Microsoft 365
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as “highly targeted” in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, […]
Week-long Exchange Online outage causes email failures, delays
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. While the company didn’t publicly share information on this incident, it tagged it as a critical service issue tracked under EX1027675 on the Microsoft 365 Admin Center. Microsoft has yet to share more information on what regions […]
Microsoft 365 apps will prompt users to back up files in OneDrive
Starting mid-March 2025, Microsoft will start prompting users of its Microsoft 365 apps for Windows to back up their files to OneDrive. These prompts will be displayed in Word, Excel, and PowerPoint, encouraging users to enroll in OneDrive Known Folder Move (KFM). As the company explains in a new Microsoft 365 Message Center entry, they’ll first roll out […]
New Microsoft 365 outage impacts Teams, causes call failures
Microsoft is investigating a new Microsoft 365 outage that is affecting Teams customers and causing call failures. Since the incident started more than one hour ago, outage monitoring service Downdetector has received hundreds of reports, with affected users saying they’re also experiencing authentication problems. “Users may not be able to receive calls placed through Microsoft Teams-provisioned auto attendants and call […]
Microsoft links recent Microsoft 365 outage to buggy update
Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online authentication. According to an incident report published in the Microsoft 365 admin center on Saturday at 09:29 PM UTC, the incident also triggered Teams and Power Platform degraded functionality and caused Purview access issues and errors. […]
Microsoft fixes Outlook drag-and-drop broken by Windows updates
Microsoft has fixed a known issue that broke email and calendar drag-and-drop in classic Outlook after installing recent updates on Windows 24H2 systems. According to Redmond, the updates that trigger these problems are the KB5050094 January 2025 preview cumulative update and the KB5051987 February 2025 security update. “After installing the January 2025 Windows non-security preview update and subsequent updates […]
Botnet targets Basic Auth in Microsoft 365 password spray attacks
A massive botnet of over 130,000 compromised devices is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide, targeting basic authentication to evade multi-factor authentication. According to a report by SecurityScorecard, the attackers are leveraging credentials stolen by infostealer malware to target the accounts at a large scale. The attacks rely on non-interactive sign-ins using […]
Microsoft: Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. Microsoft Threat Intelligence Center tracks the threat […]
Microsoft investigates Microsoft 365 outage affecting users, admins
Microsoft is investigating an ongoing outage preventing users and admins from accessing some Microsoft 365 services and the admin center. According to thousands of reports from affected customers logged by DownDetector, these ongoing issues block login attempts and impact Microsoft 365 suite websites and Outlook services. “Further information can be found at https://status.cloud.microsoft, or under MO991872 if the […]
Microsoft Teams phishing attack alerts coming to everyone next month
Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. Once enabled, it will display alerts when detecting phishing attacks targeting organizations that have enabled external Teams access (which allows threat actors to message any user from external domains). The company […]