Microsoft has identified a new malware, Lumma, which has been found on approximately 394,000 Windows PCs. The Lumma password stealer is designed to capture sensitive login information, raising significant security concerns for users. Microsoft is urging users to take precautions to protect their devices from this threat.

Microsoft will disable all ActiveX controls by default in Microsoft 365 and Office 2024 applications to enhance security and reduce the risk of malware. Users will see a notification when attempting to open documents with ActiveX controls, and while they can enable ActiveX through the Trust Center, Microsoft advises keeping it disabled unless necessary. This decision is part of a broader initiative to strengthen security against vulnerabilities exploited by cybercriminals.