Microsoft

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash 2026-06-03 at 12:57 By Eduard Kovacs Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities. The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash appeared first on SecurityWeek. This article is an […]

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash Read More »

Microsoft Scout agent opens a new category of always-on Autopilots

Microsoft Scout agent opens a new category of always-on Autopilots 2026-06-03 at 11:28 By Anamarija Pogorelec Workplace AI assistants have mostly waited for a prompt before doing anything. A user asks, the tool answers, and the exchange ends there. Microsoft is putting a different kind of agent inside its Office applications, one designed to keep

Microsoft Scout agent opens a new category of always-on Autopilots Read More »

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk 2026-06-02 at 18:01 By Kevin Townsend A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations. The post Exclusive: How One Line of Code Put Billions of Microsoft Android

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk Read More »

Microsoft Entra pushes passkeys, tightens identity security

Microsoft Entra pushes passkeys, tightens identity security 2026-06-02 at 15:47 By Anamarija Pogorelec Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and authentication updates Phishing-resistant

Microsoft Entra pushes passkeys, tightens identity security Read More »

Microsoft 365 Copilot redesign brings context and actions into one workspace

Microsoft 365 Copilot redesign brings context and actions into one workspace 2026-05-29 at 12:14 By Anamarija Pogorelec Microsoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, flexible entry point to Copilot across Microsoft 365 apps, suggesting relevant actions

Microsoft 365 Copilot redesign brings context and actions into one workspace Read More »

Microsoft’s Copilot trust test: Zero findings, more models, wider oversight

Microsoft’s Copilot trust test: Zero findings, more models, wider oversight 2026-05-28 at 16:53 By Anamarija Pogorelec Microsoft 365 Copilot and Copilot Chat (Copilot) have been recertified under ISO/IEC 42001:2023 by an independent auditor for the second consecutive year. Copilot first received ISO 42001 certification in March 2025. This year’s recertification recorded zero non-conformities and zero

Microsoft’s Copilot trust test: Zero findings, more models, wider oversight Read More »

AI chatbot recommendations lure users to cryptojacking malware sites

AI chatbot recommendations lure users to cryptojacking malware sites 2026-05-27 at 22:27 By Sinisa Markovic Cybercriminals are using AI chatbot interactions alongside poisoned search results to direct users to malicious download sites in an active cryptojacking campaign, Microsoft has warned. The campaign impersonates legitimate software tools such as CrystalDiskInfo, HWMonitor, Display Driver Uninstaller (DDU), FurMark,

AI chatbot recommendations lure users to cryptojacking malware sites Read More »

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) 2026-05-26 at 13:56 By Zeljka Zorz Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) Read More »

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 users targeted by new phishing threat that bypasses MFA 2026-05-22 at 12:17 By Sinisa Markovic Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens

Microsoft 365 users targeted by new phishing threat that bypasses MFA Read More »

Microsoft open-sources tools for designing and testing AI agents

Microsoft open-sources tools for designing and testing AI agents 2026-05-21 at 19:15 By Zeljka Zorz Microsoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that stress-tests

Microsoft open-sources tools for designing and testing AI agents Read More »

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) 2026-05-21 at 14:22 By Zeljka Zorz Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) Read More »

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days 2026-05-21 at 13:14 By Ionut Arghire The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days Read More »

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) 2026-05-20 at 11:49 By Zeljka Zorz Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Read More »

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ 

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  2026-05-19 at 19:07 By Eduard Kovacs  Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  Read More »

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain 2026-05-19 at 15:35 By Sinisa Markovic A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found.

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain Read More »

The AI backdoor your security stack is not built to see

The AI backdoor your security stack is not built to see 2026-05-18 at 09:42 By Sinisa Markovic Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from

The AI backdoor your security stack is not built to see Read More »

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) 2026-05-15 at 14:32 By Zeljka Zorz A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of

Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897) Read More »

Microsoft turns Copilot Studio into an AI agent control center

Microsoft turns Copilot Studio into an AI agent control center 2026-05-14 at 18:25 By Anamarija Pogorelec The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and protection posture. Customers

Microsoft turns Copilot Studio into an AI agent control center Read More »

Microsoft’s WinUI agent plugin trims token use by over 70% during development

Microsoft’s WinUI agent plugin trims token use by over 70% during development 2026-05-14 at 18:25 By Sinisa Markovic Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight

Microsoft’s WinUI agent plugin trims token use by over 70% during development Read More »

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code 2026-05-13 at 19:01 By Eduard Kovacs Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws.  The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code Read More »

Scroll to Top