-
Microsoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware campaign attributed to the DragonForce group. Security researchers have discovered a novel te…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has triggered widespread browser security warnings after allowing the TLS certificate for a critical Microsoft 365 connectivity testing domain to expire, raising concerns over certificate lifecycle management practices. The affected domain, c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft 365 Copilot has been found vulnerable to a critical one-click data exfiltration attack chain dubbed “SearchLeak,” exposing sensitive enterprise data through a combination of AI-specific and traditional web vulnerabilities. Discovered by Varon…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code on targeted systems. The flaws, tracked as CVE-2026-45456, CVE-2026-45458, and CVE-202…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed a high-severity information disclosure vulnerability affecting its Teams application for Android, tracked as CVE-2026-42835. The flaw, publicly released on June 9, 2026, has been assigned a CVSS v3.1 base score of 8.1, categoriz…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitHub disabled 73 repositories across four Microsoft organizations Azure, Azure-Samples, microsoft, and MicrosoftDocs inside a 105-second window. Each repo now shows GitHub’s “This repository has been disabled. Access to this repository has been disab…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s June 2026 patch Tuesday resolves 206 vulnerabilities, including 3 critical zero-days and severe 9.8 CVSS kernel, network and HTTP.sys flaws.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s June 2026 Patch Tuesday fixes 198 vulnerabilities across Windows, Office, Azure and other Microsoft products, including three zero‑day flaws that were exploited or publicly disclosed before patches were available. Security teams should fast…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has introduced enhanced monitoring capabilities in Microsoft Defender for Endpoint to detect and disrupt cyberattacks that abuse the Remote Procedure Call (RPC) protocol, a core Windows communication mechanism that threat actors frequently ex…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
