Tag: microsoft
-
Microsoft’s Zero-Day Legal Threats Spark Backlash
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-zero-day-legal-threats-backlash
-
Microsoft investigates Office Apps, Teams file access issues
Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/
-
Microsoft Defender Vulnerability Management gets a smarter exposure score
Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/microsoft-defender-exposure-score-update/
-
Microsoft fixes outage affecting MFA setup, MySignIn service
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outage-affecting-mfa-setup-mysignin-service/
-
Microsoft says it will not pursue security researchers after zero-day backlash
Microsoft said it is taking the feedback seriously, adding: “To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research.” First seen on therecord.media Jump to article: therecord.media/microsoft-says-it-will-not-pursue-security-researchers-disclosure
-
Microsoft confirms outage affecting MFA, My Sign-Ins platform
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/
-
Cyberkriminelle nutzen die Phishing-Plattform Kali365, um legitime Microsoft-365-Verfahren für einen Zugriff ohne Passwörter
Das FBI warnt aktuell vor Kali365, einer seit April 2026 aktiven Phishing-as-a-Service-Plattform, die gezielt Microsoft-365-Umgebungen ins Visier nimmt. Hierbei werden keine Zugangsdaten gestohlen, sondern OAuth-Tokens gekapert, wodurch selbst eine Multifaktor-Authentifizierung (MFA) umgangen wird. Die Plattform bietet zudem KI-generierte Phishing-Vorlagen, automatisierte Kampagnen-Tools und Echtzeit-Tracking-Dashboards und wird über Telegram als Abonnementmodell vertrieben. Der Angriff läuft dabei in…
-
Microsoft fixes KB5089549 Windows security update install issues
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/
-
No Lawsuits Against Researchers in Nightmare-Eclipse Row
Microsoft has issued a clarifying statement, assuring the global cybersecurity community that it has no intention of pursuing legal action against security researchers conducting or publishing legitimate security research. A significant walkback amid the firestorm sparked by its earlier confrontation with a researcher known as >>Nightmare-Eclipse.<< The controversy began in April 2026 when an anonymous researcher using…
-
Zoff mit Microsoft: Verärgerter Sicherheitsforscher kündigt Bitskrieg an
Der verärgerte Sicherheitsforscher Chaotic Eclipse will im Juni einen neuen Bitlocker-Exploit leaken. Microsoft kämpft derweil gegen einen Shitstorm. First seen on golem.de Jump to article: www.golem.de/news/zoff-mit-microsoft-veraergerter-sicherheitsforscher-kuendigt-bitskrieg-an-2606-209243.html
-
Microsoft KB5089573 Fixes Windows 11 Patch Tuesday Install Failures
Microsoft has released cumulative update KB5089573 for Windows 11 versions 24H2 and 25H2, aimed at improving stability and resolving installation issues reported during recent Patch Tuesday deployments. The update is part of Microsoft’s ongoing effort to streamline update reliability while introducing refinements to AI-driven system components. KB5089573 primarily addresses problems users encountered while installing earlier…
-
Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation
Tags: cve, cyber, exploit, microsoft, rce, remote-code-execution, risk, update, vulnerability, windowsMicrosoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is now being actively exploited in the wild. Tracked as CVE-2026-41089, the vulnerability allows unauthenticated attackers to execute remote code against domain controllers without any user interaction, making it one of the most dangerous…
-
KnowBe4 vereint E und Chat-Sicherheit durch die Ausweitung der Bedrohungserkennung auf Microsoft-Teams
Der führende Anbieter Digitaler-Workforce-Security, der sich umfassend mit dem Schutz von Menschen und KI-Agenten befasst, KnowBe4, führt ‘KnowBe4 Messaging Security” ein, mit der Microsoft-Teams abgesichert werden kann. Die KnowBe4-Plattform bietet nun einen einheitlichen Schutz für die beiden wichtigsten Kommunikationskanäle von Unternehmen: Chat und E-Mail. Dieses neue Angebot schließt die Sicherheitslücke zwischen E-Mail-Schutz und Tools für…
-
Microsoft Issues OutBand SharePoint Patch
SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-issues-sharepoint-patch
-
Microsoft Code Editor Flaw Lets Attackers Hijack Developer PCs
Hidden Install Settings Let Malicious MCP Links Execute Code. Microsoft patched a high-severity flaw in Visual Studio Code after researchers found attackers could hide malicious settings inside MCP server install links, giving them persistent access to developer machines through what appeared to be routine artificial intelligence tool installations. First seen on govinfosecurity.com Jump to article:…
-
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts no password required
So, you’ve enabled multi-factor authentication. You’ve taught your staff never to type their passwords into dodgy-looking login pages. Surely your Microsoft 365 accounts are safe now? First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/fbi-kali365-phishing-kit-breaks-microsoft-365-accounts-no-password-required
-
FBI warns about PhaaS platform used to access Microsoft 365 environments
Device code phishing enabled hackers to bypass multifactor authentication without credentials. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fbi-warns-phishing-platform-microsoft-365/821105/
-
Microsoft Defender can now automatically isolate hacked endpoints
Microsoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers’ attempts to move laterally across the network. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-now-automatically-isolate-hacked-endpoints/
-
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met.The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity.”Deserialization of untrusted data in Microsoft Office SharePoint…
-
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/sharepoint-vulnerability-cve-2026-45659/
-
Github-Konto gesperrt: Streit zwischen Microsoft und Chaotic Eclipse eskaliert
Der Sicherheitsforscher Chaotic Eclipse veröffentlicht laufend neue Zero-Day-Exploits für Windows. Jetzt hat Microsoft ihn wohl richtig sauer gemacht. First seen on golem.de Jump to article: www.golem.de/news/github-konto-gesperrt-streit-zwischen-microsoft-und-chaotic-eclipse-eskaliert-2605-209024.html
-
Domain Controller lookup may fail on Windows Server 2016
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-domain-controller-lookup-may-fail-on-windows-server-2016/
-
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/
-
FBI Warns ‘Kali365’ Phishing Kit Hijacks Microsoft 365 OAuth Tokens
The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-kali365-phishing-kit-m365/
-
Hackers Use CypherLoc Kit to Push Fake Microsoft Support Scams
CypherLoc is a sophisticated browser-lock scareware designed to drive victims to fraudulent tech support calls. It evades scanners and sandboxes by executing in an encrypted, condition-based manner inside the browser. Security teams should have robust anti-phishing, browser, and endpoint protections and prioritize user education. Since the start of 2026, Barracuda researchers have observed around 2.8 million…
-
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
-
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
-
Microsoft releases new AI red teaming tools for developers
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-releases-new-ai-red-teaming-tools-for-developers