-
A new Browser-in-the-Browser (BitB) phishing campaign is abusing fake OAuth login windows to steal Microsoft 365 credentials, and its design is polished enough to bypass casual visual checks. The attack uses a draggable popup that mimics a real browser…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with delegated user privileges and perform potentially risky actions, such as sending external emails. …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Anthropic’s Claude Code GitHub Action could unintentionally expose CI/CD workflow secrets when AI agents process untrusted GitHub content. The risk arises because certain tools the agent uses to read files were not sandboxed like subprocess execution p…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has introduced an always-on AI agent named “Scout,” marking the debut of a new category of enterprise automation called “Autopilots.” Announced on June 2, Microsoft Scout is designed to operate continuously across Microsoft 365 services such …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Expiring Microsoft Secure Boot keys will not brick unmigrated systems on June 27, 2026. However, they will silently freeze DB/DBX updates and lock affected Windows and Linux fleets out of future boot‑level protections. On June 27, 2026, the Microsoft C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft is facing scrutiny after reportedly declining to treat a critical dependency confusion vulnerability affecting Azure Portal assets as a security issue, despite a proof-of-concept exploit demonstrating remote code execution (RCE). Security res…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has issued a clarifying statement, assuring the global cybersecurity community that it has no intention of pursuing legal action against security researchers conducting or publishing legitimate security research. A significant walkback amid t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has released cumulative update KB5089573 for Windows 11 versions 24H2 and 25H2, aimed at improving stability and resolving installation issues reported during recent Patch Tuesday deployments. The update is part of Microsoft’s ongoing effort …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has issued a strong warning to the cybersecurity community following a recent surge in publicly disclosed zero-day vulnerabilities without prior coordination. According to the Microsoft Security Response Center (MSRC), several vulnerabilities…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Defender XDR has introduced automatic attack disruption capabilities that autonomously contain ransomware and sophisticated cyberattacks in real-time by isolating compromised assets. This advanced feature correlates millions of security signa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
