Microsoft 365
Microsoft 365 apps to soon block file access via FPRPC by default
Microsoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. These changes apply only to Microsoft 365 apps for Windows and will not affect Microsoft Teams users across Windows, Mac, web, iOS, or Android. “Microsoft 365 apps […]
Microsoft: Outdated Office apps lose access to voice features in January
Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026. Read aloud lets users hear documents and emails read back, transcription converts speech into text in real-time, and the dictation feature allows for voice-to-text input across Office applications. The company advised customers to update their Microsoft […]
Attackers exploit link-wrapping services to steal Microsoft 365 logins
A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. The attacker exploited the URL security feature from cybersecurity company Proofpoint and cloud communications firm Intermedia in campaigns from June through July. Some email security services include a […]
Microsoft to disable Excel workbook links to blocked file types
Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. After the rollout, Excel workbooks referencing blocked file types will display a #BLOCKED error or fail to refresh, eliminating security risks associated with accessing unsupported or high-risk file types, including, but not […]
Microsoft investigates outage affecting Microsoft 365 admin center
Microsoft is investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. While the company has yet to disclose which regions are currently affected by this ongoing service degradation issue, it’s currently tracking it on its official service health status page to provide impacted organizations with access […]
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]
Microsoft investigates ongoing SharePoint Online access issues
Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. Part of the Microsoft 365 suite, SharePoint Online is a cloud-based collaboration and document management platform that allows users to create websites, store and share documents, and collaborate on content over the Internet. As the company announced earlier […]
Microsoft: DNS issue blocks delivery of Exchange Online OTP codes
Microsoft is working to fix a DNS misconfiguration that is causing one-time passcode (OTP) message delivery failures in Exchange Online for some users. Recipients may receive a single-use access code via a separate email to open an encrypted message in Gmail, Yahoo, or other email clients without a Microsoft 365 subscription. This OTP message allows them to view […]
Microsoft Defender for Office 365 now blocks email bombing attacks
Microsoft says its Defender for Office 365 cloud-based email security suite will now automatically detect and block email bombing attacks. Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection or Office 365 ATP) protects organizations operating in high-risk industries and dealing with sophisticated threat actors from malicious threats from email messages, links, […]
Microsoft 365 ‘Direct Send’ abused to send phishing as internal users
An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called “Direct Send” to evade detection by email security and steal credentials. Direct Send is a Microsoft 365 feature that allows on‑premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It’s […]