-
In a year-end tradition that has become all too familiar for cybersecurity defenders, researchers have uncovered a novel attack vector targeting Microsoft Entra ID that weaponizes legitimate OAuth 2.0 authentication flows to harvest privileged access t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign is exploiting Google Cloud infrastructure to bypass email security filters and steal Microsoft 365 credentials, demonstrating how attackers increasingly abuse trusted cloud platforms to lend legitimacy to their malicio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft’s latest innovation may have opened the door to sophisticated cyberattacks. At Build 2025, the company introduced “Connected Agents,” a feature in Copilot Studio that allows AI agents to communicate and share functionality a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has officially announced a major upgrade to its encryption technology with the introduction of hardware-accelerated BitLocker. Revealed by Microsoft’s Rafal Sosnowski following the Ignite conference, this new feature is designed to solve perf…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has addressed a critical use-after-free vulnerability in its Brokering File System (BFS) driver that could allow attackers to escalate privileges on Windows systems. Tracked as CVE-2025-29970, the security flaw affects the bfs.sys component a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Teams users worldwide experienced significant service disruptions on December 20, 2025, as the collaboration platform encountered widespread issues affecting messaging functionality and other critical service operations. The company has ackno…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documente…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has announced a significant update to its device connectivity policies for Exchange Online, aimed at enhancing security and ensuring users are on modern protocols. Starting March 1, 2026, mobile devices running Exchange ActiveSync (EAS) versi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability (CVE-2025-34352) found by XM Cyber in the JumpCloud Remote Assist for Windows agent allows local users to gain full SYSTEM privileges. Businesses must update to version 0.317.0 or later immediately to patch the high-severity flaw.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a maximum CVSS score of 10.0, this vulnerabil…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
