Microsoft's AI tool has identified critical vulnerabilities in the GRUB2 U-Boot bootloader, which could potentially expose systems to security risks. The tool enhances the ability to detect such flaws, thereby improving the overall security posture of systems utilizing this bootloader.

Hackers have been exploiting the TeamFiltration framework to launch password spraying attacks against over 80,000 Microsoft Entra ID accounts across hundreds of organizations since December 2024. The threat actor, known as UNK_SneakyStrike, has successfully compromised multiple accounts, particularly peaking on January 8 with 16,500 accounts targeted in one day. Organizations are advised to implement detection measures and enable multi-factor authentication to mitigate these attacks.

Microsoft has announced that Exchange Server 2016 and 2019 will reach the end of support on October 14, 2025, ceasing technical support, security fixes, and time zone updates. Administrators are urged to upgrade to Exchange Online or Exchange Server Subscription Edition to maintain security and support. Detailed migration guidance is available for those looking to transition from outdated versions.

Microsoft's August 2025 Patch Tuesday addressed 107 vulnerabilities, including a critical zero-day in Windows Kerberos that could allow domain administrator privilege escalation. The update also fixed thirteen critical vulnerabilities, predominantly related to remote code execution and information disclosure, highlighting ongoing security challenges for Windows users.

A new tool called 'Defendnot' tricks Windows into disabling Microsoft Defender by registering a fake antivirus product using an undocumented Windows Security Center API. Created by researcher es3n1n, it bypasses security features by injecting a dummy antivirus DLL into a trusted system process, effectively leaving devices without active protection. Microsoft Defender has flagged Defendnot as a threat, highlighting vulnerabilities in trusted system features.

Microsoft is actively revamping its security culture as part of its "Secure Future Initiative," emphasizing security as a core employee priority during performance reviews. The company has reported significant advancements in areas such as multi-factor authentication, threat detection, and user experience design to enhance protection against attacks.

Microsoft has significantly improved its Recall feature for Windows 11 after initial security concerns, making it opt-in by default, encrypting stored data, and adding automated filters for sensitive information. The feature allows users to capture screenshots and searchable text from their active windows, but it requires specific hardware and settings for optimal functionality. Users can also manage exclusions and storage limits within the app.

Microsoft has identified a new malware, Lumma, which has been found on approximately 394,000 Windows PCs. The Lumma password stealer is designed to capture sensitive login information, raising significant security concerns for users. Microsoft is urging users to take precautions to protect their devices from this threat.

AI agents are evolving to become more autonomous, capable of proactively solving problems and improving workflows across various fields. To support this shift, OAuth 2 standards need to be updated to accommodate the unique authorization requirements of these intelligent systems, ensuring secure and granular access permissions. Microsoft emphasizes the importance of collaboration within the OAuth community to develop these necessary enhancements for a secure future of AI agents.

Microsoft’s Copilot for M365 has a significant vulnerability that allows users to access files without leaving an audit log entry, posing serious security and compliance risks. Despite fixing the issue, Microsoft has chosen not to inform customers or disclose the vulnerability publicly, raising concerns about their transparency and responsibility regarding security practices. The article details the author’s frustrating experience reporting the vulnerability and highlights the implications for organizations relying on accurate audit logs.

Microsoft Entra Private Access enhances security by integrating conditional access for on-premises Active Directory environments. This new feature aims to provide organizations with better control and protection over user access to critical resources. The implementation reflects a growing emphasis on zero-trust security models in enterprise environments.

Microsoft has announced significant upgrades to its Azure security protocols, including the purging of dormant tenants and the rotation of keys to prevent future breaches, particularly following a nation-state hack. The company claims to have made substantial progress on its Secure Future Initiative, focusing on enhanced authentication and defenses against potential attack vectors.

A critical flaw in Microsoft Entra ID, involving undocumented actor tokens and a vulnerability in the Azure AD Graph API, allowed potential global access to any organization's tenant without leaving logs of the actions taken. Security researcher Dirk-jan Mollema discovered that these actor tokens could be exploited to impersonate users, including Global Administrators, leading to severe security risks. Microsoft has since patched the vulnerability and is in the process of deprecating the affected API service.

Microsoft is rolling out a passwordless sign-in option for its services, utilizing passkeys as the default authentication method. This move aims to enhance security and simplify the login process for users by eliminating traditional passwords. The transition is part of a broader industry trend toward more secure and user-friendly authentication methods.

Hackers are employing a sophisticated phishing technique that leverages legitimate Microsoft links and Active Directory Federation Services (ADFS) to redirect users to a counterfeit site designed to steal Microsoft 365 logins. By utilizing a trusted domain for redirection, attackers can bypass standard security measures, including multi-factor authentication. Researchers recommend monitoring for ADFS redirects and scrutinizing Google ads for potential malicious links.

A flaw in Microsoft OneDrive's file picker has been discovered, which could potentially allow attackers to exploit the feature for unauthorized access to files. This vulnerability highlights the need for improved security measures within cloud storage services to protect user data from malicious activities.

A new phishing method called 'CoPhish' exploits Microsoft Copilot Studio agents to issue fraudulent OAuth consent requests, allowing attackers to steal session tokens through social engineering tactics. Researchers from Datadog Security Labs have highlighted the risks associated with Copilot Studio's flexibility and noted that Microsoft plans to address these vulnerabilities in future updates. Users are advised to limit administrative privileges and enforce stricter governance policies to mitigate the risks.

A critical unauthenticated path traversal vulnerability was discovered in Microsoft's NLWeb framework, allowing remote users to access sensitive files through malformed URLs. This incident highlights the potential severity of classic vulnerabilities in the context of AI-driven systems, underscoring the need for rigorous security practices as the Agentic Web evolves.

Microsoft and Cloudflare have collaborated to take down the Raccoon365 phishing service, which targeted Microsoft 365 users. This operation aimed to protect users from credential theft and enhance overall cybersecurity measures against such phishing threats. The dismantling of Raccoon365 marks a significant step in combating cybercrime related to phishing schemes.

Russian hackers have been exploiting vulnerabilities in Microsoft's OAuth 2.0 authentication framework, allowing them to access sensitive information from targeted accounts. This ongoing attack poses significant security risks for organizations using Microsoft services, emphasizing the need for enhanced security measures and awareness.

Google is implementing a security feature in Chromium that prevents Google Chrome from running with administrative permissions by automatically "de-elevating" the browser upon launch. This change, inspired by a similar feature in Microsoft's Edge browser, aims to mitigate security risks associated with running the browser as an administrator, which can lead to malicious files executing with full system access.

A critical flaw in Microsoft's Windows Server Update Services (WSUS) has been exploited in the wild, with reports indicating that the vulnerability allows attackers to bypass security measures and execute arbitrary code. Despite the availability of patches, many systems remain unprotected due to insufficient updates, highlighting the urgency for organizations to address this issue promptly.

EntraFalcon is a PowerShell tool designed for security assessments of Microsoft Entra ID environments, suitable for pentesters and system administrators. It helps identify misconfigurations and risks related to privileged accounts and access policies, generating interactive HTML reports for analysis. The tool operates without external dependencies, supports multiple authentication methods, and is compatible with both Windows and Linux systems.

Brave Software's browser will block Microsoft's Windows Recall feature from capturing screenshots of its windows by default to enhance user privacy. This decision follows criticism of Windows Recall for potentially exposing sensitive user data, and Brave aims to prevent browsing history from being inadvertently stored. Users can still enable Recall through Brave's settings if desired.

Microsoft has made its "Pull Print" feature of Universal Print generally available, allowing users to retrieve print jobs from any registered printer without selecting a specific one in advance. This update enhances security by reducing the risk of confidential documents being left unattended and offers convenient printing options through direct and secure release methods. Future developments will include badge release technologies for added flexibility in printer access.

The article discusses the escalating risks associated with NPM supply chain attacks, highlighting Microsoft's role as a "bad actor" in software security. It reflects on past incidents and emphasizes the need for better security measures in the software ecosystem to prevent exploitation by malicious actors.

Microsoft identified a macOS vulnerability, CVE-2025-31191, allowing attackers to escape the App Sandbox using security-scoped bookmarks without user interaction. The flaw could lead to unrestricted code execution on affected devices, enabling further malicious actions. A fix was provided by Apple in March 2025, and users are advised to apply security updates promptly.

Microsoft will disable all ActiveX controls by default in Microsoft 365 and Office 2024 applications to enhance security and reduce the risk of malware. Users will see a notification when attempting to open documents with ActiveX controls, and while they can enable ActiveX through the Trust Center, Microsoft advises keeping it disabled unless necessary. This decision is part of a broader initiative to strengthen security against vulnerabilities exploited by cybercriminals.

Microsoft Edge is set to implement a new security feature that will automatically detect and revoke malicious sideloaded extensions, enhancing user protection against harmful third-party extensions. The feature aims to address the risks of sideloading, which has previously led to significant user exploitation. Scheduled for release in November, this update is part of broader security improvements for Edge, including new developer account protections and performance alerts for harmful extensions.

Microsoft has discovered a vulnerability in macOS that allows attackers to bypass TCC protections, potentially exposing sensitive user data. This flaw could enable unauthorized access to applications that are typically restricted by macOS security measures. Users are advised to update their systems to mitigate the risk associated with this vulnerability.

A newly discovered vulnerability in the Cursors component of Microsoft Windows allows hackers to execute arbitrary code on affected systems. This flaw, identified as CVE-2023-38831, can be exploited through specially crafted files, prompting urgent updates from Microsoft to mitigate potential attacks. Users are advised to patch their systems to safeguard against this security threat.

Widespread account lockouts among Microsoft Entra ID users were triggered by a false positive issue during the rollout of the MACE Credential Revocation app, which mistakenly flagged unique user credentials as leaked. Many admins reported that locked accounts showed no signs of compromise, leading to confusion and concern within organizations. Microsoft acknowledged the problem but has not yet provided a public response.

Microsoft has confirmed that its Remote Desktop Protocol (RDP) allows users to log in with revoked passwords, a design choice intended to prevent user lockouts. This controversial decision means that even after changing a password, access can still be granted, leaving millions of users vulnerable without clear guidance or detection methods from Microsoft.

Microsoft is expanding the list of blocked attachments in Outlook Web and the new Outlook for Windows by adding .library-ms and .search-ms file types starting in July 2025. This decision aims to enhance security by preventing the exploitation of these file types in phishing attacks, although most organizations are unlikely to be affected. Users who need to send or receive these attachments can adjust their settings accordingly.

The article discusses a security vulnerability in Microsoft 365 Copilot, where an indirect prompt injection allowed the execution of arbitrary instructions to extract sensitive tenant data. By leveraging Mermaid diagrams, attackers could create deceptive elements that transmitted this data to their server when clicked by users.