Microsoft 365
Microsoft Teams to protect against malicious URLs, dangerous file types
Microsoft recently revealed that it’s enhancing protection against dangerous file types and malicious URLs in Teams chats and channels. “Microsoft Teams now blocks messages containing weaponizable file types, such as executables, in chats and channels, increasing protection against malware and other file-based attacks,” the company said in a Microsoft 365 roadmap update this week. “Microsoft Teams can […]
Microsoft 365 apps to soon block file access via FPRPC by default
Microsoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. These changes apply only to Microsoft 365 apps for Windows and will not affect Microsoft Teams users across Windows, Mac, web, iOS, or Android. “Microsoft 365 apps […]
Microsoft: Outdated Office apps lose access to voice features in January
Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026. Read aloud lets users hear documents and emails read back, transcription converts speech into text in real-time, and the dictation feature allows for voice-to-text input across Office applications. The company advised customers to update their Microsoft […]
Attackers exploit link-wrapping services to steal Microsoft 365 logins
A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. The attacker exploited the URL security feature from cybersecurity company Proofpoint and cloud communications firm Intermedia in campaigns from June through July. Some email security services include a […]
Microsoft to disable Excel workbook links to blocked file types
Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. After the rollout, Excel workbooks referencing blocked file types will display a #BLOCKED error or fail to refresh, eliminating security risks associated with accessing unsupported or high-risk file types, including, but not […]
Microsoft investigates outage affecting Microsoft 365 admin center
Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. While the company has yet to disclose which regions are currently affected by this ongoing service degradation issue, it’s currently tracking it on its official service health status page to provide impacted organizations with access […]
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]
Microsoft investigates ongoing SharePoint Online access issues
Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. Part of the Microsoft 365 suite, SharePoint Online is a cloud-based collaboration and document management platform that allows users to create websites, store and share documents, and collaborate on content over the Internet. As the company announced earlier […]
Microsoft: DNS issue blocks delivery of Exchange Online OTP codes
Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. Recipients may receive a single-use access code via a separate email to open an encrypted message in Gmail, Yahoo, or other email clients without a Microsoft 365 subscription. This OTP message allows them to view […]
Microsoft Defender for Office 365 now blocks email bombing attacks
Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or Office 365 ATP) protects organizations operating in high-risk industries and dealing with sophisticated threat actors from malicious threats from email messages, links, […]