Microsoft 365

Microsoft is rewriting Windows patch guidance because of AI

Microsoft is rewriting Windows patch guidance because of AI 2026-07-10 at 09:00 By Anamarija Pogorelec Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and exploit vulnerabilities after security updates are released. The company says organizations should reassess how quickly they […]

Microsoft is rewriting Windows patch guidance because of AI Read More »

The ARToken phishing panel targets Microsoft 365 accounts

The ARToken phishing panel targets Microsoft 365 accounts 2026-07-01 at 13:00 By Sinisa Markovic Accounts-payable staff at U.S. companies keep receiving invoice emails that look like they come from vendors they already work with. One landed at a life-sciences company in April 2026, addressed to the person who handles payments and written in the voice

The ARToken phishing panel targets Microsoft 365 accounts Read More »

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials 2026-06-26 at 12:26 By Sinisa Markovic Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during MFA prompts, has been identified by researchers at Fortra. Fortra based its analysis on

Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials Read More »

Phishing hides in routine Microsoft 365 workflows

Phishing hides in routine Microsoft 365 workflows 2026-06-23 at 11:26 By Sinisa Markovic Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what looks like

Phishing hides in routine Microsoft 365 workflows Read More »

New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials

New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials 2026-06-10 at 17:24 By Sinisa Markovic A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42. The attack relies on a fake browser

New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials Read More »

Microsoft 365 Copilot redesign brings context and actions into one workspace

Microsoft 365 Copilot redesign brings context and actions into one workspace 2026-05-29 at 12:14 By Anamarija Pogorelec Microsoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, flexible entry point to Copilot across Microsoft 365 apps, suggesting relevant actions

Microsoft 365 Copilot redesign brings context and actions into one workspace Read More »

Microsoft’s Copilot trust test: Zero findings, more models, wider oversight

Microsoft’s Copilot trust test: Zero findings, more models, wider oversight 2026-05-28 at 16:53 By Anamarija Pogorelec Microsoft 365 Copilot and Copilot Chat (Copilot) have been recertified under ISO/IEC 42001:2023 by an independent auditor for the second consecutive year. Copilot first received ISO 42001 certification in March 2025. This year’s recertification recorded zero non-conformities and zero

Microsoft’s Copilot trust test: Zero findings, more models, wider oversight Read More »

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 users targeted by new phishing threat that bypasses MFA 2026-05-22 at 12:17 By Sinisa Markovic Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens

Microsoft 365 users targeted by new phishing threat that bypasses MFA Read More »

Okta users under attack: Modern phishing kits are turbocharging vishing attacks

Okta users under attack: Modern phishing kits are turbocharging vishing attacks 2026-01-23 at 15:31 By Zeljka Zorz Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least

Okta users under attack: Modern phishing kits are turbocharging vishing attacks Read More »

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise 2026-01-22 at 01:13 By Anamarija Pogorelec Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools. What the

Microsoft updates the security baseline for Microsoft 365 Apps for enterprise Read More »

Microsoft 365 users targeted in device code phishing attacks

Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when

Microsoft 365 users targeted in device code phishing attacks Read More »

Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity 

Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity  2025-12-09 at 14:24 By Eduard Kovacs Enterprise cybersecurity giant Proofpoint has completed the acquisition of Germany-based Microsoft 365 security solutions provider Hornetsecurity. Financial details were not officially disclosed when news of the transaction came to light, but it was reported that Proofpoint would be paying $1 billion for

Proofpoint Completes $1.8 Billion Acquisition of Hornetsecurity  Read More »

Attackers target retailers’ gift card systems using cloud-only techniques

Attackers target retailers’ gift card systems using cloud-only techniques 2025-10-22 at 17:12 By Zeljka Zorz A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and endpoint hacking and

Attackers target retailers’ gift card systems using cloud-only techniques Read More »

Inside the messy reality of Microsoft 365 management

Inside the messy reality of Microsoft 365 management 2025-10-20 at 07:00 By Anamarija Pogorelec Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to slow their progress in managing it. About 60% of MSPs said Microsoft 365 powers

Inside the messy reality of Microsoft 365 management Read More »

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader 2025-09-17 at 15:23 By Zeljka Zorz Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader Read More »

Why your Microsoft 365 setup might be more vulnerable than you think

Why your Microsoft 365 setup might be more vulnerable than you think 2025-07-14 at 08:15 By Help Net Security 60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account compromise attacks. The Microsoft 365 attack surface is wide and unpredictable. Risks

Why your Microsoft 365 setup might be more vulnerable than you think Read More »

Microsoft 365 Direct Send Abused for Phishing

Microsoft 365 Direct Send Abused for Phishing 2025-06-27 at 11:08 By Ionut Arghire Hackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft 365 Direct Send Abused for Phishing Read More »

Scroll to Top