Tag: microsoft
-
ShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theft
The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/
-
FBI Accessed Windows Laptops After Microsoft Shared BitLocker Recovery Keys
If you are using a Windows PC, your privacy and security are nothing short of a myth, and this incident proves it. First seen on hackread.com Jump to article: hackread.com/fbi-windows-laptops-microsoft-bitlocker-recovery-keys/
-
Microsoft Teams to Begin Sharing Employee Location with Employers Based on Wi-Fi Networks
Microsoft has confirmed a controversial new feature coming to Teams that will automatically reveal employee work locations by detecting which Wi-Fi networks they connect to raising significant concerns about workplace surveillance and hybrid work policies. The feature, documented in Microsoft’s 365 Roadmap and Admin Centre (Message ID MC1081568), will automatically set users’ work location when…
-
Microsoft Open-Sources winapp, a New CLI Tool for Streamlined Windows App Development
Microsoft has announced the public preview of the Windows App Development CLI (winapp), a new open-source command-line tool designed to simplify Windows application development across multiple frameworks and toolchains. The tool is now available on GitHub for developers working outside traditional Visual Studio or MSBuild environments. The winapp CLI targets developers using cross-platform frameworks including…
-
Microsoft Shared BitLocker Recovery Keys with the FBI to Unlock Encrypted Laptop Data
Microsoft has confirmed that it provided BitLocker encryption recovery keys to the FBI following a valid search warrant, marking the first publicly known case of the technology giant sharing encryption keys with law enforcement. The disclosure occurred after federal investigators in Guam requested access to three encrypted laptops believed to contain evidence of fraud in…
-
Researchers Uncover Multi-Stage AiTM Attack Using SharePoint to Bypass Security Controls
Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations, leveraging SharePoint file-sharing services to bypass traditional email security controls and compromise multiple user accounts. SharePoint Abuse for Initial Access The attack began with a phishing email sent from a compromised trusted vendor’s email address, embedding SharePoint URLs that mimicked…
-
Datenschutzdebatte: Microsoft gibt Bitlocker-Schlüssel an FBI weiter
Tags: microsoftMicrosoft händigt Ermittlungsbehörden auf richterliche Anordnung Verschlüsselungsschlüssel für Bitlocker aus. First seen on golem.de Jump to article: www.golem.de/news/datenschutzdebatte-microsoft-gibt-bitlocker-schluessel-an-fbi-weiter-2601-204576.html
-
DOGE May Have Misused Social Security Data, DOJ Admits
Plus: The FAA blocks drones over DHS operations, Microsoft admits it hands over Bitlocker encryption keys to the cops, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-doge-may-have-misused-social-security-data-doj-admits/
-
Microsoft 365 outage drags on for nearly 10 hours during bad night for North American infra
Tags: microsoftDown to 364.5 already: Redmond’s crappy 2026 continues First seen on theregister.com Jump to article: www.theregister.com/2026/01/23/microsoft_365_outage/
-
ShinyHunters claim to be behind SSO-account data theft attacks
The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/
-
Microsoft Confirms Court-Ordered BitLocker Key Releases
FBI Accessed Encrypted Windows Devices Via BitLocker Keys, Microsoft Says. Microsoft confirmed it handed over BitLocker recovery keys to the FBI in 2025 under court order, raising concerns over cloud-stored encryption keys and whether default designs that prioritize recovery convenience and efficiency weaken user control and security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/microsoft-confirms-court-ordered-bitlocker-key-releases-a-30593
-
Microsoft Confirms Court-Ordered BitLocker Key Releases
FBI Accessed Encrypted Windows Devices Via BitLocker Keys, Microsoft Says. Microsoft confirmed it handed over BitLocker recovery keys to the FBI in 2025 under court order, raising concerns over cloud-stored encryption keys and whether default designs that prioritize recovery convenience and efficiency weaken user control and security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/microsoft-confirms-court-ordered-bitlocker-key-releases-a-30593
-
Microsoft Confirms Court-Ordered BitLocker Key Releases
FBI Accessed Encrypted Windows Devices Via BitLocker Keys, Microsoft Says. Microsoft confirmed it handed over BitLocker recovery keys to the FBI in 2025 under court order, raising concerns over cloud-stored encryption keys and whether default designs that prioritize recovery convenience and efficiency weaken user control and security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/microsoft-confirms-court-ordered-bitlocker-key-releases-a-30593
-
Surrender as a service: Microsoft unlocks BitLocker for feds
If you’re serious about encryption, keep control of your encryption keys First seen on theregister.com Jump to article: www.theregister.com/2026/01/23/surrender_as_a_service_microsoft/
-
PowerShell architect retires after decades at the prompt
After Microsoft, Google, and a long fight for automation, Jeffrey Snover hangs up his keyboard First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/powershell_snover_retires/
-
Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks
Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures as both key parts of the evolving AI world and easy targets for threat actors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/anthropic-microsoft-mcp-server-flaws-shine-a-light-on-ai-security-risks/
-
Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects’ laptops: reports
The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/23/microsoft-gave-fbi-a-set-of-bitlocker-encryption-keys-to-unlock-suspects-laptops-reports/
-
Microsoft Introduces Brand Impersonation Protection Warning for Teams Calls
Microsoft is launching a new security feature designed to protect Teams users from fraudulent external callers impersonating trusted organizations. The Brand Impersonation Protection for Teams Calling will roll out starting mid-February 2026, with general availability expected by late February. The new protection mechanism evaluates inbound calls from external parties to identify signs of brand impersonation…
-
Outlook for iOS crashes, freezes due to coding error
Microsoft confirmed today that Outlook mobile may crash or freeze when launched on iPad devices due to a coding error. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-outlook-for-ios-crashes-freezes-due-to-coding-error/
-
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms
Microsoft has warned of a multi”‘stage adversary”‘in”‘the”‘middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.”The campaign abused SharePoint file”‘sharing services to deliver phishing payloads and relied on inbox rule creation to maintain persistence and evade user awareness,” the Microsoft Defender Security Research Team said. First seen on thehackernews.com…
-
Microsoft introduces winapp, an open-source CLI for building Windows apps
Microsoft has released winapp, a new command line interface aimed at simplifying the process of building Windows applications. The open-source tool targets developers who rely … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/23/microsoft-introduces-winapp-an-open-source-cli-for-building-windows-apps/
-
Microsoft 365 hit by outage, preventing access to emails and files
An hours-long outage is preventing Microsoft’s enterprise customers from accessing their inboxes, files, and video meetings. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/22/microsoft-365-hit-by-outage-preventing-access-to-emails-and-files/
-
Crims compromised energy firms’ Microsoft accounts, sent 600 phishing emails
Logging in, not breaking in First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/crims_compromised_energy_firms_microsoft/
-
DPRK Actors Deploy VS Code Tunnels for Remote Hacking
A spear-phishing campaign tied to the Democratic People’s Republic of Korea (DPRK) uses trusted Microsoft infrastructure to avoid detection. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dprk-vs-code-tunnels-remote-hacking
-
Microsoft updates Notepad and Paint with more AI features
Microsoft is rolling out new artificial intelligence features with the latest updates to the Notepad and Paint apps for Windows 11 Insiders. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-updates-notepad-and-paint-with-more-ai-features/
-
Energy sector orgs targeted with AiTM phishing campaign
Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/22/energy-sector-aitm-phishing-sharepoint-misuse/
-
Warum Microsoft-365-Konfigurationen geschützt werden müssen
Tags: access, authentication, backup, ciso, cloud, compliance, framework, least-privilege, mail, mfa, microsoft, office, powershell, risk, zero-trustLesen Sie, warum CISOs den M365-Tenant stärker in den Blick nehmen müssen.Im Jahr 2010 war Office 365 eine einfache Suite mit Office-Anwendungen und zusätzlicher E-Mail-Funktion. Das hat sich 15 Jahre später mit Microsoft 365 geändert: Die Suite ist ein wesentliches Element in den Bereichen Kommunikation, Zusammenarbeit und Sicherheit. Dienste wie Entra, Intune, Exchange, Defender, Teams…