microsoft
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. The kit is sold to cybercriminals over Telegram and is under continuous development, its author stating that they plan to extend support for Gmail and Okta phishing pages. Device […]
New Windows 11 emergency update fixes preview update install issues
Microsoft released an out-of-band update to fix the March 2026 non-security preview update, which was pulled over the weekend due to installation issues. The optional cumulative update (KB5079391) was released on Thursday for Windows 11 24H2 and 25H2 systems, with 29 changes, including Smart App Control and Display improvements. However, right after it started rolling out, users […]
Microsoft fixes bug causing Classic Outlook sync issues with Gmail
Microsoft has fixed a known issue causing Gmail and Yahoo email synchronization problems for classic Outlook users. As the company explained earlier this month, the bug triggers 0x800CCC0F and 0x80070057 error codes when synchronizing Gmail and Yahoo accounts. Microsoft said that this type of email account stopped syncing as of February 26, 2026, and that, in […]
Microsoft Exchange Online service change causes email access issues
Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clients since Thursday. After investigating the incident (tracked under EX1256020), Microsoft found that the root cause was a newly introduced virtual account. On Saturday, began working to revert […]
New KB5085516 emergency update fixes Microsoft account sign-in
Microsoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. This issue appears after installing the KB5079473 cumulative update that Microsoft released as part of this month’s Patch Tuesday, and it warns users that the affected devices are not connected to the […]
Microsoft Azure Monitor alerts abused for callback phishing attacks
Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. Azure Monitor is Microsoft’s cloud-based monitoring service that collects and analyzes data from Azure resources, applications, and infrastructure. It enables users to track performance, notify about billing changes, detect […]
Microsoft: March Windows updates break Teams, OneDrive sign-ins
Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. These sign-in issues appear after installing the KB5079473 cumulative update Microsoft released last week as part of this month’s Patch Tuesday, and, according to a Windows release health dashboard update published on Wednesday, will trigger warnings that […]
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker’s systems. Microsoft published guidance on hardening Intune administrative controls days after Stryker was breached in an incident claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. The hackers claim that they stole 50 […]
Critical Microsoft SharePoint flaw now exploited in attacks
A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. Tracked as CVE-2026-20963, this security flaw affects SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. Successful exploitation enables threat actors without privileges to achieve remote code execution on unpatched servers […]
Microsoft stops force-installing the Microsoft 365 Copilot app
Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. The Microsoft 365 Copilot app integrates the AI-powered Copilot assistant with Microsoft 365 suite apps, including Word, Excel, and PowerPoint, as well as other features like AI agents and Notebooks. The forced rollout began […]