Microsoft 365
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. The campaign was recently discovered by incident response firm SpearTip, who said the attacks began on January 6, 2025, targeting the Azure Active Directory Graph API. The researchers warn that the brute-force attacks have to successful account […]
Microsoft 365 apps crash on Windows Server after Office update
Microsoft says a known issue is causing Classic Outlook and Microsoft 365 applications to crash on Windows Server 2016 or Windows Server 2019 systems. This confirmation comes after many customers reported over the last several days that Microsoft Outlook and Office 365 apps like Excel, Word, Outlook, and PowerPoint crashed within 15 seconds of launch. Redmond says the root […]
Microsoft MFA outage blocking access to Microsoft 365 apps
Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) outage that is blocking customers from accessing Microsoft 365 Office apps. Some affected Microsoft 365 users have also reported that MFA registration and reset are not working. “Users may be unable to access some Microsoft 365 Apps when authenticating with MFA,” Microsoft said in an incident alert published in the admin center. “We’re re-directing traffic to […]
Microsoft to force install new Outlook on Windows 10 PCs in February
Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month’s security update. The announcement was made in a new message added to the company’s Microsoft 365 Admin Center, tagged MC976059, and it applies to Microsoft 365 apps users. As Redmond explains, the new Outlook app will be installed on […]
Microsoft fixes bug causing Outlook to freeze when copying text
Microsoft has fixed a known issue causing the classic Outlook email client to stop responding when copying text with the CTRL+C keyboard shortcut. The bug mainly affected Microsoft 365 users on the Current Channel Version 2409 (Build 18025.20096) or higher when using languages with an IME (Input Method Editor). “When you select text in a […]
Microsoft 365 users hit by random product deactivation errors
Microsoft is investigating a known issue triggering “Product Deactivated” errors for customers using Microsoft 365 Office apps. According to online user reports on Reddit and Microsoft’s own community website, affected users randomly received these “Product Deactivated” errors in Office apps, prompting confusion and disruptions. As Redmond explained in a support document published on Thursday, these problems stem from licensing changes initiated by […]
CISA orders federal agencies to secure Microsoft 365 tenants
CISA has issued this year’s first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their cloud environments by implementing a list of required secure configuration baselines (SCBs). While CISA has only finalized the SCBs for Microsoft 365, it plans to release additional baselines for other cloud platforms, starting with Google Workspace (anticipated to […]
Microsoft 365 outage takes down Office web apps, admin center
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. Since this incident started hours ago, Downdetector has received user reports complaining about problems connecting to Outlook, OneDrive, and other Office 365 apps and services. Affected customers see “We’re experiencing a service outage. All of your open […]
New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named ‘Rockstar 2FA’ has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Like other AiTM platforms, Rockstar 2FA enables attackers to bypass multifactor authentication (MFA) protections on targeted accounts by intercepting valid session cookies. These attacks work by directing victims to a fake login page that mimics Microsoft […]
Microsoft 365 Admin portal abused to send sextortion emails
The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the messages appear trustworthy and bypassing email security platforms. Sextortion emails are scams claiming that your computer or mobile device was hacked to steal images or videos of you performing sexual acts. The scammers then demand from you a payment of $500 […]