A flaw in Microsoft Teams allows users to join unprotected external tenants when accepting guest invitations, bypassing Defender for Office 365 protections. This gap exposes users to potential phishing and malware risks, as attackers can exploit cross-tenant security weaknesses. Organizations are urged to tighten their guest access policies to mitigate these risks.

Check Point Research identified critical vulnerabilities in Microsoft Teams that allow attackers to manipulate messages, spoof notifications, and impersonate users. Four specific types of attacks were detailed, highlighting the potential for business email compromise and identity fraud. Microsoft has issued fixes for these issues, but concerns remain about security.

Microsoft aims to replace its C and C++ codebase with Rust by 2030, leveraging AI to automate the translation process. They're hiring engineers to develop tools for this extensive project, which is part of a broader effort to improve software security and reduce technical debt. However, a recent update clarifies that this initiative is a research project, not a direct rewrite of Windows.

Microsoft Copilot allows non-technical users to create AI agents easily, but this can lead to serious security vulnerabilities. A recent report shows how these agents can be manipulated to leak sensitive data and cause data exposure. The simplicity of deployment makes it easy for users to overlook necessary security measures.

Satya Nadella's annual letter outlines Microsoft's focus on AI and innovation as it navigates a significant technological shift. The company achieved record financial performance while emphasizing the importance of security, quality, and the transformative potential of AI across various industries.

This article explains the importance of LDAP Signing and Channel Binding in securing Active Directory environments, especially with new default settings in Server 2025. It details how to enable these configurations, monitor for potential issues, and the consequences of not implementing them.

Microsoft will now reward researchers for identifying critical vulnerabilities in any of its online services, regardless of the code's origin. This change aims to enhance security by incentivizing the discovery of flaws in both Microsoft's own and third-party components that impact its services.

Researchers from Varonis discovered a flaw in Microsoft’s Copilot AI that allowed attackers to steal sensitive user data with a single click. By embedding malicious instructions in a legitimate URL, they extracted information like user names and locations without needing further user interaction. The exploit bypassed standard security measures.

Microsoft's Notepad introduced new AI and Markdown features that created a critical security vulnerability (CVE-2026-20841). This flaw allows remote code execution through malicious Markdown files, affecting users of the modern Notepad app on Windows 10 and 11. Immediate updates and precautions are necessary to mitigate risks.

This article examines how Device Code Phishing exploits the OAuth 2.0 authentication process used by Microsoft and Google. It details the mechanics of the attack, illustrating how attackers can trick users into providing access tokens through a seemingly legitimate flow. The comparison highlights the different security postures of the two identity providers.

Microsoft will upgrade the Entra ID authentication system in October 2026 to prevent external script injection attacks. The update will enforce a stricter Content Security Policy, allowing scripts only from trusted Microsoft domains, thus enhancing protection against cross-site scripting threats. Organizations should prepare by reviewing sign-in flows and discontinuing unsupported code-injection tools.

Microsoft addressed a problem where third-party security software falsely flagged WinSqlite3.dll, a core Windows component, as vulnerable. The company updated the DLL in January 2026, encouraging users to install the latest updates for their devices. This issue affected both Windows 10 and 11, as well as Windows Server versions 2012 to 2025.

The article reveals a vulnerability in Microsoft's Update Health Tools that allowed remote code execution through abandoned Azure storage blobs. Researchers exploited this flaw by monitoring HTTP requests and discovered that many devices were at risk due to misconfigurations. Microsoft has since addressed the issue after responsible disclosure.

Microsoft issued out-of-band updates to fix two critical issues affecting Windows 10, Windows 11, and Windows Server. One problem disrupts remote desktop access to Microsoft 365 Cloud PC sessions, while the other prevents some Windows 11 devices with Secure Launch from shutting down or hibernating.

Microsoft has addressed multiple zero-day vulnerabilities in Windows and Office that hackers are actively exploiting. These flaws allow attackers to execute malware with minimal user interaction, primarily through malicious links and files. Security experts warn of a high risk of system compromise and ransomware deployment.

Microsoft released its first security update of 2026, fixing 112 vulnerabilities, including a zero-day in Desktop Window Manager that can leak sensitive information. While this zero-day is actively exploited, attackers need local access to the system to exploit it. Eight vulnerabilities were flagged as likely to be targeted this month.

Scammers are sending fraudulent emails from a legitimate Microsoft address, no-reply-powerbi@microsoft.com, misleading recipients about unauthorized charges. The emails prompt victims to call a number and download remote access software, potentially compromising their devices. Reports of similar scams have surfaced on Microsoft’s website.

Microsoft is rolling out smartphone-like app permission prompts in Windows 11, allowing users to control access to sensitive resources like files and cameras. This change aims to enhance user consent and privacy, addressing issues with apps overriding settings or installing unwanted software. The updates are part of the Secure Future Initiative following a recent security breach.

Microsoft’s November 2025 Patch Tuesday updates resolved 63 vulnerabilities, including a critical zero-day in the Windows kernel actively under attack. The updates also addressed an Office vulnerability allowing unauthorized code execution. This month saw a significant decrease in reported flaws compared to October.

Microsoft's AI tool has identified critical vulnerabilities in the GRUB2 U-Boot bootloader, which could potentially expose systems to security risks. The tool enhances the ability to detect such flaws, thereby improving the overall security posture of systems utilizing this bootloader.

Hackers have been exploiting the TeamFiltration framework to launch password spraying attacks against over 80,000 Microsoft Entra ID accounts across hundreds of organizations since December 2024. The threat actor, known as UNK_SneakyStrike, has successfully compromised multiple accounts, particularly peaking on January 8 with 16,500 accounts targeted in one day. Organizations are advised to implement detection measures and enable multi-factor authentication to mitigate these attacks.

Microsoft has announced that Exchange Server 2016 and 2019 will reach the end of support on October 14, 2025, ceasing technical support, security fixes, and time zone updates. Administrators are urged to upgrade to Exchange Online or Exchange Server Subscription Edition to maintain security and support. Detailed migration guidance is available for those looking to transition from outdated versions.

Microsoft has identified a new malware, Lumma, which has been found on approximately 394,000 Windows PCs. The Lumma password stealer is designed to capture sensitive login information, raising significant security concerns for users. Microsoft is urging users to take precautions to protect their devices from this threat.

Microsoft's August 2025 Patch Tuesday addressed 107 vulnerabilities, including a critical zero-day in Windows Kerberos that could allow domain administrator privilege escalation. The update also fixed thirteen critical vulnerabilities, predominantly related to remote code execution and information disclosure, highlighting ongoing security challenges for Windows users.

A new tool called 'Defendnot' tricks Windows into disabling Microsoft Defender by registering a fake antivirus product using an undocumented Windows Security Center API. Created by researcher es3n1n, it bypasses security features by injecting a dummy antivirus DLL into a trusted system process, effectively leaving devices without active protection. Microsoft Defender has flagged Defendnot as a threat, highlighting vulnerabilities in trusted system features.

Microsoft is actively revamping its security culture as part of its "Secure Future Initiative," emphasizing security as a core employee priority during performance reviews. The company has reported significant advancements in areas such as multi-factor authentication, threat detection, and user experience design to enhance protection against attacks.

Microsoft has significantly improved its Recall feature for Windows 11 after initial security concerns, making it opt-in by default, encrypting stored data, and adding automated filters for sensitive information. The feature allows users to capture screenshots and searchable text from their active windows, but it requires specific hardware and settings for optimal functionality. Users can also manage exclusions and storage limits within the app.

AI agents are evolving to become more autonomous, capable of proactively solving problems and improving workflows across various fields. To support this shift, OAuth 2 standards need to be updated to accommodate the unique authorization requirements of these intelligent systems, ensuring secure and granular access permissions. Microsoft emphasizes the importance of collaboration within the OAuth community to develop these necessary enhancements for a secure future of AI agents.

Microsoft has announced significant upgrades to its Azure security protocols, including the purging of dormant tenants and the rotation of keys to prevent future breaches, particularly following a nation-state hack. The company claims to have made substantial progress on its Secure Future Initiative, focusing on enhanced authentication and defenses against potential attack vectors.

Microsoft Entra Private Access enhances security by integrating conditional access for on-premises Active Directory environments. This new feature aims to provide organizations with better control and protection over user access to critical resources. The implementation reflects a growing emphasis on zero-trust security models in enterprise environments.

Microsoft’s Copilot for M365 has a significant vulnerability that allows users to access files without leaving an audit log entry, posing serious security and compliance risks. Despite fixing the issue, Microsoft has chosen not to inform customers or disclose the vulnerability publicly, raising concerns about their transparency and responsibility regarding security practices. The article details the author’s frustrating experience reporting the vulnerability and highlights the implications for organizations relying on accurate audit logs.

A critical flaw in Microsoft Entra ID, involving undocumented actor tokens and a vulnerability in the Azure AD Graph API, allowed potential global access to any organization's tenant without leaving logs of the actions taken. Security researcher Dirk-jan Mollema discovered that these actor tokens could be exploited to impersonate users, including Global Administrators, leading to severe security risks. Microsoft has since patched the vulnerability and is in the process of deprecating the affected API service.

Microsoft is rolling out a passwordless sign-in option for its services, utilizing passkeys as the default authentication method. This move aims to enhance security and simplify the login process for users by eliminating traditional passwords. The transition is part of a broader industry trend toward more secure and user-friendly authentication methods.

A flaw in Microsoft OneDrive's file picker has been discovered, which could potentially allow attackers to exploit the feature for unauthorized access to files. This vulnerability highlights the need for improved security measures within cloud storage services to protect user data from malicious activities.

A new phishing method called 'CoPhish' exploits Microsoft Copilot Studio agents to issue fraudulent OAuth consent requests, allowing attackers to steal session tokens through social engineering tactics. Researchers from Datadog Security Labs have highlighted the risks associated with Copilot Studio's flexibility and noted that Microsoft plans to address these vulnerabilities in future updates. Users are advised to limit administrative privileges and enforce stricter governance policies to mitigate the risks.

A critical unauthenticated path traversal vulnerability was discovered in Microsoft's NLWeb framework, allowing remote users to access sensitive files through malformed URLs. This incident highlights the potential severity of classic vulnerabilities in the context of AI-driven systems, underscoring the need for rigorous security practices as the Agentic Web evolves.

Hackers are employing a sophisticated phishing technique that leverages legitimate Microsoft links and Active Directory Federation Services (ADFS) to redirect users to a counterfeit site designed to steal Microsoft 365 logins. By utilizing a trusted domain for redirection, attackers can bypass standard security measures, including multi-factor authentication. Researchers recommend monitoring for ADFS redirects and scrutinizing Google ads for potential malicious links.

Google is implementing a security feature in Chromium that prevents Google Chrome from running with administrative permissions by automatically "de-elevating" the browser upon launch. This change, inspired by a similar feature in Microsoft's Edge browser, aims to mitigate security risks associated with running the browser as an administrator, which can lead to malicious files executing with full system access.

EntraFalcon is a PowerShell tool designed for security assessments of Microsoft Entra ID environments, suitable for pentesters and system administrators. It helps identify misconfigurations and risks related to privileged accounts and access policies, generating interactive HTML reports for analysis. The tool operates without external dependencies, supports multiple authentication methods, and is compatible with both Windows and Linux systems.

A critical flaw in Microsoft's Windows Server Update Services (WSUS) has been exploited in the wild, with reports indicating that the vulnerability allows attackers to bypass security measures and execute arbitrary code. Despite the availability of patches, many systems remain unprotected due to insufficient updates, highlighting the urgency for organizations to address this issue promptly.

Russian hackers have been exploiting vulnerabilities in Microsoft's OAuth 2.0 authentication framework, allowing them to access sensitive information from targeted accounts. This ongoing attack poses significant security risks for organizations using Microsoft services, emphasizing the need for enhanced security measures and awareness.

Microsoft and Cloudflare have collaborated to take down the Raccoon365 phishing service, which targeted Microsoft 365 users. This operation aimed to protect users from credential theft and enhance overall cybersecurity measures against such phishing threats. The dismantling of Raccoon365 marks a significant step in combating cybercrime related to phishing schemes.

The article discusses the escalating risks associated with NPM supply chain attacks, highlighting Microsoft's role as a "bad actor" in software security. It reflects on past incidents and emphasizes the need for better security measures in the software ecosystem to prevent exploitation by malicious actors.

Microsoft has made its "Pull Print" feature of Universal Print generally available, allowing users to retrieve print jobs from any registered printer without selecting a specific one in advance. This update enhances security by reducing the risk of confidential documents being left unattended and offers convenient printing options through direct and secure release methods. Future developments will include badge release technologies for added flexibility in printer access.

Brave Software's browser will block Microsoft's Windows Recall feature from capturing screenshots of its windows by default to enhance user privacy. This decision follows criticism of Windows Recall for potentially exposing sensitive user data, and Brave aims to prevent browsing history from being inadvertently stored. Users can still enable Recall through Brave's settings if desired.

Microsoft identified a macOS vulnerability, CVE-2025-31191, allowing attackers to escape the App Sandbox using security-scoped bookmarks without user interaction. The flaw could lead to unrestricted code execution on affected devices, enabling further malicious actions. A fix was provided by Apple in March 2025, and users are advised to apply security updates promptly.

Microsoft will disable all ActiveX controls by default in Microsoft 365 and Office 2024 applications to enhance security and reduce the risk of malware. Users will see a notification when attempting to open documents with ActiveX controls, and while they can enable ActiveX through the Trust Center, Microsoft advises keeping it disabled unless necessary. This decision is part of a broader initiative to strengthen security against vulnerabilities exploited by cybercriminals.

Microsoft Edge is set to implement a new security feature that will automatically detect and revoke malicious sideloaded extensions, enhancing user protection against harmful third-party extensions. The feature aims to address the risks of sideloading, which has previously led to significant user exploitation. Scheduled for release in November, this update is part of broader security improvements for Edge, including new developer account protections and performance alerts for harmful extensions.

Microsoft has discovered a vulnerability in macOS that allows attackers to bypass TCC protections, potentially exposing sensitive user data. This flaw could enable unauthorized access to applications that are typically restricted by macOS security measures. Users are advised to update their systems to mitigate the risk associated with this vulnerability.

A newly discovered vulnerability in the Cursors component of Microsoft Windows allows hackers to execute arbitrary code on affected systems. This flaw, identified as CVE-2023-38831, can be exploited through specially crafted files, prompting urgent updates from Microsoft to mitigate potential attacks. Users are advised to patch their systems to safeguard against this security threat.

Widespread account lockouts among Microsoft Entra ID users were triggered by a false positive issue during the rollout of the MACE Credential Revocation app, which mistakenly flagged unique user credentials as leaked. Many admins reported that locked accounts showed no signs of compromise, leading to confusion and concern within organizations. Microsoft acknowledged the problem but has not yet provided a public response.

Microsoft has confirmed that its Remote Desktop Protocol (RDP) allows users to log in with revoked passwords, a design choice intended to prevent user lockouts. This controversial decision means that even after changing a password, access can still be granted, leaving millions of users vulnerable without clear guidance or detection methods from Microsoft.

Microsoft is expanding the list of blocked attachments in Outlook Web and the new Outlook for Windows by adding .library-ms and .search-ms file types starting in July 2025. This decision aims to enhance security by preventing the exploitation of these file types in phishing attacks, although most organizations are unlikely to be affected. Users who need to send or receive these attachments can adjust their settings accordingly.

The article discusses a security vulnerability in Microsoft 365 Copilot, where an indirect prompt injection allowed the execution of arbitrary instructions to extract sensitive tenant data. By leveraging Mermaid diagrams, attackers could create deceptive elements that transmitted this data to their server when clicked by users.