#microsoft
43 stories taggedmicrosoft · page 2 of 3.

Microsoft's Email Security Claims Under Scrutiny: Experts Weigh In
Microsoft's latest data suggests a single-vendor approach may be enough for email security, but experts urge caution.

ScarCruft Dresses Up NarwhalRAT in a Microsoft Account Security Alert
APT37's spear-phish leans on the oldest trick in the identity playbook: tell the user their account is at risk, then hand them the payload.

Week in Brief: Google Security Cuts, AudiA6 Forum Axed, Coupang's $400M Fine
ICS exposure holds flat while the attack surface grows, IBM and AT&T face hack cover-up allegations, and Microsoft quietly drops an AI incident-response playbook.

GreatXML Bypasses BitLocker Through a Trusted Recovery Path
A researcher's four-hour weekend project shows how Windows' own offline scan plumbing can sidestep full-disk encryption.

210 CVEs, Three Zero-Days, and a Microsoft Warning That This Is Just the Beginning
June Patch Tuesday sets a volume record. Microsoft says AI-assisted discovery is why, and that you should get used to it.

Microsoft's October Dump: 206 CVEs, Three Already Public
A record Patch Tuesday hauls in 39 Critical bugs and a trio of zero-days that were knocking around before the fix shipped.

AI Red Teaming Grew Up. The Job Description Is Still Being Written.
The tools broke when LLMs arrived. Now the discipline is rebuilding itself in real time — and the threat model includes teenagers with too much free time.

Microsoft Ships Record 200-Bug Patch Tuesday as 'Nightmare Eclipse' Drops Windows Zero-Days
AI-assisted bug hunting, a confrontational researcher, and a Shai-Hulud worm variant inside Microsoft's own repos shape an outsized June rollup.

Microsoft Ships KB5094127 ESU as Secure Boot Cert Rollover Looms
The June 2026 extended security update for Windows 10 patches Patch Tuesday bugs and adds telemetry to track the Secure Boot certificate transition.

Microsoft Pulls GitHub Repos After 73 Open-Source Projects Get Stealer-Spiked
The 'Miasma' incident looks less like a novel supply-chain zero-day and more like classic account takeover hitting a soft target: the org's own open-source footprint.

Microsoft Bakes a Two-Hour Quarantine Into VS Code Extension Auto-Updates
The delay is a soft tripwire against marketplace supply chain attacks — buying defenders a window to flag malicious updates before they propagate.

One-Click VS Code Flaw Exposed GitHub OAuth Tokens to Theft
A researcher-disclosed bug in Microsoft's browser-based VS Code variant let a single crafted link siphon tokens with read/write access to private repos.

Miasma Self-Replicating Worm Reaches Microsoft GitHub Orgs, 73 Repos Affected
The campaign — tracked publicly as Miasma — propagated into Azure, Azure-Samples, Microsoft, and MicrosoftDocs before GitHub pulled access.

Microsoft Expands Its Agentic AI Failure Taxonomy With Seven New Attack Classes
From inter-agent trust escalation to MCP plugin abuse, the updated taxonomy surfaces threat categories that didn't exist — or weren't well-understood — when Microsoft published its first version.

GitHub's Browser VSCode Handed Attackers a Skeleton Key to Your Private Repos
An unscoped OAuth token, a Jupyter notebook, and a skipped publisher trust check. That's all it took.