Microsoft 365
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method …
Microsoft cracks down on malicious meeting invites
Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a …
Attackers target retailers’ gift card systems using cloud-only techniques
A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this …
Inside the messy reality of Microsoft 365 management
Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to …
Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader
Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court …
Why your Microsoft 365 setup might be more vulnerable than you think
60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account …
Microsoft boosts default security of Windows 365 Cloud PCs
Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud …
Attackers phish OAuth codes, take over Microsoft 365 accounts
Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics …
Massive botnet hits Microsoft 365 accounts
A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers …
Threat actors are using legitimate Microsoft feature to compromise M365 accounts
Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) …
Ransomware attackers are “vishing” organizations via Microsoft Teams
The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to …
CISA orders federal agencies to secure their Microsoft cloud environments
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their …
Featured news
Resources
Don't miss
- AI isn’t one system, and your threat model shouldn’t be either
- LLMs work better together in smart contract audits
- Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management
- Crypto theft in 2025: North Korean hackers continue to dominate
- Clipping Scripted Sparrow’s wings: Tracking a global phishing ring