Tag: microsoft
-
Microsoft Edge retires master password feature, adopts passkeys and biometrics
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-edge-retires-master-password-feature-adopts-passkeys-and-biometrics
-
Mayo Clinic, Microsoft Team Up on AI for Doctors, Patients
Healthcare Sector AI Expansion Raises Questions on Governance, Privacy and Safety. Mayo Clinic and Microsoft are planning a new healthcare-specific frontier artificial intelligence model that aims to help clinicians make earlier diagnoses and deliver more personalized treatments to their patients. The clinic plans to make the new model available to patients and doctors. First seen…
-
Microsoft Tests Wearable AI Badge for Office Workers
Microsoft showed Project Solara concept devices at Build 2026, including a wearable AI badge for office workers using AI agents. The post Microsoft Tests Wearable AI Badge for Office Workers appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-wearable-ai-badge-office-workers/
-
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps.Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as that…
-
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/coding-gaffe-exposes-microsoft-365-accounts-takeover
-
Microsoft responds to security challenges facing code, AI agents, and models
Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/microsoft-ai-agent-security-capabilities/
-
Geplatzer Milliarden-Deal – Bayern testet Alternativen zu Microsoft
Tags: microsoftFirst seen on security-insider.de Jump to article: www.security-insider.de/bayern-testet-software-alternativen-zu-microsoft-in-behoerden-a-cfb6306f1fc3d9d5a462adcfc2312625/
-
Proofpoint Ramping Up Big MSP Growth Push In North America: Exec
Proofpoint’s launch of a business unit and Microsoft 365 security platform focused on meeting the needs of MSPs and their SMB customers marks a major advancement for the managed service provider market, according to an MSP executive. First seen on crn.com Jump to article: www.crn.com/news/security/2026/proofpoint-ramping-up-big-msp-growth-push-in-north-america-exec
-
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.”Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.GitHub supports…
-
Expiring Microsoft Secure Boot Keys May Block DBX Updates on Legacy Devices
Expiring Microsoft Secure Boot keys will not brick unmigrated systems on June 27, 2026. However, they will silently freeze DB/DBX updates and lock affected Windows and Linux fleets out of future boot”‘level protections. On June 27, 2026, the Microsoft Corporation KEK CA 2011 used to authorize DB/DBX updates via Windows Update reaches its end of…
-
Expiring Microsoft Secure Boot Keys May Block DBX Updates on Legacy Devices
Expiring Microsoft Secure Boot keys will not brick unmigrated systems on June 27, 2026. However, they will silently freeze DB/DBX updates and lock affected Windows and Linux fleets out of future boot”‘level protections. On June 27, 2026, the Microsoft Corporation KEK CA 2011 used to authorize DB/DBX updates via Windows Update reaches its end of…
-
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora.The vulnerability has been codenamed HTTP/2 Bomb by Calif.”The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining First seen on…
-
Kein Bock auf Microsoft: Forscher leakt Zero-Day-Exploit für Github-Datenklau
Microsoft hat neben Chaotic Eclipse offenbar noch einen weiteren Forscher verärgert. Der hat nun einen gefährlichen Github-Exploit veröffentlicht. First seen on golem.de Jump to article: www.golem.de/news/kein-bock-auf-microsoft-forscher-leakt-zero-day-exploit-fuer-github-datenklau-2606-209348.html
-
Microsoft Scout agent opens a new category of always-on Autopilots
Workplace AI assistants have mostly waited for a prompt before doing anything. A user asks, the tool answers, and the exchange ends there. Microsoft is putting a different … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/microsoft-scout-personal-agent/
-
HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora
A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) conditions against widely deployed servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. Overview of the HTTP/2 Bomb Attack Security researcher Quang Luong, working with the Codex team, uncovered a novel exploitation technique that…
-
Microsoft MSRC Allegedly Declines Action on Dependency Confusion Vulnerability
Microsoft is facing scrutiny after reportedly declining to treat a critical dependency confusion vulnerability affecting Azure Portal assets as a security issue, despite a proof-of-concept exploit demonstrating remote code execution (RCE). Security researcher Wahid Fayad identified the issue while analyzing JavaScript assets served via portal.azure.com. The investigation revealed an internal Node.js dependency, FxInternal/NetDiagnostics, that was not…
-
Microsoft resolves Windows 11 update installation errors
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-resolves-windows-11-update-installation-errors
-
Microsoft denies legal action against researchers after slamming BlueHammer publisher
Tags: microsoftFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-denies-legal-action-against-researchers-after-slamming-bluehammer-publisher
-
Microsoft’s Coreutils project brings Linux commands to Windows
Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsofts-coreutils-project-brings-linux-commands-to-windows/
-
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/fbi-flagged-phishing-kit-kali365-expands-its-reach
-
Microsoft’s Vasu Jakkal On Why AI Agents Need Human-Level Security Controls
Microsoft is doubling down on its efforts to uniquely provide comprehensive control for securing the adoption of AI agents with the expansion of its Agent 365 offering, top Microsoft security executive Vasu Jakkal tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-s-vasu-jakkal-on-why-ai-agents-need-human-level-security-controls
-
Microsoft’s Vasu Jakkal On Why AI Agents Need Human-Level Security Controls
Microsoft is doubling down on its efforts to uniquely provide comprehensive control for securing the adoption of AI agents with the expansion of its Agent 365 offering, top Microsoft security executive Vasu Jakkal tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-s-vasu-jakkal-on-why-ai-agents-need-human-level-security-controls
-
Microsoft Exchange Online outage causes email delays, failures
Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-causes-email-delays-failures/
-
Kali365 imitiert vermehrt Unternehmen wie Microsoft und Okta
Steven Campbell, Staff Threat Intelligence Researcher bei Arctic Wolf, ordnete kürzlich die FBI-Warnung vor ‘Kali365″, eine Kampagne, die sich mittlerweile vom Phishing-Kit zu einer umfassenderen Phishing-as-a-Service-Plattform entwickelt hat, und aktuelle Entwicklungen rund um moderne Phishing-Angriffe ein. Kali365 war zunächst dadurch aufgefallen, dass sie den OAuth-Device-Authorization-Flow von Microsoft ausnutzte, um Authentifizierungs-Tokens zu stehlen und Multi-Faktor-Authentifizierung zu…
-
Microsoft Entra pushes passkeys, tightens identity security
Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/microsoft-entra-latest-security-updates/
-
Microsoft Authenticator leitet Token an Angreifer weiter – Kritische Authenticator-Lücke ermöglicht Kontoübernahme ohne Exploit
First seen on security-insider.de Jump to article: www.security-insider.de/cve-2026-41615-microsoft-authenticator-token-kontouebernahme-a-82db6c3664efe48582e8c605aebde967/
-
Microsoft’s Zero-Day Legal Threats Spark Backlash
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-zero-day-legal-threats-backlash
-
Microsoft investigates Office Apps, Teams file access issues
Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/
-
Microsoft Defender Vulnerability Management gets a smarter exposure score
Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/microsoft-defender-exposure-score-update/
-
Microsoft fixes outage affecting MFA setup, MySignIn service
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outage-affecting-mfa-setup-mysignin-service/