Phishing hides in routine Microsoft 365 workflows 2026-06-23 at 11:26 By Sinisa Markovic Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what looks like […]
Phishing hides in routine Microsoft 365 workflows Read More »
New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials 2026-06-10 at 17:24 By Sinisa Markovic A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42. The attack relies on a fake browser
Microsoft 365 Copilot redesign brings context and actions into one workspace 2026-05-29 at 12:14 By Anamarija Pogorelec Microsoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, flexible entry point to Copilot across Microsoft 365 apps, suggesting relevant actions
Microsoft 365 Copilot redesign brings context and actions into one workspace Read More »
Microsoft’s Copilot trust test: Zero findings, more models, wider oversight 2026-05-28 at 16:53 By Anamarija Pogorelec Microsoft 365 Copilot and Copilot Chat (Copilot) have been recertified under ISO/IEC 42001:2023 by an independent auditor for the second consecutive year. Copilot first received ISO 42001 certification in March 2025. This year’s recertification recorded zero non-conformities and zero
Microsoft’s Copilot trust test: Zero findings, more models, wider oversight Read More »
Microsoft 365 users targeted by new phishing threat that bypasses MFA 2026-05-22 at 12:17 By Sinisa Markovic Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens
Microsoft 365 users targeted by new phishing threat that bypasses MFA Read More »
EvilTokens ramps up device code phishing targeting Microsoft 365 users 2026-03-31 at 17:56 By Zeljka Zorz Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, a new, specialized phishing toolkit that’s being offered as-a-service via Telegram. What is
EvilTokens ramps up device code phishing targeting Microsoft 365 users Read More »
Okta users under attack: Modern phishing kits are turbocharging vishing attacks 2026-01-23 at 15:31 By Zeljka Zorz Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least
Okta users under attack: Modern phishing kits are turbocharging vishing attacks Read More »
Microsoft updates the security baseline for Microsoft 365 Apps for enterprise 2026-01-22 at 01:13 By Anamarija Pogorelec Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools. What the
Microsoft updates the security baseline for Microsoft 365 Apps for enterprise Read More »
Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when
Microsoft 365 users targeted in device code phishing attacks Read More »
Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity 2025-12-09 at 14:24 By Eduard Kovacs Enterprise cybersecurity giant Proofpoint has completed the acquisition of Germany-based Microsoft 365 security solutions provider Hornetsecurity. Financial details were not officially disclosed when news of the transaction came to light, but it was reported that Proofpoint would be paying $1 billion for
Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity Read More »
Microsoft cracks down on malicious meeting invites 2025-11-25 at 12:39 By Sinisa Markovic Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a quiet opening for attackers. Microsoft has updated Defender for Office 365 so that security teams
Microsoft cracks down on malicious meeting invites Read More »
Attackers target retailers’ gift card systems using cloud-only techniques 2025-10-22 at 17:12 By Zeljka Zorz A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and endpoint hacking and
Attackers target retailers’ gift card systems using cloud-only techniques Read More »
Inside the messy reality of Microsoft 365 management 2025-10-20 at 07:00 By Anamarija Pogorelec Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to slow their progress in managing it. About 60% of MSPs said Microsoft 365 powers
Inside the messy reality of Microsoft 365 management Read More »
Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader 2025-09-17 at 15:23 By Zeljka Zorz Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting
Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader Read More »
Why your Microsoft 365 setup might be more vulnerable than you think 2025-07-14 at 08:15 By Help Net Security 60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account compromise attacks. The Microsoft 365 attack surface is wide and unpredictable. Risks
Why your Microsoft 365 setup might be more vulnerable than you think Read More »
Microsoft 365 Direct Send Abused for Phishing 2025-06-27 at 11:08 By Ionut Arghire Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Microsoft 365 Direct Send Abused for Phishing Read More »
Microsoft boosts default security of Windows 365 Cloud PCs 2025-06-20 at 15:05 By Zeljka Zorz Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as
Microsoft boosts default security of Windows 365 Cloud PCs Read More »
‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot 2025-06-12 at 14:21 By Eduard Kovacs Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot. The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek.
‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot Read More »
Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal 2025-05-15 at 15:24 By Eduard Kovacs Enterprise cybersecurity giant Proofpoint is buying Germany-based Microsoft 365 security solutions provider Hornetsecurity. The post Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal Read More »
Attackers phish OAuth codes, take over Microsoft 365 accounts 2025-04-23 at 13:36 By Zeljka Zorz Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics observed involve the attacker requesting victim’s supply Microsoft Authorization codes, which grant the attacker with
Attackers phish OAuth codes, take over Microsoft 365 accounts Read More »