All news with #microsoft tag

Rhysida Ransomware Uses Microsoft Signing to Evade Defenses

🛡️ Rhysida ransomware operators have shifted to malvertising and the abuse of Microsoft Trusted Signing certificates to slip malware past defenses. By buying Bing search ads that point to convincing fake download pages for Microsoft Teams, PuTTY and Zoom, they deliver initial access tools such as OysterLoader (formerly Broomstick/CleanUpLoader) and Latrodectus. Signed, packaged binaries evade static detection and often run without scrutiny on Windows endpoints.

Windows Task Manager Won't Quit After KB5067036 Update

⚠️ Microsoft confirmed a known issue where closing Task Manager does not terminate the taskmgr.exe process after installing the October 28, 2025 preview update (KB5067036). Multiple background instances can consume CPU and cause stutters. As a temporary workaround, end each process in a new Task Manager window or run: taskkill.exe /im taskmgr.exe /f while Microsoft investigates a permanent fix.

Open VSX Rotates Leaked Tokens After Supply-Chain Attack

🔒 Open VSX rotated access tokens after developers accidentally leaked credentials in public repositories, a lapse that allowed attackers to publish malicious VS Code–compatible extensions in a supply‑chain campaign. The Eclipse Foundation says the threat, linked to a campaign dubbed GlassWorm, was contained by Oct 21 after malicious extensions were removed and tokens revoked. The registry plans shorter token lifetimes, faster revocation workflows, automated publication scans, and increased collaboration with other marketplaces to reduce future risk.

Windows 11 Build 26220.7051 Adds Ask Copilot Taskbar

🖥️ Windows 11 Build 26220.7051 introduces a taskbar-based Ask Copilot, allowing testers to query the web, local files, and AI using text or voice. The feature is optional and can be enabled under Settings > Personalization > Taskbar; Microsoft says it may eventually replace the existing Windows Search UI. The update also rolls out a full-screen Xbox handheld experience, a Bluetooth LE-based "Shared audio" preview to stream audio to two devices, and improved x64 emulation support to boost ARM PC performance.

Windows 11 Build 26220.7051 Adds Ask Copilot and More

🗞️ Windows 11 Build 26220.7051 is rolling out to Insiders and introduces three headline features: a taskbar-based Ask Copilot, a new full-screen Xbox experience for handhelds, and Bluetooth Shared audio. Ask Copilot lets users search the internet, local files, and AI using text or voice and can be enabled via Settings > Personalization > Taskbar > Ask Copilot. The new full-screen experience (FSE) aims to prioritize gaming on compatible handheld devices and can be set under Settings > Gaming > Full screen experience. Additionally, Windows now supports sharing audio to two Bluetooth devices and improves ARM PC performance by expanding x64 emulation support.

Agencies Publish Best Practices to Secure Exchange Server

🔒 Cybersecurity agencies in the United States, Australia and Canada have issued coordinated best-practice guidance to help organizations harden on-premises Microsoft Exchange Server installations against ongoing attacks and misconfiguration risks. The advisory emphasizes keeping servers fully patched and on the supported Subscription Edition, enabling Microsoft’s Emergency Mitigation Service, and establishing security baselines. It also urges stronger authentication and encryption, dedicated administrative workstations, and built-in protections such as Microsoft Defender Antivirus and App Control to reduce attack surfaces.

Windows 11 Trials Shared Bluetooth Audio on AI PCs

🔊 Microsoft is testing a new Shared audio feature in Windows 11 that uses Bluetooth LE Audio broadcast technology to stream audio to two Bluetooth devices simultaneously on eligible Copilot+ PCs. The option appears as Shared audio (preview) in Quick Settings in Windows 11 Build 26220.7051 (KB5067115). Initially it is limited to select Surface models with Qualcomm Snapdragon X and a few upcoming Samsung and Surface AI PCs, and requires compatible accessories such as Galaxy Buds2 Pro.

Microsoft Edge adds scareware sensor for faster blocking

🛡️ Microsoft is adding a new scareware sensor to Edge that notifies Defender SmartScreen in real time to speed up indexing and global blocking of tech-support and full-screen scam pages. The sensor is included in Edge 142, disabled by default, and reports suspected scams immediately without sharing screenshots or extra data beyond SmartScreen’s usual telemetry. Edge’s local scareware blocker — introduced at Ignite 2024 and widely enabled since February — still warns users, exits full-screen, stops loud audio, shows a thumbnail, and offers an option to continue. Microsoft plans to enable the sensor for users who have SmartScreen enabled and will add more anonymous detection signals over time.

Resiliency in the Cloud: Shared Responsibility & Azure

☁️ Microsoft positions resiliency as a shared responsibility, combining its global infrastructure, SLAs, and platform capabilities with customer-owned architecture, configuration, and recovery planning. Azure Essentials packages blueprints, assessments, and validation tools like Azure Chaos Studio and Azure Monitor to enable zone-redundant and multi-region designs. The guidance stresses continuous validation, automated remediation, and governance to reduce downtime and accelerate recovery.

Chinese Hackers Exploit Windows LNK Zero-Day to Spy

🔒 A China-linked threat group is exploiting a high-severity Windows .LNK zero-day (CVE-2025-9491) to deploy the PlugX remote-access trojan against European diplomatic targets. The campaign begins with spearphishing that delivers malicious shortcut files themed around NATO and European Commission events. Researchers at Arctic Wolf Labs and StrikeReady attribute the activity to UNC6384 (Mustang Panda) and report the operation has expanded beyond Hungary and Belgium to other EU states. With no official patch available, defenders are urged to restrict .LNK usage and block identified C2 infrastructure.

October 2025: Key Cybersecurity Stories and Guidance

🔒 As October 2025 concludes, ESET Chief Security Evangelist Tony Anscombe reviews the month’s most significant cybersecurity developments and what they mean for defenders. He highlights that Windows 10 reached end of support on October 14 and outlines practical options for affected users and organizations. He also warns about info‑stealing malware spread through TikTok videos posing as free activation guides and summarizes Microsoft’s report that Russia, China, Iran and North Korea are increasingly using AI in cyberattacks — alongside China’s accusation of an NSA operation targeting its National Time Service Center.

CISA and NSA Urge Immediate Hardening of Exchange Servers

🔒 CISA, the NSA and international partners have issued urgent guidance to harden on‑premises Microsoft Exchange Server instances by restricting administrative access, enforcing multi‑factor authentication, and applying strict transport security. The agencies recommend migrating or decommissioning end‑of‑life and hybrid Exchange servers, enabling the Exchange Emergency Mitigation Service, and disabling remote PowerShell for users. Organizations are also advised to maintain patch cadence, apply security baselines, and enable antivirus, EDR, ASR, and AppLocker controls.

Eclipse Foundation Revokes Leaked Open VSX Tokens Promptly

🔒 The Eclipse Foundation said it revoked a small number of Open VSX access tokens after Wiz reported several VS Code extensions had inadvertently exposed credentials in public repositories. The exposures were attributed to developer error, not an Open VSX infrastructure compromise. Open VSX introduced an ovsxp_ token prefix, removed flagged extensions, reduced default token lifetimes, and plans automated scans to bolster supply‑chain defenses.

Five Generative AI Security Threats and Defensive Steps

🔒 Microsoft summarizes the top generative AI security risks and mitigation strategies in a new e-book, highlighting threats such as prompt injection, data poisoning, jailbreaks, and adaptive evasion. The post underscores cloud vulnerabilities, large-scale data exposure, and unpredictable model behavior that create new attack surfaces. It recommends unified defenses—such as CNAPP approaches—and presents Microsoft Defender for Cloud as an example that combines posture management with runtime detection to protect AI workloads.

CISA and NSA Issue Hardening Guidance for Exchange

🔒 CISA and the NSA, joined by the Australian Cyber Security Centre and the Canadian Centre for Cyber Security, released guidance to harden on-premises and hybrid Microsoft Exchange servers against attacks. The advisory emphasizes stronger authentication, minimized application attack surfaces, robust TLS configurations, and decommissioning unsupported servers after migration to Microsoft 365. It also recommends enabling emergency mitigations and built-in anti-spam and anti-malware protections and restricting administrative access to authorized workstations.

GitHub Universe 2025: Agents, AI, and Developer Tools

🚀 At GitHub Universe 2025, Microsoft and GitHub presented a vision for agentic development that lets developers see, steer, and build across autonomous agents. The event introduced platform capabilities like Agent HQ, a prompt-first AI Toolkit for VS Code, and the GA release of Azure MCP Server. Announcements focused on enterprise-grade security, standards-based integration, and faster, more intuitive agent creation and governance.

LinkedIn Phishing Targets Finance Executives With Fake Board

🔒 Hackers are exploiting LinkedIn direct messages to phish finance executives with messages claiming to invite recipients to an executive board and leading to credential-harvesting pages. Push Security says victims are redirected — including via a Google open redirect — to a Firebase-hosted 'LinkedIn Cloud Share' page that urges users to click a 'View with Microsoft' button. That flow then presents a Cloudflare Turnstile and a fake Microsoft sign-in used as an adversary-in-the-middle to capture credentials and session cookies; organizations should verify senders, avoid unsolicited links, and enforce MFA and conditional access.

Chromium Blink flaw crashes Chrome, Edge; exploit published

⚠ A researcher, Jose Pino, published a proof-of-concept on October 29 demonstrating a Blink rendering-engine flaw that can crash Chrome, Microsoft Edge and several other Chromium-based browsers within seconds by flooding document.title updates. Pino says he reported the issue to Google on August 28 and, after no response, released the PoC to force public attention. The exploit saturates the main thread with millions of DOM mutations per second, producing rapid CPU spikes, tab freezes and eventual process termination, and it raises particular concern for headless and automated enterprise workflows.

CISA Releases Microsoft Exchange Server Security Guide

🔐 Today, CISA, in collaboration with the National Security Agency and international partners, published Microsoft Exchange Server Security Best Practices to help defenders harden on-premises Exchange servers against ongoing exploitation. The guidance emphasizes strengthening user authentication and access controls, enforcing robust network encryption, and reducing application attack surfaces through configuration and feature management. CISA also urges organizations to decommission end-of-life or hybrid 'last Exchange' servers after migrating to Microsoft 365 to reduce exposure to continued exploitation.

Blueprint for Hardening Microsoft Exchange Servers

🔒 CISA, the NSA, and international partners released the Microsoft Exchange Server Security Best Practices blueprint to help administrators of on‑premises and hybrid Exchange environments strengthen defenses against persistent cyber threats. The guidance builds on CISA’s Emergency Directive 25‑02 and emphasizes restricting administrative access, implementing multifactor authentication, enforcing strict transport security, and adopting zero trust principles. It also urges organizations to remediate or replace end‑of‑life Exchange versions, apply recommended mitigations, and consider migrating to cloud-based email to reduce operational complexity and exposure.