft-umgebungen-2510-201495.html
-
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space…
-
Microsoft Boosts Windows Security by Disabling File Previews for Downloads
Microsoft has rolled out a significant security enhancement to Windows File Explorer, automatically disabling the preview pane for files downloaded from the internet as part of security updates released on and after October 14, 2025. This proactive measure targets a long-standing vulnerability that attackers have exploited to harvest NTLM hashes and sensitive credentials used for…
-
What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense
Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/microsoft-ai-cyber-attacks-report/
-
What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense
Adversaries are using AI to sharpen attacks, automate operations, and challenge long-standing defenses, according to a new Microsoft report. Researchers describe a year in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/microsoft-ai-cyber-attacks-report/
-
New Phishing Wave Uses OAuth Prompts to Take Over Microsoft Accounts
A new phishing campaign is targeting Microsoft account holders by using a clever twist on OAuth authentication prompts. Instead of asking users to hand over their passwords directly, attackers are tricking people into granting permission to malicious applications through legitimate-looking Microsoft authorization screens. This method bypasses traditional password protection and multi-factor authentication, making it particularly…
-
New Phishing Wave Uses OAuth Prompts to Take Over Microsoft Accounts
A new phishing campaign is targeting Microsoft account holders by using a clever twist on OAuth authentication prompts. Instead of asking users to hand over their passwords directly, attackers are tricking people into granting permission to malicious applications through legitimate-looking Microsoft authorization screens. This method bypasses traditional password protection and multi-factor authentication, making it particularly…
-
AI browsers can be abused by malicious AI sidebar extensions: Report
‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
-
Microsoft puts Office Online Server on the chopping block
The end is nigh, now get thee to 365 First seen on theregister.com Jump to article: www.theregister.com/2025/10/22/microsoft_office_online_server/
-
HP pulls update that broke Microsoft Entra ID auth on some AI PCs
HP has pulled an HP OneAgent software update for Windows 11 that mistakenly deleted Microsoft certificates required for some organizations to log in to Microsoft Entra ID, effectively disconnecting them from their company’s cloud environments. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/hp-pulls-update-that-broke-microsoft-entra-id-auth-on-some-ai-pcs/
-
DTTS – Zero Trust DNS Enforcement: Policy Violation Management
In a default-deny world, where only verified sources and verified destinations are allowed, which require a successful policy-allowed DNS resolution, many modern threats are mitigated, and there’s demonstrable value in choosing this path, including being able to enforce “My network, my rules” approach to egress control. However, in this world where existing applications need to…
-
Keeper-Sentinel Integration Targets Rise in Identity Abuse and Privilege Misuse
Today, Keeper Security has announced a native integration with Microsoft Sentinel. This integration enables organisations to detect and respond to credential-based threats faster and with greater precision by streaming real-time Keeper event data directly into the Microsoft Sentinel Security Information and Event Management (SIEM) solution. Security teams gain deep visibility into credential use, privileged activity…
-
Meet the new Clippy: Microsoft unveils Copilot’s “Mico” avatar
Today, Microsoft introduced Mico, a new and more personal avatar for the AI-powered Copilot digital assistant, which the company describes as human-centered. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/meet-the-new-clippy-microsoft-unveils-copilots-mico-avatar/
-
Microsoft disables File Explorer preview for downloads to block attacks
Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/
-
Microsoft stoppt Ransomware-Angriffe auf Teams-Nutzer
Eine Ransomware-Bande hat gefälschte MS Teams-Installationsprogramme verwendet, um Nutzer anzugreifen.Durch die zunehmende Verbreitung von Remote-Work geraten Collaboration-Tools immer wieder in das Visier von Cyberkriminellen. Microsoft entdeckte vor kurzem eine Angriffskampagne der Ransomware-Bande Vanilla Tempest, die auf gefälschten Teams-Installationsprogrammen basiert. Die Angreifer verwendeten dazu imitierte MSTeamsSetup.exe-Dateien, die auf bösartigen Domains gehostet wurden. Ziel war es, ahnungslose…
-
Microsoft Digital Defense Report 2025: Extortion and Ransomware Lead Global Cybercrime Surge
The newly released Microsoft Digital Defense Report 2025 reveals new data on global cyber threats. According to the report, more than half of all cyberattacks with known motives, 52%, are driven by extortion and ransomware. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/digital-defense-report-shares-cybercrime-trend/
-
Warlock Ransomware Exploits SharePoint ToolShell Zero-Day in New Attack Campaign
Tags: attack, china, cyber, cybercrime, cybersecurity, espionage, exploit, group, infrastructure, microsoft, ransomware, threat, zero-dayChinese-linked threat actors behind the Warlock ransomware operation have emerged as a significant cybersecurity concern following their exploitation of a critical Microsoft SharePoint vulnerability. The group’s sophisticated attack infrastructure, combined with evidence of historical espionage activities dating back to 2019, reveals a complex threat landscape where cybercriminal and state-sponsored operations increasingly converge. Warlock first surfaced…
-
Vorschau funktioniert nicht: Update für Windows-11-Explorer verärgert Nutzer
Der Explorer von Windows 11 verweigert seit einigen Tagen die Vorschau für zahlreiche PDF- und Office-Dokumente. Laut Microsoft ist das beabsichtigt. First seen on golem.de Jump to article: www.golem.de/news/nutzerbeschwerden-windows-11-update-macht-vorschau-im-explorer-kaputt-2510-201447.html
-
Nutzer verärgert: Windows-11-Update macht Vorschau im Explorer kaputt
Der Explorer von Windows 11 verweigert seit einigen Tagen die Vorschau für zahlreiche PDF- und Office-Dokumente. Laut Microsoft ist das beabsichtigt. First seen on golem.de Jump to article: www.golem.de/news/nutzerbeschwerden-windows-11-update-macht-vorschau-im-explorer-kaputt-2510-201447.html
-
Microsoft’s ancient icon library still lurks deep within Windows 11
Pixels of the past ‘created just for fun’ First seen on theregister.com Jump to article: www.theregister.com/2025/10/21/windows_pifmgr_chen/
-
Click, Call, Compromise: Hackers Continue to Evolve Tactics
Microsoft Says Hackers Pivoting to Identity Compromise. Hackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches. First seen on…
-
ToolShell bug used by Chinese attackers against governments in Africa, South America
Government agencies in African and South American nations are on the long list of organizations breached through exploitation of a vulnerability in Microsoft SharePoint, incident responders revealed. First seen on therecord.media Jump to article: therecord.media/sharepoint-toolshell-bug-breaches-governments-africa-south-america
-
Cybersecurity Awareness Month Is for Security Leaders, Too
Think you know all there is to know about cybersecurity? Guess again. Shadow AI is challenging security leaders with many of the same issues raised by other “shadow” technologies. Only this time, it’s evolving at breakneck speed. Key takeaways: The vast majority of organizations (89%) are either using AI or piloting it. Shadow AI lurks…
-
Versa schafft umfassende SASE-Lösung mit der Integration von Microsoft-EntraAccess
Ab sofort steht eine automatisierte Integration von Versa-Secure-SD-WAN mit Microsoft-Entra-Internet-Access, einer Komponente der Security-Service-Edge (SSE)-Lösung von Microsoft, zur Verfügung. Damit entsteht eine vollständige, einfach zu verwaltende SASE-Lösung, die umfassende Sicherheit mit optimierter Leistung für verteilte Standorte bietet. Im Gegensatz zu vielen vorlagenbasierten Integrationen ist das anwendungsorientierte SD-WAN von Versa nun eines der wenigen SD-WAN-Angebote im…
-
Microsoft OneDrive und die KI-Gesichtserkennung in Familienfotos
Ich krame noch ein weiteres Thema raus, was eigentlich zeigt, dass sie die Verwendung von Microsoft OneDrive zur Speicherung persönlicher Inhalte verbietet. Denn Microsoft testet mit Familienfotos, die auf OneDrive liegen, die KI-gestützte Gesichtserkennung. KI Gesichtserkennung bei OneDrive Das Thema … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/22/microsoft-onedrive-und-die-ki-gesichtserkennung-in-familienfotos/
-
Fileless Remcos Attacks: Injecting Malicious Code into RMClient to Evade EDR
CyberProof researchers detected a significant surge in Remcos (Remote Control & Surveillance Software) campaigns throughout September and October 2025, exploiting sophisticated fileless techniques to evade endpoint detection and response (EDR) solutions. By leveraging highly obfuscated PowerShell scripts and process hollowing into Microsoft’s RMClient.exe, attackers are gaining stealthy persistence and targeting browser credentials. Although Remcos is…