Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Microsoft Intune security update status
Microsoft is rewriting Windows patch guidance because of AI

Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and …

Microsoft 365 phishing
Extortion crew hijacks Microsoft 365 accounts via fake passkey setup

The Pink cyber extortion crew is tricking employees into giving them access to their Microsoft 365 accounts by faking Entra passkey enrollment requests. The attack The attack …

danger
The ARToken phishing panel targets Microsoft 365 accounts

Accounts-payable staff at U.S. companies keep receiving invoice emails that look like they come from vendors they already work with. One landed at a life-sciences company in …

Microsoft 365 phishing
Mirage2FA phishing kit uses HTML smuggling to steal Microsoft 365 credentials

Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during …

Microsoft 365 phishing
Phishing hides in routine Microsoft 365 workflows

Attackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts …

phishing
New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials

A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication …

Copilot
Microsoft 365 Copilot redesign brings context and actions into one workspace

Microsoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, …

Varonis for Microsoft 365 Copilot
Microsoft’s Copilot trust test: Zero findings, more models, wider oversight

Microsoft 365 Copilot and Copilot Chat (Copilot) have been recertified under ISO/IEC 42001:2023 by an independent auditor for the second consecutive year. Copilot first …

Microsoft 365 phishing
Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 …

Microsoft 365 phishing
EvilTokens ramps up device code phishing targeting Microsoft 365 users

Security researchers report a notable increase in device code phishing activity aimed at Microsoft 365 users, and have attributed this rise to the availability of EvilTokens, …

Okta
Okta users under attack: Modern phishing kits are turbocharging vishing attacks

Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing …

Microsoft 365
Microsoft updates the security baseline for Microsoft 365 Apps for enterprise

Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools