microsoft 365 security

A quiet yet consequential security flaw recently put Microsoft 365 customers on high alert after researchers disclosed a vulnerability within Microsoft Bookings that exposed organizations to sophisticated cyberattacks through manipulated meeting invitations and calendar events. At the heart of...

Mesa, Arizona’s business landscape is shifting rapidly, and technology support is increasingly critical for organizations of every size. In this climate, AZCOMP Technologies has announced a significant expansion of its Microsoft 365 support services, aiming to empower small and mid-sized...

Oryon.net, a prominent Singapore-based web hosting provider and Microsoft Solutions Partner, has recently unveiled Oryon Academy—a dedicated learning platform aimed at empowering Microsoft 365 Business users to fully harness their digital tools. With over 25 years of experience supporting small...

The growing adoption of generative AI in the workplace has ushered in sweeping changes across industries, delivering newfound efficiencies and innovative capabilities. Yet, with each leap toward automation and intelligence, a parallel, shadowy world of cyber threats surges ahead. A recent...

In today's rapidly evolving digital landscape, organizations face an ever-increasing array of cyberthreats targeting their most valuable assets: their users and data. Recognizing this challenge, Kaseya has introduced the Kaseya 365 User subscription, a comprehensive solution designed to simplify...

Netwrix has recently unveiled significant enhancements to its 1Secure SaaS platform, introducing a new Data Security Posture Management (DSPM) solution tailored for Microsoft 365 environments. This development aims to bolster identity and data security by providing organizations with advanced...

In today's digital workplace, collaborative tools like Microsoft 365 have become indispensable for enhancing productivity and fostering teamwork. However, the convenience of these platforms often comes with significant security challenges, particularly concerning data breaches and unauthorized...

Russian cyber threat actors have recently exploited OAuth 2.0 authentication flows to compromise Microsoft 365 accounts belonging to employees involved with Ukraine-related and human rights organizations. This sophisticated attack, tracked since early 2025, is predominantly attributed to...

In recent weeks, Microsoft 365 users have found themselves in the crosshairs of a sophisticated business email compromise (BEC) campaign that exploits the cloud service’s very reputation for trust and reliability. Rather than launching the usual barrage of phishing emails filled with tyrannical...

Connecting managed service providers (MSPs) with streamlined, effective cloud security is more essential now than ever. ConnectWise has stepped into the spotlight with its latest announcement—ConnectWise SaaS Security—a solution meticulously designed to help MSPs deliver, manage, and monetize...

Managed service providers are facing unprecedented challenges when it comes to protecting their clients’ Microsoft 365 environments. With the persistent rise of cyberattacks targeting business productivity suites, the piecemeal use of siloed security and backup tools often leaves dangerous gaps...

Windows users and IT professionals need to take extra caution as attackers continuously refine their phishing playbook. Recent reports reveal that sophisticated adversaries are leveraging vulnerabilities in OAuth 2.0 redirection flows to target Microsoft 365 environments. In these OAuth-themed...

Russian threat actors have once again raised the bar for cyber espionage, turning attention toward OAuth 2.0 authentication flows in Microsoft 365, hijacking accounts connected to Ukraine and human rights organizations. Their tactics, as uncovered by cybersecurity firm Volexity, fit into a...

If you’ve already started mentally composing your next big idea in Outlook, you might want to hit “Save as Draft” for a moment—there’s a new cyberattack in town, and it’s got your Microsoft 365 credentials written all over it... possibly in Cyrillic. A New Breed of Phishing: Sophisticated Social...

Microsoft 365 account holders, it’s time to clutch your credentials like your last stick of office coffee—hackers have orchestrated another clever plot, this time through everyone’s favorite messaging apps. If you thought WhatsApp and Signal were just for family chats and cryptic office banter...

There’s a certain poetic irony in the fact that OAuth 2.0—a framework specifically engineered to keep our digital lives safe from password theft—is now being bent and twisted by Russian hackers to hijack entire Microsoft 365 accounts. If that isn’t progress in the field of offensive...

If you’re going to be phished, you might as well be courted by some of Russia’s digital finest—at least that’s what a fresh report from Volexity would lead you to believe, as Ukraine-linked NGOs have found themselves starring in an unexpected cyber-espionage romcom, with the Russian hacking...

In a recent development, Russian threat actors identified as UTA0352 and UTA0355 have been targeting Ukraine-linked nongovernmental organizations (NGOs) by exploiting the OAuth protocol to compromise Microsoft 365 accounts. The Mechanics of the Attack The attackers initiated their campaign with...

We live in an era where simply clicking a video call link could lead to the digital equivalent of inviting a burglar in for tea—and hackers are getting increasingly creative with their invitations, especially when it comes to Microsoft 365 access. The Evolving Art of Social Engineering (or: Why...

A New Phishing Frontier: Tycoon2FA Evolving to Outsmart Microsoft 365 Security Phishing attacks are evolving, and the latest twist comes from the Tycoon2FA phishing kit. Designed as a Phishing-as-a-service (PhaaS) platform, Tycoon2FA is notorious for bypassing multi-factor authentication (MFA)...