All news with #microsoft tag

Warlock Ransomware: Emerging Threat Targeting Services

⚠️ Warlock is a ransomware operation that emerged in 2025 and uses double extortion — encrypting systems and threatening to publish stolen data to coerce payment. The group has targeted government agencies and critical service providers across Europe, and on August 12 a cyber incident disrupted UK telecom Colt Technology Services, with an alleged auction of one million stolen documents. Security analysts link recent intrusions to exploitation of the SharePoint vulnerability CVE-2025-53770, which Microsoft says is actively exploited; Microsoft has published analysis and urges immediate patching. Recommended mitigations include enforcing multi‑factor authentication, keeping security tools and software patched, maintaining secure off‑site backups, reducing attack surface, encrypting sensitive data, and educating staff on phishing and social engineering.

Quantum-safe security: Progress toward PQC adoption

🔒 Microsoft outlines a multi-year plan to transition to post-quantum cryptography, stressing that preparation must begin now. The post highlights investments in both quantum research (including Majorana 1 and 4D geometric error correction) and cryptographic readiness, plus collaboration with standards bodies such as NIST and IETF. It describes tools like the Adams Bridge Accelerator, PQC previews, and the Quantum Safe Program with a phased roadmap targeting early adoption by 2029 and completion by 2033.

Agent Factory: Build Your First AI Agent with Tools

🔧 This Microsoft Azure blog post, the second entry in the six-part Agent Factory series, explains how tool ecosystems are defining the next wave of agentic AI. It argues the industry is moving from single-model prompts to extensible platforms that let agents discover and invoke a broad set of capabilities at runtime. The piece highlights the Model Context Protocol (MCP) and Azure AI Foundry for secure, enterprise-grade tool integration, and summarizes five best practices for governance, identity, and observability to achieve scalable, production-ready agents.

Building the Frontier Firm with Microsoft Azure Modernization

🚀 Microsoft frames a new enterprise archetype—Frontier Firms—that embed AI agents across workflows and rearchitect operations around a modern cloud foundation. The post warns that AI cannot scale on legacy systems and that technical debt undermines agility, security, and innovation. It cites IDC findings showing substantial gains in agility, resilience, ROI, and speed to market when organizations migrate and modernize on Azure, and urges continuous modernization and use of Microsoft’s App Modernization Guidance.

EchoLink: Rise of Zero-Click AI Exploits in M365 Enterprise

⚠️ EchoLink is a newly identified zero-click vulnerability in Microsoft 365 Copilot that enables silent exfiltration of enterprise data without any user interaction. This class of attack bypasses traditional click- or download-based defenses and moves laterally at machine speed, making detection and containment difficult. Organizations relying solely on native tools or fragmented point solutions should urgently reassess their exposure and incident response readiness.

Connect with Security Leaders at Microsoft Ignite 2025

🔒 Microsoft Security invites CISOs, SecOps leads, identity architects, and cloud security engineers to Microsoft Ignite 2025 in San Francisco (Nov 17–21) and online (Nov 18–21) to explore secure AI adoption and modern SecOps. Register with RSVP code ATXTJ77W to access the half-day Microsoft Security Forum (Nov 17), hands-on labs, live demos, and one-on-one meetings with experts. Attendees can join networking events including the Secure the Night party, pursue onsite Microsoft Security certifications, and engage in roundtables focused on threat intelligence, regulatory insights, and protecting data, identities, and infrastructure.

Microsoft Patch Tuesday: August 2025 Security Fixes

🔒 Microsoft released fixes for more than 100 vulnerabilities in August 2025, including at least 13 rated Critical. Notable flaws include CVE-2025-53786, which lets attackers pivot from compromised on‑premises Exchange Server instances into cloud tenant services, and CVE-2025-53779 (BadSuccessor), a Kerberos dMSA weakness that can yield domain admin rights. Other high‑risk bugs affect GDI+, Word preview and NTLM; several fixes require configuration steps beyond patch installation.

Microsoft August 2025 Patch Tuesday: 111 Vulnerabilities

⚠️ Microsoft released its August 2025 Patch Tuesday updates addressing 111 vulnerabilities, including 13 marked critical. The fixes span remote code execution, elevation-of-privilege and information-disclosure flaws across Windows, Hyper-V, Microsoft Office, GDI+ and cloud services. Microsoft reports no observed in-the-wild exploitation but notes several issues where exploitation is assessed as “more likely.” Talos is issuing Snort detection rules and urges administrators to apply vendor updates and intrusion-detection signatures promptly.

Dow's 125-Year Legacy: Innovating with AI for Security

🛡️ Dow is integrating AI into enterprise security through a strategic partnership with Microsoft, deploying Security Copilot and Microsoft 365 Copilot within its Cyber Security Operations Center. A cross-functional responsible AI team established principles and acceptable-use policies while assessing new AI risks. AI-driven tools are used to detect phishing and BEC, automate repetitive tasks, enrich tickets with contextual intelligence, and accelerate incident response. Apprentices leverage Copilot as a virtual mentor, shortening ramp time and enabling senior analysts to focus on proactive defense.

Microsoft Named Leader in 2025 Container Management

🚀 Microsoft announced it was recognized as a Leader in the 2025 Gartner Magic Quadrant for Container Management, reflecting the scope and customer impact of its container portfolio. Azure Kubernetes Service (AKS), Azure Container Apps, and hybrid/multicloud capabilities with Azure Arc are highlighted for developer productivity, operational simplicity, and AI readiness. The company emphasized developer tooling like AKS Automatic (preview), Azure Developer CLI, and GitHub Copilot, plus integrated security through Microsoft Defender for Containers and Azure Policy. Customer examples such as ChatGPT, Telefônica Brasil, Coca‑Cola, Hexagon, and Delta Dental illustrate real-world outcomes.

August 2025 Patch Tuesday: 107 CVEs, 13 Critical, Zero-Day

🛡️ Microsoft’s August 2025 Patch Tuesday addresses 107 CVEs, including one publicly disclosed Windows Kerberos zero‑day (CVE-2025-53779) and 13 Critical flaws. Notable fixes cover high‑severity RCEs in the Windows Graphics Component and GDI+ and an NTLM elevation‑of‑privilege issue. Microsoft has released patches; organizations should apply updates promptly and use Falcon Exposure Management to prioritize and visualize exposure.

GPT-5 in Azure AI Foundry: Enterprise AI for Agents

🚀 Today Microsoft announced general availability of OpenAI's flagship model, GPT-5, in Azure AI Foundry, positioning it as a frontier LLM for enterprise applications. The GPT-5 family (GPT-5, GPT-5 mini, GPT-5 nano, GPT-5 chat) spans deep reasoning, real-time responsiveness, and ultra-low-latency options, all accessible through a single Foundry endpoint and managed by a model router to optimize cost and performance. Foundry pairs agent orchestration, tool-calling, developer controls, telemetry, and compliance-aware deployment choices to help organizations move from pilot projects to production.

Microsoft announces Phishing Triage Agent public preview

🛡️The Phishing Triage Agent is now in Public Preview and automates triage of user-reported suspicious emails within Microsoft Defender. Using large language models, it evaluates message semantics, inspects URLs and attachments, and detects intent to classify submissions—typically within 15 minutes—automatically resolving the bulk of false positives. Analysts receive natural‑language explanations and a visual decision map for each verdict, can provide plain‑language feedback to refine behavior, and retain control via role‑based access and least‑privilege configuration.

CISA Issues Emergency Directive for Microsoft Exchange

⚠️ CISA issued Emergency Directive 25-02 directing federal civilian agencies to immediately update and secure hybrid Microsoft Exchange environments to address a post-authentication privilege escalation vulnerability. The flaw, tracked as CVE-2025-53786, could allow an actor with administrative access on an Exchange server to escalate privileges and affect identities and administrative access in connected cloud services. CISA says it is not aware of active exploitation but mandates agencies implement vendor mitigation guidance and will monitor and support compliance. All organizations using hybrid Exchange configurations are urged to adopt the recommended mitigations.

Microsoft launches Secure Future Initiative patterns

🔐 Microsoft announced the launch of the Secure Future Initiative (SFI) patterns and practices, a new library of actionable implementation guidance distilled from the company’s internal security improvements. The initial release includes eight patterns addressing urgent risks such as phishing-resistant MFA, preventing identity lateral movement, removing legacy systems, standardizing secure CI/CD, creating production inventories, rapid anomaly detection and response, log retention standards, and accelerating vulnerability mitigation. Each pattern follows a consistent taxonomy—problem, solution, practical steps, and operational trade-offs—so organizations can adopt modular controls aligned to secure by design, by default, and in operations principles.

CISA Alerts on Severe Microsoft Exchange Vulnerability

⚠️CISA issued an alert on a high-severity vulnerability affecting on-premise Microsoft Exchange servers disclosed today. The agency is actively monitoring and coordinating mitigation with Microsoft and government and industry partners to assess scope and impact. Organizations are strongly urged to implement Microsoft guidance immediately to reduce risk and protect critical infrastructure.

BadSuccessor: dMSA Privilege Escalation in Windows Server

🔒 Unit 42 details BadSuccessor, a critical post-Windows Server 2025 attack vector that abuses delegated Managed Service Accounts (dMSAs) to escalate privileges in Active Directory. The write-up explains how attackers who can create or modify dMSAs may set msDS-ManagedAccountPrecededByLink and msDS-DelegatedMSAState to impersonate superseded accounts and obtain elevated rights. It provides practical detection guidance using Windows Security auditing and offers hunting queries and mitigation recommendations. Palo Alto Networks solutions such as Cortex XDR and XSIAM are highlighted as able to detect this activity when auditing is enabled.

Project AK47 Linked to SharePoint ToolShell Exploits

🔍Unit 42 links a modular malware suite dubbed Project AK47 to SharePoint exploitation activity observed alongside Microsoft’s ToolShell reporting. The toolset includes a dual-protocol backdoor (AK47C2 with dnsclient and httpclient), a ransomware family (AK47 / X2ANYLOCK), and DLL side‑loading loaders. Analysts found high-confidence overlaps with Microsoft’s Storm-2603 indicators, evidence of LockBit 3.0 artifacts in an evidence archive, and a matching Tox ID on a Warlock leak site. Recommended actions include applying patches for the referenced SharePoint CVEs and enabling updated protections from endpoint, URL, and DNS defenses.

Microsoft Bounty Program: $17M Distributed in 2025

🔒 The Microsoft Bounty Program distributed $17 million this year to 344 security researchers across 59 countries, marking the largest total payout in the program’s history. In partnership with the Microsoft Security Response Center (MSRC), researchers helped identify and remediate more than a thousand potential vulnerabilities across Azure, Microsoft 365, Windows, and other Microsoft products and services. The program also expanded coverage and awards for Copilot, identity and Defender scopes, Dynamics 365 & Power Platform AI categories, and refreshed Windows attack scenario incentives to prioritize high-impact research.

Zero Day Quest returns with up to $5M bounties for Cloud

🔒 Microsoft is relaunching Zero Day Quest with up to $5 million in total bounties for high-impact Cloud and AI security research. The Research Challenge runs 4 August–4 October 2025 and focuses on targeted scenarios across Azure, Copilot, Dynamics 365 and Power Platform, Identity, and M365. Eligible critical findings receive a +50% bounty multiplier, and top contributors may be invited to an exclusive live hacking event at Microsoft’s Redmond campus in Spring 2026. Participants will have access to training from the AI Red Team, MSRC, and product teams, and Microsoft will support transparent, responsible disclosure.