#microsoft
47 stories taggedmicrosoft.

Microsoft Pulls Apart 'GigaWiper', a Windows Backdoor That's Really Three Old Wreckers in a Trench Coat
The malware lets its operator pick how to trash a machine: wipe the disk, kill the Windows drive, or fake a ransomware attack with a key that's thrown away.

Microsoft says AI is finding so many Windows bugs, expect bigger Patch Tuesdays
The company is using multiple AI models to hunt vulnerabilities in Windows code, and warns customers will see more fixes each month as a result.

npm 12 Turns Off Auto-Run Install Scripts to Blunt Supply Chain Attacks
GitHub's package manager for JavaScript now ships with a safer default, and it retires a token type that let developers skip two-factor login.

Microsoft to switch off Outlook Web Access Light next August
The stripped-down webmail client, aimed at old browsers and slow connections, will be removed from Exchange Server in an update expected around August 2026.

A Windows Device ID Helped Trace an Alleged Scattered Spider Hacker to a Jewelry Heist
Federal prosecutors say a single hardware identifier tied a May 2025 intrusion at a luxury retailer to the online accounts of a 19-year-old.

Windows will start backing up work laptops by default in 2026
Microsoft is flipping its enterprise settings backup tool from opt-in to opt-out for Windows 11 26H2, and IT teams have until later this year to decide if they want it on.

Microsoft Begins Testing Cloud Rebuild, a Remote Reinstall Tool for Broken Windows 11 PCs
The feature, part of Microsoft's Windows Resiliency Initiative, downloads a fresh copy of Windows and drivers from the cloud even when the machine won't boot. It is available now to Insiders on the Experimental channel.

Fake Guest Photos Are Handing Hackers Long-Term Access to Hotel Networks
Two separate campaigns are targeting hotel front desks and booking teams with booby-trapped zip files dressed up as guest photographs — and the goal isn't a quick smash-and-grab. It's a quiet, lasting foothold.

Microsoft restores missing Copilot buttons in Classic Outlook
A licensing bug wiped the AI assistant's buttons from the desktop email client. Microsoft says a June 29 fix has now landed.

CISA Flags SharePoint Deserialization Bug CVE-2026-45659 as Actively Exploited
The RCE flaw joins KEV with a three-week federal patch deadline. Attribution details remain thin.

Microsoft Pulls Post-Quantum Deadline Forward to 2029
Azure CTO Mark Russinovich says the 'risk horizon' has moved. Redmond now wants PQC-ready systems four years ahead of the industry's 2033 target.

Poisoned Tool Descriptions Turn Helpful AI Agents Into Quiet Exfiltration Channels
Microsoft Incident Response demonstrates how a single malicious MCP-style tool description can coax an agent into leaking corporate data — without tripping a single policy check.

Hotel Front Desks Hit by Photo-ZIP Phishing Dropping Node.js Implant
Microsoft flags an unattributed campaign active since April 2026 against hospitality targets in Europe and Asia.

Law Enforcement and Microsoft Tear Down Command Infrastructure Behind Amadey and StealC
Hundreds of C2 servers went dark in a coordinated takedown targeting the shared hosting backbone used by two prolific infostealer families.

Double Trouble: Two Unrelated Attacks Thrive on Unpatched SharePoint
Microsoft DART uncovers dual intrusions on same server, complicating response efforts.