Tag: microsoft
-
Windows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage Security
Microsoft has rolled out Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, bringing crucial updates for system security and storage management. Announced by the Windows Insider Program Team on April 10, 2026, this release delivers enhanced oversight for Secure Boot states. It streamlines User Account Control (UAC) prompts. The update provides users with…
-
Fake Helpdesk Attack Uses Teams and Quick Assist to Breach Targets
Attackers are increasingly abusing Microsoft Teams and Windows Quick Assist to run a helpdesk”‘themed social engineering attack chain that leads to full enterprise compromise and stealthy data theft. By impersonating IT support and relying on legitimate tools and protocols, adversaries can move laterally and exfiltrate data while blending into normal admin activity. Using names such as “Help…
-
Microsoft Teams right-click paste broken by Edge update bug
Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-teams-right-click-paste-broken-by-edge-update-bug/
-
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access
Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the…
-
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems.The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (…
-
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
New research has exposed a search engine poisoning campaign that delivers a trojanized TestDisk installer, abuses a Microsoft-signed binary for DLL sideloading, and silently deploys the ScreenConnect remote monitoring and management (RMM) client for hands-on keyboard access. The rogue domain copies the branding of the real open-source data recovery tool, presenting itself as “The Ultimate…
-
Mythos and Cybersecurity
Tags: access, ai, apple, crowdstrike, cybersecurity, exploit, microsoft, service, software, vulnerabilityLast week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations”, Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors of critical…
-
Another Microsoft Defender privilege escalation bug emerges days after patch
Second Defender-based LPE in days: The Defender flaw addressed earlier this week as part of Patch Tuesday was one of the two zero-day bugs Microsoft fixed, and it also allowed local privilege escalation stemming from “insufficient granularity of access control.”While Microsoft attributed the discovery of the flaw, tracked as CVE-2026-33825, to security researcher Zen Dodd,…
-
Sometimes changing the password on your email mailbox isn’t enough
Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it. First seen on fortra.com Jump to article: www.fortra.com/blog/sometimes-changing-password-your-email-mailbox-isnt-enough
-
Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches
Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers after deploying the April 2026 cumulative update KB5082063 (OS Build 26100.32690), released on April 14, 2026. Affected domain controllers are entering repeated restart loops, and a separate but related issue is triggering BitLocker recovery prompts on enterprise-managed systems post-update. Reboot Loop Issue…
-
Microsoft announces product it doesn’t want anyone to buy
Tags: microsoftJust migrate already, would you? But if you can’t, Redmond will take your cash First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/microsoft_exchange_skype/
-
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/17/microsoft-defender-zero-days-exploited/
-
Nach Microsoft-Patchday: Update-Fehler und ständige Reboots bei Windows Server
IT-Admins haben mit den April-Updates für Windows Server allerhand zu tun. Die Updates können fehlschlagen oder wiederholte Reboots auslösen. First seen on golem.de Jump to article: www.golem.de/news/nach-microsoft-patchday-update-fehler-und-staendige-reboots-bei-windows-server-2604-207693.html
-
Some Windows servers enter reboot loops after April patches
Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-reboot-loops-affecting-some-domain-controllers/
-
Microsoft’s Original Windows Secure Boot Certificate Is Expiring
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/microsoftoriginal-windows-secure-boot-certificates-expire
-
Microsoft Fixes 167 Vulnerabilities in Latest Patch Tuesday Update
Microsoft’s Patch Tuesday April 2026 release has introduced one of the most extensive security update rollouts of the year, addressing a total of 167 vulnerabilities across Windows operating systems and associated software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-april-2026/
-
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Google, Meta, and Microsoft about half the time don’t comply with requests to opt out of online tracking per a California law mandate, privacy watchdog finds. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/audit-big-tech-ignores-data-collection-requests
-
Check Point Research enttarnt betrügerische Anzeigen für PlaystationJubiläumsedition
Check Point Research (CPR), die Sicherheitsforschungs-abteilung von Check Point Software Technologies Ltd. veröffentlicht sein ‘Brand Phishing Ranking” für das erste Quartal 2026 und deckt darin Betrugsversuche mit Sonys Playstation 5 sowie mit vermeintlichen Software-Downloads und Login-Masken von Microsoft auf. Die neuesten Ergebnisse zeigen zudem, dass Microsoft weiterhin die am häufigsten imitierte Marke war und in…
-
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flaws
-
Microsoft announces product it doesn’t want you to buy: Extended security updates for old Exchange, and Skype for Biz
Just migrate already, would you? But if you can’t, Redmond will take your cash First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/microsoft_exchange_skype/
-
Microsoft Bets $10B to Boost Japan’s AI, Cybersecurity
The deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships, the latest move by a hyperscaler to compete for sovereign AI and data centers. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/microsoft-bets-10-billion-to-boost-japan-s-ai-cybersecurity
-
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, office, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability…
-
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201, already…
-
April Patch Tuesday brings zero-days in Defender, SharePoint Server
Microsoft’s latest Patch Tuesday update may be one of the largest in history, with more than 160 issues in scope First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641679/April-Patch-Tuesday-brings-zero-days-in-Defender-SharePoint-Server
-
Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days
Microsoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-165-vulnerabilities-april-2026/
-
What to do When Your AI Guardrails Fail
I want to talk about a bug. Not because the bug itself was exceptional, but because what it exposed should change how every organisation architects AI governance. For several weeks earlier this year, Microsoft 365 Copilot read and summarised confidential emails despite sensitivity labels and Data Loss Prevention policies being correctly configured to block that…
-
QA: Your Face Is Now Part of the Threat Landscape, Warns Sarah Armstrong-Smith
Sarah Armstrong-Smith brings rare front-line authority to the cyber resilience conversation, with a career shaped by some of the most defining digital threats of the modern era. From the Millennium Bug through to board-level cyber strategy at Microsoft and the London Stock Exchange Group, her perspective is grounded in real crisis leadership, not theory. That…
-
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/