< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 6 of 42

Microsoft and researcher clash over disclosure rules

🛡️ Microsoft and a prominent researcher publicly traded barbs after the researcher, going by Nightmare Eclipse, published vulnerabilities he said were ignored; Microsoft countered that those disclosures were irresponsible and increased risk. The exchange included personal accusations, account deletions, and threats, prompting discussion within the security community about disclosure practices. Senior Microsoft staff signaled a review of processes while defenders on both sides highlighted valid concerns about communication, prioritization, and trust.
read more →

Microsoft named Leader in 2026 Endpoint Protection

🛡️ For the seventh consecutive time, Microsoft has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection, reflecting customer trust in Microsoft Defender. Defender provides industry-leading EDR backed by global threat intelligence and connects endpoints, identities, email, apps, cloud, and data to enable earlier detection and stronger prevention. Recent advancements include proactive attack disruption, custom telemetry, simplified onboarding, sovereign-ready protection, and agentic endpoint security for local AI agents.
read more →

Claude Opus 4.8 Now Available in Microsoft Foundry

🚀 Claude Opus 4.8 is now accessible in Microsoft Foundry, providing developers and enterprises with Anthropic’s most capable Opus model for coding, agentic tasks, and professional work. The update focuses on long-running workflows, deeper reasoning across documents and codebases, and more reliable tool use for multi-step automation. Teams can now evaluate and deploy the model within Foundry’s unified platform for building and operating AI applications.
read more →

Analysis of The Gentlemen self‑propagating ransomware

🛡️ This Microsoft Threat Intelligence blog dissects The Gentlemen, a Go-based RaaS that combines per-file ephemeral Curve25519/XChaCha20 encryption with aggressive self-propagation across networks. The post details operator models, command-line controls, speed modes, privilege elevation via scheduled tasks, and extensive defense-evasion steps including disabling Defender, deleting shadow copies, clearing logs, and terminating backup, database, virtualization, and EDR services. Practical mitigations, Defender detections, hunting queries, and IOCs are provided for defenders and incident responders.
read more →

Amazon WorkSpaces BYOL for Windows Desktop OS

🖥️ Amazon WorkSpaces Applications now supports Bring Your Own License (BYOL) for Windows Desktop operating systems, enabling customers to stream Microsoft 365 Apps for enterprise and full desktop experiences on hardware dedicated to their AWS account. Organizations can reduce costs by avoiding OS fees and maintain a consistent user experience between local and streamed environments. Availability spans multiple AWS Regions and requires meeting Microsoft licensing rules plus minimum monthly streaming commitments.
read more →

Microsoft Rebukes Public Zero‑Day Disclosures

🛡️ Microsoft has urged the security research community to follow Coordinated Vulnerability Disclosure (CVD) after a researcher publicly released details and exploit code for multiple Windows zero‑days, including issues in Defender and BitLocker. The company said several disclosed flaws were not shared with Microsoft before publication, exposing customers to unnecessary risk and prompting security teams to work continuously on protections and updates. Some of the disclosed flaws — BlueHammer, RedSun and UnDefend — are reported to be actively exploited in the wild, and vendor actions have included takedowns of the researcher’s GitHub account.
read more →

Microsoft criticizes uncoordinated zero-day disclosures

🛡️ Microsoft has criticized researchers for publicly disclosing six zero-day vulnerabilities before patches were available, calling such actions irresponsible and risky. The company said its security teams are working around the clock to investigate and mitigate issues including privilege escalation and bypass flaws in Defender and BitLocker. Microsoft urged adherence to industry-standard coordinated vulnerability disclosure (CVD) practices, typically allowing a 90-day embargo for patch development. It cautioned that uncoordinated releases can place proof-of-concept exploit code into malicious hands and undermines efforts to protect customers.
read more →

GPU-mining campaign uses SEO and AI for delivery

🛡️ Microsoft uncovered a targeted cryptojacking campaign that lures owners of high-performance PCs to malicious download pages for utilities like CrystalDiskInfo and HWMonitor. The attackers used SEO poisoning and, in some cases, manipulated AI chatbots to surface attacker-controlled download links. Infected ZIP archives include legitimate utilities and a malicious DLL that installs the ScreenConnect remote access tool, enabling persistent access and deployment of a process-hollowing loader that ultimately launches GPU miners.
read more →

Windows 11 KB5089573 preview brings performance fixes

🔧 Microsoft released the KB5089573 preview cumulative update for Windows 11 25H2 and 24H2, delivering 30 non-security changes focused on performance and reliability. The optional May 2026 update accelerates app launch and core shell experiences (Start, Search, Action Center) and improves Windows Hello sign-in behavior and reliability. It also addresses File Explorer stability, touch gestures, Modern Standby resume performance, and reduces authentication blocks for Windows Hello Enhanced Sign-in Security. Devices upgrade to builds 26200.8524 and 26100.8524 and updated Secure Boot certificates are being phased in ahead of expiring 2011 certificates.
read more →

Microsoft warns of AI‑assisted cryptojacking campaign

🛡️ Microsoft warns of an active cryptojacking campaign that leverages AI chatbot interactions to surface malicious download sites. The attacks impersonate legitimate utilities and target high-performance GPU systems, using ZIP archives with sideloaded rogue DLLs to install ScreenConnect and deliver GPU miners. The campaign establishes persistent remote access, configures Defender exclusions, and supports multiple miners while evading analysis tools.
read more →

Microsoft previews automatic device isolation feature

🛡️ Microsoft is previewing an automatic device isolation feature in Defender for Endpoint to help contain active cyberattacks by severing most network traffic while preserving connections to security services. The capability is part of its auto attack disruption tool within Defender XDR, and Microsoft says actions are time-limited and can be tuned or reversed by administrators. A new SANS Institute paper warns threshold-driven autonomous containment can be weaponized to disable user accounts, underscoring the need for careful configuration and governance.
read more →

FBI warns of Kali365 phishing kit bypassing MFA

🔒 The FBI has alerted organisations to Kali365, a phishing-as-a-service platform that can hijack Microsoft 365 accounts without stealing passwords and can bypass multi-factor authentication. Launched in April 2026 and sold via Telegram, Kali365 offers AI-generated lures, automated templates, dashboards, and OAuth token capture for as little as $250 monthly. The kit exploits Microsoft’s device code flow, tricking victims into authorising attacker devices on legitimate Microsoft pages, granting access to Outlook, Teams, and OneDrive. The FBI recommends blocking device code flow with a conditional access policy in Microsoft Entra ID and deploying phishing-resistant MFA such as hardware security keys.
read more →

Microsoft Defender adds automatic endpoint isolation

🛡️ Microsoft is previewing a Defender for Endpoint capability that automatically isolates compromised endpoints as part of automatic attack disruption. Isolated devices are disconnected from the network to limit lateral movement and data exfiltration but remain connected to the Microsoft Defender for Endpoint service for ongoing monitoring. The feature applies to onboarded end-user workstations and can be released by security operators after investigation and remediation.
read more →

Microsoft fixes critical SharePoint remote code flaw

🛡️ Microsoft released updates to address a SharePoint remote code execution vulnerability, CVE-2026-45659, rated CVSS 8.8 and classified as Important. The flaw involves deserialization of untrusted data, allowing an authenticated attacker with minimal Site Member permissions to execute code over a network without elevated privileges. Microsoft credited researcher MEOW for the discovery and urged administrators to apply the updates for affected SharePoint versions. The advisory follows recent fixes for other SharePoint issues that have been exploited in the wild.
read more →

Windows Server 2016 DC lookup fails with KB5087537

🔔 Microsoft confirmed a known issue where domain controller discovery may fail on Windows Server 2016 after installing the KB5087537 May 2026 security update. The problem affects only systems whose hostnames are exactly 15 characters long, causing DCLocator calls to return ERROR_INVALID_PARAMETER. This can prevent applications and admin tools from locating domain controllers and may disrupt administrative scenarios such as DFS Namespace management.
read more →

FBI Alerts on Kali365 Phishing Service Targeting M365

🔒 The FBI warns about the Kali365 phishing-as-a-service platform that abuses OAuth device code authentication to hijack Microsoft 365 and Microsoft Entra accounts. Distributed via Telegram since April 2026, Kali365 enables low-skilled attackers to bypass MFA by tricking victims into authorizing device codes, then capturing OAuth tokens to access mailboxes and cloud apps. Researchers observed campaigns using phishing emails, AI-generated lures, and real-time dashboards, while the FBI advises blocking device code flows and preserving forensic evidence.
read more →

FBI alert: Kali365 OAuth phishing risks rise

🔒 The FBI warns of phishing campaigns using Kali365 to harvest Microsoft 365 OAuth access tokens and bypass multi-factor authentication. Attackers trick users into entering a code on a legitimate Microsoft page, which instead authorizes the attacker’s device to access the victim’s account. The FBI advises IT teams to deploy conditional access policies and block authentication transfer to reduce exposure.
read more →

Microsoft named Leader in workforce identity platforms

🔒 Microsoft announced it was recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving top scores for current offering and strategy. The post emphasizes the need to unify identity signals, access policies, and response workflows to reduce fragmentation and improve security. It highlights Microsoft Entra capabilities in ITDR, phishing-resistant authentication, access control, and identity verification. The article also stresses the growing importance of managing AI and non-human identities through continuous, context-aware enforcement.
read more →

Securing AI Foundations: Microsoft Customer Spotlights

🛡️ This article highlights how St. Luke’s University Health Network and ManpowerGroup modernized security to enable AI-powered operations. It describes how both organizations unified visibility across cloud, identity, endpoint, and email by adopting Microsoft Security Copilot, Microsoft Defender, and Microsoft Sentinel, and how automation reduced noise and accelerated response. The piece frames security as a strategic enabler for scaling AI responsibly under Zero Trust and governance principles.
read more →

Microsoft adds agentic AI to Edge for Business

🧭 Microsoft is piloting agentic AI in Edge for Business to streamline multi-step workflows like form-filling, site navigation, and cross-tab data gathering. A limited preview introduces a unified new-tab experience with calendar entries, files, and Copilot prompts to reduce context-switching. Enterprises can enforce data protections—blocking copy/paste, keeping prompts and responses inside their Microsoft 365 tenant, and auditing or blocking sensitive uploads. The features integrate with Purview to detect and prevent policy violations when users sign into Edge for Business.
read more →