phishing

A new, deceptively simple attack named “Reprompt” has exposed a critical weakness in Microsoft Copilot Personal: with a single click on a legitimate Copilot deep link an attacker could, under the right conditions, mount a multistage, stealthy data‑exfiltration chain that pulls names, locations...

I switched my Microsoft account from a password to a passkey — and within days the stream of automated sign-in attempts from unfamiliar countries turned into harmless noise because there was nothing left for attackers to guess. Background: why this matters right now Passwords are still the most...

Toyota Leasing Thailand’s security team turned to Microsoft Security Copilot to protect customer data and preserve trust, embedding the AI assistant into a Microsoft security stack (Defender, Entra, Purview) to accelerate phishing triage, reduce analyst toil, and deliver leadership-ready...

Microsoft has confirmed a Chromium‑based Microsoft Edge spoofing flaw, tracked as CVE‑2025‑65046, that allows a malicious page or a content script injected into a page to display a browser extension’s popup over a permission prompt or screen‑share dialog, enabling the extension UI to impersonate...

Microsoft’s latest upgrade push has turned into a cautionary tale: a combination of release‑pipeline bugs, confusing on‑screen messaging, and the ever‑present threat of scammy pop‑ups has left some users finding themselves on the wrong side of a Windows 11 installation without meaning to. The...

This morning’s inbox flood — five obvious spam messages slipping straight into the primary view of an Outlook user — is not an isolated annoyance. It’s a live demonstration of where Microsoft’s email stack still fails everyday people: spam and phishing still reach the inbox, user trust erodes...

Imagine a perfectly plausible Microsoft email — logo, tone, and even an apparent microsoft.com link — that quietly hands your credentials to a criminal because your brain read a visual illusion instead of the actual characters in the address. This is the new face of a classic trick...

RSA’s new RSA ID Plus for Microsoft lineup — anchored by the RSA ID Plus M1 SKU now generally available on the Microsoft Azure Marketplace — is a deliberate attempt to layer phishing‑resistant, passwordless identity controls and operational resilience on top of Microsoft Entra ID, with a...

The Louvre’s security humiliation—reports that a surveillance server could be accessed with the password “LOUVRE”—has turned a sensational daytime robbery of the Galerie d’Apollon into a wider institutional reckoning over museum cybersecurity, procurement failures and the real-world consequences...

Windows 11’s quiet, incremental upgrades have a habit of being overshadowed by flashy headlines — and right now the headline magnet is Copilot. But the single most consequential feature added to the OS in recent updates isn’t an AI assistant at all: it’s passkeys — a modern, cryptographic, and...

Microsoft Copilot Studio agents can be weaponized to deliver highly convincing OAuth consent phishing that results in stolen tokens and persistent account access — a technique researchers have labelled “CoPhish” that leverages legitimate Microsoft-hosted agent pages to evade traditional...

Microsoft’s Copilot Studio can be weaponized to steal OAuth tokens — an attack chain Datadog Security Labs has dubbed “CoPhish” — by hosting malicious agents on Microsoft domains and using the agents’ built‑in sign‑in workflows to deliver convincing OAuth consent prompts that exfiltrate tokens...

Microsoft’s Threat Intelligence team has described a stealthy, financially motivated operation dubbed “payroll pirate” that has, since March 2025, targeted U.S. universities to hijack payroll by compromising Exchange Online and HR SaaS accounts such as Workday and quietly redirecting salaries...

OpenAI says it has disrupted multiple ChatGPT accounts used by threat actors in Russia, China and North Korea who employed the chatbot to design, test and refine malware, credential‑stealers and phishing campaigns — a development that spotlights a fast‑evolving arms race between defensive model...

Google has quietly turned the Chrome toolbar into a direct gateway for Gemini — rolling out what the company calls the “biggest upgrade in its history,” a sweeping set of AI features that embed Gemini natively into the browser, surface an AI Mode in the address bar, and promise future “agentic”...

Microsoft’s free Windows 10 upgrade became a vehicle for a crop of convincing phishing emails that delivered file‑encrypting ransomware disguised as a legitimate installer, according to security researchers — a reminder that major platform announcements instantly become social‑engineering boons...

More than half of the world’s personal computers remain on Windows 10 even as Microsoft’s official support deadline looms, creating a wide and growing security gap that affects consumers, small businesses, and enterprise networks alike. New telemetry shared publicly via cybersecurity vendor...

Microsoft’s security advisory around a freshly disclosed browser bug highlights a repeat problem for mobile users: an insufficient UI warning in Microsoft Edge (Chromium-based) for Android that enables spoofing over a network. The vendor entry you provided points to a CVE record that the...

Microsoft’s latest Windows 11 Insider Preview update, rolled out as KB5065782 to Dev and Beta channel testers on September 12, 2025, repurposes the SCOOBE (Second‑Chance Out‑of‑Box Experience) flow to display a full‑screen Microsoft 365 “needs attention” renewal prompt that occupies the display...

A growing number of Microsoft account holders report successful sign‑ins from IP addresses inside Microsoft’s own network despite having two‑factor authentication enabled — an uptick of incidents first detailed in a German investigation and corroborated by threads on Reddit and Microsoft’s own...