Tag: microsoft

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1

Jan 26, 2026 9:21 PM

Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windows

IntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
Emergency Microsoft update fixes inwild Office zero-day

Jan 26, 2026 9:21 PM

Tags: cve, exploit, microsoft, office, update, vulnerability, zero-day

Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 20162024 and Microsoft 365 Apps. Microsoft released out-of-band security updates to address an actively exploited Office zero-day vulnerability tracked as CVE-2026-21509. The issue is a security feature bypass vulnerability that affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019,…
How to encrypt your PC’s disk without giving the keys to Microsoft

Jan 26, 2026 8:24 PM

Tags: microsoft

Storing recovery keys with Microsoft allows the company to unlock your disk. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2026/01/how-to-encrypt-your-pcs-disk-without-giving-the-keys-to-microsoft/
Fake Microsoft Teams Billing Phishing Alerts Reach 6,135 Users via 12,866 Emails

Jan 26, 2026 8:24 PM

Tags: email, microsoft, phishing, phone, scam

Scammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign. First seen on hackread.com Jump to article: hackread.com/fake-microsoft-teams-billing-phishing-alerts-emails/
Fake Microsoft Teams Billing Phishing Alerts Reach 6,135 Users via 12,866 Emails

Jan 26, 2026 8:24 PM

Tags: email, microsoft, phishing, phone, scam

Scammers are abusing Microsoft Teams invitations to send fake billing notices, with 12,866 emails reaching around 6,135 users in a phone-based phishing campaign. First seen on hackread.com Jump to article: hackread.com/fake-microsoft-teams-billing-phishing-alerts-emails/
Microsoft patches actively exploited Office zero-day vulnerability

Jan 26, 2026 8:24 PM

Tags: exploit, microsoft, office, update, vulnerability, zero-day

Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-patches-actively-exploited-office-zero-day-vulnerability/
Digitale Integrität: Warum Firewall und IDS nicht reichen

Jan 26, 2026 6:21 PM

Tags: access, apt, breach, bsi, ceo, ciso, cloud, crowdstrike, cyber, cyberattack, cyersecurity, data, data-breach, detection, firewall, fraud, group, ibm, lazarus, linkedin, mail, malware, microsoft, phishing, privacy, social-engineering, spear-phishing, threat, tool, zero-trust

Die systematische Erfassung von Daten über Mitarbeiter, Kunden und Geschäftspartner hat eine neue Angriffsfläche geschaffen, die von Cyberkriminellen ausgenutzt wird.In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa…
Digitale Integrität: Warum Firewall und IDS nicht reichen

Jan 26, 2026 6:21 PM

Tags: access, apt, breach, bsi, ceo, ciso, cloud, crowdstrike, cyber, cyberattack, cyersecurity, data, data-breach, detection, firewall, fraud, group, ibm, lazarus, linkedin, mail, malware, microsoft, phishing, privacy, social-engineering, spear-phishing, threat, tool, zero-trust

Die systematische Erfassung von Daten über Mitarbeiter, Kunden und Geschäftspartner hat eine neue Angriffsfläche geschaffen, die von Cyberkriminellen ausgenutzt wird.In einer vernetzten Geschäftswelt stehen Unternehmen vor beispiellosen Cybersicherheits-Herausforderungen. Laut dem IBM Cost of a Data Breach Report 2024 betragen die durchschnittlichen Kosten eines durch Phishing verursachten Datenlecks etwa 4,88 Millionen Dollar. Nach Branchenschätzungen werden täglich etwa…
Microsoft Shared BitLocker Keys With FBI, Raising Privacy Fears

Jan 26, 2026 6:21 PM

Tags: cloud, control, microsoft, privacy

Microsoft confirmed it can hand over BitLocker recovery keys stored in the cloud under warrant, reviving debate over who controls encrypted data. The post Microsoft Shared BitLocker Keys With FBI, Raising Privacy Fears appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-bitlocker-keys-fbi-privacy/
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Jan 26, 2026 6:21 PM

Tags: ai, china, cybersecurity, data, intelligence, malicious, microsoft

Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as artificial intelligence (AI)-powered coding assistants, but also harbor covert functionality to siphon developer data to China-based servers.The extensions, which have 1.5 million combined installs and are still available for download from the official Visual Studio First seen on…
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns

Jan 26, 2026 5:21 PM

Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technology

Where most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
Microsoft handed over BitLocker keys to law enforcement, raising enterprise data control concerns

Jan 26, 2026 5:21 PM

Tags: access, authentication, backup, breach, business, china, cloud, control, corporate, credentials, data, endpoint, governance, government, group, india, infrastructure, law, mfa, microsoft, risk, service, technology

Where most enterprises go wrong: Enterprises using BitLocker should treat the recovery keys as highly sensitive, and avoid default cloud backup unless there is a clear business requirement and the associated risks are well understood and mitigated.The safest configuration is to redirect those keys to on-premises Active Directory or a controlled enterprise key vault. Even…
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware

Jan 26, 2026 4:21 PM

Tags: attack, cyber, github, malicious, malware, microsoft, north-korea, software, threat

A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
Microsoft Issues KB5078127 OOB Patch After Reports of Outlook Freezing and File System Instability

Jan 26, 2026 4:21 PM

Tags: cyber, microsoft, update, windows

Microsoft has released two critical out-of-band (OOB) security patches targeting widespread issues affecting Windows 11 users following January’s monthly security updates. The emergency patches, KB5078127 and KB5078132, address severe file system failures and application crashes that emerged after the January 13 security release. The primary culprit behind these issues is unexpected complications introduced by KB5073455…
New DPRK Interview Campaign Uses Fake Fonts to Deliver Malware

Jan 26, 2026 4:21 PM

Tags: attack, cyber, github, malicious, malware, microsoft, north-korea, software, threat

A dangerous new iteration of the >>Contagious Interview<< campaign that weaponizes Microsoft Visual Studio Code task files to distribute sophisticated malware targeting software developers. This campaign, which began over 100 days ago, has intensified dramatically in recent weeks with 17 malicious GitHub repositories identified across 11 distinct attack variants. North Korean threat actors linked to…
Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

Jan 26, 2026 3:21 PM

Tags: malicious, microsoft, phishing

Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing campaign targeting energy sector organizations. The campaign misused SharePoint file-sharing to deliver phishing links and created inbox rules to hide malicious activity and maintain persistence. After the initial…
New Fake CAPTCHA Scam Abuses Microsoft Tools to Install Amatera Stealer

Jan 26, 2026 1:18 PM

Tags: captcha, microsoft, scam, tool

Another day, another fake CAPTCHA scam, but this one abuses Microsoft’s signed tools. First seen on hackread.com Jump to article: hackread.com/fake-captcha-scam-microsoft-tools-amatera-stealer/
Microsoft Entra ID will auto-enable passkey profiles, synced passkeys

Jan 26, 2026 10:21 AM

Tags: microsoft, passkey

Starting March 2026, Microsoft Entra ID will automatically enable passkey profiles and introduce support for synced passkeys. Passkey profiles move into general availability … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/26/microsoft-auto-enable-entra-id-passkeys/
Januar-Updates lösen unter Windows 11 Boot-Fehler aus

Jan 26, 2026 10:21 AM

Tags: microsoft, update, windows

Die Liste der Probleme mit den Januar-Updates für Windows wird immer länger. Einige Rechner lassen sich wohl nicht mehr fehlerfrei starten. First seen on golem.de Jump to article: www.golem.de/news/microsoft-januar-updates-loesen-unter-windows-11-boot-fehler-aus-2601-204591.html
Inside Microsoft’s veterantech workforce pipeline

Jan 26, 2026 9:21 AM

Tags: microsoft, military, technology

The technology workforce is changing, and military veterans are increasingly being recognized as one of the industry’s most valuable and dependable talent pools. In this Help … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/26/microsoft-veteran-tech-workforce/
Überwachung – Microsoft hat Bitlocker-Schlüssel heimlich an das FBI weitergegeben

Jan 25, 2026 4:18 PM

Tags: backup, microsoft, windows

Um Windows-Geräte zu entschlüsseln, hat Microsoft Bitlocker-Keys an das FBI übergeben. Möglich ist der Zugang durch eine Backup-Funktion. First seen on computerbase.de Jump to article: www.computerbase.de/news/netzpolitik/ueberwachung-microsoft-hat-bitlocker-schluessel-heimlich-an-das-fbi-weitergegeben.95907
Microsoft investigates Windows 11 boot failures after January updates

Jan 25, 2026 4:18 PM

Tags: microsoft, update, windows

Microsoft is investigating reports that some Windows 11 devices are failing to boot with “UNMOUNTABLE_BOOT_VOLUME” errors after installing the January 2026 Patch Tuesday security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-investigates-windows-11-boot-failures-after-january-updates/
Microsoft releases emergency OOB update to fix Outlook freezes

Jan 25, 2026 5:31 AM

Tags: cloud, microsoft, update, windows

Microsoft has released emergency, out-of-band updates on Saturday for Windows 10, Windows 11, and Windows Server to fix an issue that prevented Microsoft Outlook classic from opening when using PSTs stored in cloud storage. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-oob-update-to-fix-outlook-freezes/
ShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theft

Jan 25, 2026 5:31 AM

Tags: attack, breach, corporate, data, extortion, google, microsoft, okta, phishing, saas, theft, threat

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/
FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys

Jan 24, 2026 7:30 PM

Tags: microsoft, privacy, windows

If you are using a Windows PC, your privacy and security are nothing short of a myth, and this incident proves it. First seen on hackread.com Jump to article: hackread.com/fbi-windows-laptops-microsoft-bitlocker-recovery-keys/
Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks

Jan 24, 2026 4:30 PM

Tags: cyber, microsoft, network, wifi

Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect to raising significant concerns about workplace surveillance and hybrid work policies. The feature, documented in Microsoft’s 365 Roadmap and Admin Centre (Message ID MC1081568), will automatically set users’ work location when…
Microsoft Open-Sources winapp, a New CLI Tool for Streamlined Windows App Development

Jan 24, 2026 4:30 PM

Tags: cyber, framework, github, microsoft, open-source, tool, windows

Microsoft has announced the public preview of the Windows App Development CLI (winapp), a new open-source command-line tool designed to simplify Windows application development across multiple frameworks and toolchains. The tool is now available on GitHub for developers working outside traditional Visual Studio or MSBuild environments. The winapp CLI targets developers using cross-platform frameworks including…
Microsoft Shared BitLocker Recovery Keys with the FBI to Unlock Encrypted Laptop Data

Jan 24, 2026 4:30 PM

Tags: access, cyber, data, encryption, fraud, law, microsoft, technology

Microsoft has confirmed that it provided BitLocker encryption recovery keys to the FBI following a valid search warrant, marking the first publicly known case of the technology giant sharing encryption keys with law enforcement. The disclosure occurred after federal investigators in Guam requested access to three encrypted laptops believed to contain evidence of fraud in…
Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls

Jan 24, 2026 4:30 PM

Tags: access, attack, control, cyber, data-breach, email, microsoft, phishing, service

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security controls and compromise multiple user accounts. SharePoint Abuse for Initial Access The attack began with a phishing email sent from a compromised trusted vendor’s email address, embedding SharePoint URLs that mimicked…
Datenschutzdebatte: Microsoft gibt Bitlocker-Schlüssel an FBI weiter

Jan 24, 2026 3:30 PM

Tags: microsoft

Microsoft händigt Ermittlungsbehörden auf richterliche Anordnung Verschlüsselungsschlüssel für Bitlocker aus. First seen on golem.de Jump to article: www.golem.de/news/datenschutzdebatte-microsoft-gibt-bitlocker-schluessel-an-fbi-weiter-2601-204576.html