Tag: microsoft 365
58 articles

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files
Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

Phishing Kits Target Microsoft 365 Accounts, Evade Multi-Factor Authentication
Beware of phishing kits targeting Microsoft 365 accounts, which can cleverly evade multi-factor authentication and put sensitive data like customer info, financial records, and internal communications at risk. These sneaky attacks use social engineering tactics to trick victims into handing over access to their accounts.

Forg365 Phishing Service Targets Microsoft 365 with Advanced Device Code Theft
Meet Forg365, a sophisticated phishing service that's targeting Microsoft 365 users with advanced device code theft capabilities, offering a disturbingly user-friendly operator panel and a subscription-based model starting at just $400 a month. This illicit toolkit is being sold on Telegram, putting sensitive data at risk with its legitimate email delivery infrastructure and AI-powered email generation.

Evilginx Phishing Ops Expose Microsoft 365 MFA Weaknesses
A French security firm stumbled upon a live Microsoft 365 phishing operation when a simple Python command was left exposed in a readable file, revealing a treasure trove of sensitive data. This lucky discovery shed light on the alarming weaknesses in Microsoft 365's multi-factor authentication.

Forg365 Phishing Platform Exploits AI to Target Microsoft 365 Accounts
Meet Forg365, a sneaky new phishing platform that uses AI to make it easy for hackers to target Microsoft 365 accounts and steal sensitive info. This phishing-as-a-service operation offers a range of tools, including AI-generated lures, to help cybercriminals launch convincing attacks.

Phishing Campaign Targets Microsoft 365 Users with Voice-Based Entra Passkey Scam
Beware of scammers impersonating Microsoft 365, tricking users into enrolling a fake Entra passkey by mimicking the real enrollment portal and leveraging voice calls to urge action. This sneaky phishing campaign has been targeting multiple sectors since April, putting unsuspecting users at risk.

EvilTokens Exposes New Blind Spot in Email Security
A shocking 75.6% of consulting firms were exposed to phishing attacks in 2026, with other industries like financial services, manufacturing, and tech also falling prey to these threats. EvilTokens' ghost phishing campaign uses a sneaky Microsoft Device Code Phishing tactic to trick victims into giving hackers access to their Microsoft 365 accounts.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit
Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

Microsoft 365 Accounts Targeted in 3-Second Hijacking Attacks
Beware of a sneaky 3-second hack that can hijack your Microsoft 365 account with just a click - it starts with a harmless-looking link that tricks you into executing the attack yourself. This clever tactic, known as ClickFix, exploits a simple human reflex to gain control of your account.

Microsoft Resolves Outlook Copilot Button Glitch with Service Update
Microsoft has fixed a frustrating glitch in Classic Outlook that caused the Copilot button to vanish for some users, and the solution was rolled out as a service update on June 29, 2026. The update restored access to Copilot features, which were still available through other Microsoft 365 entry points.

Phishing Kit Unveils Sophisticated BEC-as-a-Service Capabilities
Meet ARToken, a sophisticated phishing kit that's redefining the threat landscape with its Business Email Compromise (BEC)-as-a-Service capabilities, allowing attackers to launch highly targeted and convincing scams. This advanced platform is a game-changer, offering a complete BEC operations environment that's far more complex than your average phishing kit.

Hackers Exploit Microsoft 365 Flaws with 81 Million Login Attempts
In just two weeks, a massive password-spraying campaign racked up over 81 million login attempts, compromising 78 Microsoft 365 accounts across 64 organizations and highlighting a dramatic surge in cyber threats. This alarming trend saw a 155-fold increase in attacks, with organizations now facing an average of 1,964 failed login attempts per month.

Microsoft Warns AI Agents Can Leak Data via Poisoned Tool Descriptions
A single line of plain text can unwittingly turn a helpful AI agent into a stealthy data thief, exposing sensitive information through a vulnerability in the Model Context Protocol (MCP). This fast-growing attack surface has Microsoft warning of a potentially disastrous trust boundary breach.

MFA Rollout Exposes Invoicing Software Flaws
When implementing multi-factor authentication, even a well-planned rollout can hit snags, as seen in a recent case where an invoicing software flaw was exposed. A security expert and his team had agreed on a phased rollout plan with a customer to enable MFA across their Microsoft 365 tenancy.

Microsoft 365 Exposes Data Protection Gaps for Businesses
Microsoft 365 is a powerhouse for productivity, but it leaves data protection gaps that put businesses at risk. The harsh reality is that while Microsoft safeguards its infrastructure, the responsibility of protecting your business data - including backups and recovery - falls squarely on your shoulders.

Microsoft 365 Copilot Flaw Exposes Sensitive Data to One-Click Attack
A single click on a seemingly trustworthy Microsoft link could have put sensitive information like emails, calendar details, and files at risk of being exposed to attackers, thanks to a flaw in Microsoft 365 Copilot Enterprise Search. This vulnerability, known as SearchLeak, highlights the importance of staying vigilant even with trusted sources.

Microsoft's Certificate Lapse Disrupts Connectivity Tests for Microsoft 365
A critical lapse in Microsoft's SSL certificate caused widespread disruption, leaving IT professionals scrambling with untrusted-connection warnings when testing Microsoft 365 connectivity via connectivity.office.com. The certificate expired on June 14 and took 35 hours to address, impacting routine diagnostics and network checks.

JLR CISO Mandates In-Person Password Resets After Cyber-Attack
After a cyber-attack, JLR's CISO Ashish Shrestha took swift action, mandating an enterprise-wide, in-person password reset for all 30,000 staff to swiftly validate the security of their Microsoft 365 system. This bold move was his top priority to prevent further communication compromise.

VerdantBamboo Targets Linux Systems with Customized Malware Arsenal
Meet VerdantBamboo, a stealthy threat actor that infiltrated Linux and BSD systems, hiding in plain sight for 18 months by cleverly evading detection and morphing its malware arsenal to blend in. Its sophisticated attacks went undetected until Volexity's incident response team uncovered the intrusion, revealing a complex trail that led from Egnyte appliances into Microsoft 365 environments.

Microsoft 365 Android Apps Expose Account Tokens Due to Debug Flag Oversight
A single line of code, "setIsDebugMode(true)," inadvertently left in multiple Microsoft 365 Android apps, created a gaping security hole that allowed other apps on the same phone to access sensitive account tokens without user permission. This tiny oversight, discovered by Enclave's Yanir Tsarimi and Ofek Levin, exposed users to potential security risks.

Microsoft Probes Office Apps, Teams File Access Outage
Microsoft is currently investigating an issue that's preventing some users from accessing files in Office for the web and Microsoft Teams, with affected users seeing an error message stating that Office Online services are temporarily unavailable. The company is working to restore services as soon as possible.

Microsoft Resolves MFA, MySignIn Outage After Infrastructure Failover
Microsoft quickly sprang into action to resolve a widespread outage that left some users unable to set up multi-factor authentication or access their accounts on My Sign-Ins. The issue, marked by 504 Gateway Timeout errors, was confirmed around 5:00 AM ET and swiftly addressed with an infrastructure failover.

Microsoft Outage Disrupts Multi-Factor Authentication Setup, My Sign-Ins Platform
Microsoft is currently investigating an outage that's preventing users from setting up multi-factor authentication and accessing the My Sign-Ins platform, with the issue confirmed around 5 AM ET. The company is actively working to resolve the disruption, urging affected customers to monitor its Microsoft 365 Status account for updates.

Pentagon Consolidates Software Licenses with $9.7 Billion Dell Deal
The Pentagon has awarded Dell a $9.7 billion deal to consolidate Microsoft software licenses, streamlining its operations and bolstering its digital capabilities with advanced cloud subscriptions and critical on-premises licensing. This move is a key part of the Department of Defense's push for Combined Joint All-Domain Command and Control.