phishing

In recent months, cybersecurity researchers have uncovered a sophisticated phishing campaign that exploits Microsoft 365's "Direct Send" feature to impersonate internal users and bypass traditional email security measures. This technique has targeted over 70 organizations, primarily in the...

Phishing attacks continue to challenge organizations worldwide, evolving in sophistication and leveraging the very tools designed to enhance digital communication. An alarming new campaign has emerged wherein cybercriminals exploit Microsoft 365’s Direct Send feature—traditionally trusted for...

Sophisticated cybercriminals have recently demonstrated yet another way to exploit trust in internal communications—this time, by leveraging a Microsoft 365 feature originally intended for convenience. The Varonis Managed Data Detection and Response (MDDR) forensic team has uncovered a striking...

When hackers target popular communication platforms, the repercussions ripple far beyond fleeting inconvenience—malicious campaigns can threaten the digital safety of millions. A recent discovery has thrown Discord, the massively popular chat and voice platform, into the cybersecurity spotlight...

CVE-2025-47957: Microsoft Word Remote Code Execution Vulnerability Description CVE-2025-47957 is a critical "use after free" vulnerability in Microsoft Office Word. It allows an unauthorized attacker to execute code locally on the affected machine. The flaw arises when Microsoft Word mistakenly...

A massive data breach has triggered shockwaves throughout the cybersecurity landscape, with over 184 million passwords reportedly leaked and some of the world’s most prominent technology brands implicated. This incident is distinguished not only by its monumental scale but also by the...

The rapid evolution of cybercrime has brought forth a new era of sophisticated phishing operations, with attackers now leveraging complex “Phishing-as-a-Service” (PhaaS) platforms to target lucrative enterprise networks. One such operation, identified in research as Storm-1575 and more widely...

Phishing attacks are evolving at a rapid pace, becoming increasingly sophisticated, and exploiting trusted platforms in ways that challenge even tech-savvy users. Recently, cybersecurity researchers uncovered a troubling new scam leveraging Google Apps Script—a legitimate Google service—to...

As phishing threats continue to evolve, attackers are leveraging increasingly sophisticated methods that use legitimate cloud platforms to disguise their malicious campaigns. Recent research has uncovered a worrying trend: the abuse of Google Apps Script as a vehicle for launching convincing...

A new breed of cyber threats is rapidly transforming the landscape of enterprise security, and few recent campaigns illustrate this better than the large-scale, meticulously coordinated attacks attributed to Storm-1575, more commonly known as the Dadsec hacker group. Over the past year, Dadsec...

As cyber threats targeting Microsoft 365 continue to evolve, organizations must remain vigilant to protect their critical productivity tools. Recent analyses have identified several pressing security challenges that demand immediate attention. 1. Privilege Escalation Attackers often exploit...

In recent developments, cybersecurity researchers have uncovered a sophisticated malware campaign targeting Microsoft Windows users. Attackers are deploying deceptive websites that mimic popular brands to trick individuals into downloading malicious applications. These counterfeit sites often...

In a significant cybersecurity operation, Microsoft, in collaboration with global law enforcement agencies, has dismantled the Lumma Stealer malware network, which had infected approximately 394,000 Windows computers worldwide between March 16 and May 16, 2025. This malware, notorious for its...

The global scale and sophistication of cybercrime reached new heights with the recent crackdown on the notorious Lumma malware network, as revealed by Microsoft in partnership with law enforcement agencies worldwide. For many Windows users and enterprises, this revelation isn’t just another...

Phishing attacks have long been the scourge of enterprise security, but recent developments reveal a disturbing evolution in cybercriminal tactics targeting Microsoft platforms. A newly uncovered phishing campaign harnesses the trusted veneer of Microsoft Dynamics 365 Customer Voice, weaponizing...

Enticing users with the promise of AI-powered video creation, cybercriminals have launched a new campaign distributing a previously undocumented malware family, Noodlophile, strategically camouflaged as cutting-edge video generation tools. This campaign uses the allure of widely hyped artificial...

The rapid proliferation of sophisticated cybercrime tactics continues to shape the security landscape for organizations worldwide. Recent findings by Check Point Research have drawn urgent attention to a new and particularly devious phishing campaign exploiting Microsoft Dynamics 365 Customer...

Microsoft's March 2025 Patch Tuesday brought an extensive lineup of bug fixes, but among these was a vulnerability that would quickly escalate into a significant security incident: CVE-2025-24054, an NTLM hash-leaking flaw. While Microsoft initially considered this vulnerability "less likely" to...

The growing adoption of generative AI in the workplace has ushered in sweeping changes across industries, delivering newfound efficiencies and innovative capabilities. Yet, with each leap toward automation and intelligence, a parallel, shadowy world of cyber threats surges ahead. A recent...

If you’ve already started mentally composing your next big idea in Outlook, you might want to hit “Save as Draft” for a moment—there’s a new cyberattack in town, and it’s got your Microsoft 365 credentials written all over it... possibly in Cyrillic. A New Breed of Phishing: Sophisticated Social...