Tag: microsoft
-
Datenschutz und KI-Nutzung – Kyndryl und Microsoft bündeln Kräfte für mehr Datensicherheit
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kyndryl-und-microsoft-buendeln-kraefte-fuer-mehr-datensicherheit-a-9c0a648e517da3e01b1f333cf800b539/
-
EchoLeak: Erste AI 0-Click-Sicherheitslücke in Microsoft Copilot
by
in SecurityNewsSicherheitsforscher sind auf die erste Zero-Click-Schwachstelle in einer KI-Anwendung gestoßen. Wenig überraschend für mich betrifft dies Microsoft 365 Copilot. Angreifer könnten Microsoft 365 Copilot über diese, als EchoLeak bezeichnete, Schwachstelle zu einer Datenexfiltration zwingen. Microsoft “stülpt” ja allen Office-Anwendern den … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/13/echoleak-erste-ai-0-click-sicherheitsluecke-in-microsoft-copilot/
-
Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft
by
in SecurityNewsResearchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-365-copilot-zeroclick-ai/
-
PoC Exploit Unveiled for Windows Disk Cleanup Elevation Vulnerability
by
in SecurityNewsMicrosoft addressed a high-severity elevation of privilege vulnerability (CVE-2025-21420) in its Windows Disk Cleanup Utility (cleanmgr.exe) during February 2025’s Patch Tuesday. The flaw, scoring 7.8 on the CVSS scale, enabled attackers to execute malicious code with SYSTEM privileges through DLL sideloading and a directory traversal technique. Technical Analysis of CVE-2025-21420 The vulnerability stems from cleanmgr.exe’s…
-
How to log and monitor PowerShell activity for suspicious scripts and commands
by
in SecurityNewsBlock executable content from email client and webmailBlock executable files from running unless they meet a prevalence, age, or trusted list criterionBlock execution of potentially obfuscated scriptsBlock JavaScript or VBScript from launching downloaded executable contentBlock process creations originating from PSExec and WMI commands Log workstation PowerShell commands: Even without Microsoft Defender resources you need to…
-
WebDAV Remote Code Execution 0-Day Actively Exploited, PoC Released
by
in SecurityNewsA critical zero-day vulnerability in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) protocol, tracked as CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group Stealth Falcon since March 2025. The flaw, patched in June’s Patch Tuesday, enables remote code execution (RCE) via manipulated .url shortcut files and has been linked to attacks…
-
Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’
by
in SecurityNewsResearchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/researchers-detail-zero-click-copilot-exploit-echoleak
-
Password Spraying Attacks Hit Entra ID Accounts
by
in SecurityNewsHackers Use TeamFiltration Penetration Testing Tool. A threat actor is using the password spraying feature of the TeamFiltration pentesting tool to launch attacks against Microsoft Entra accounts – and finding success. The threat actor has targeted more than 80,000 user accounts across roughly 100 cloud tenants. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/password-spraying-attacks-hit-entra-id-accounts-a-28682
-
Microsoft 365 Copilot ‘zero-click’ vulnerability enabled data exfiltration
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-365-copilot-zero-click-vulnerability-enabled-data-exfiltration
-
AitM Phishing Attacks on Microsoft 365 and Google Aimed at Stealing Login Credentials
by
in SecurityNewsA dramatic escalation in phishing attacks leveraging Adversary-in-the-Middle (AiTM) techniques has swept across organizations worldwide in early 2025, fueled by the rapid evolution and proliferation of Phishing-as-a-Service (PhaaS) platforms. Sekoia researchers and threat intelligence teams are sounding the alarm as these attacks become more complex, harder to detect, and increasingly effective at bypassing even advanced…
-
Researchers warn of ongoing Entra ID account takeover campaign
by
in SecurityNewsAttackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/12/researchers-warn-of-ongoing-entra-id-account-takeover-campaign/
-
Patch Tuesday: Microsoft Patches 68 Security Flaws, Including One for Targeted Espionage
by
in SecurityNewsSecurity experts offer their takes on some of the flaws, including a set of vulnerabilities that could enable remote code execution in Microsoft Office. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-june/
-
Password-spraying attacks target 80,000 Microsoft Entra ID accounts
by
in SecurityNewsHackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/password-spraying-attacks-target-80-000-microsoft-entra-id-accounts/
-
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
by
in SecurityNewsA new attack dubbed ‘EchoLeak’ is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user’s context without interaction. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/
-
Outlook Vulnerability Allows Remote Execution of Arbitrary Code by Attackers
by
in SecurityNewsMicrosoft confirmed a critical security vulnerability (CVE-2025-47176) in Microsoft Office Outlook, enabling attackers to execute arbitrary code. Despite the “Remote Code Execution” title, the attack vector is local, requiring attackers to run code from a user’s own machine. However, the potential impact remains high for organizations, as successful exploitation can compromise the confidentiality, integrity, and…
-
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
by
in SecurityNewsFormer members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks.”Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report First…
-
Patch Tuesday Update June 2025
by
in SecurityNewsIn total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 69 CVEs, including 3 republished CVEs. Overall, Microsoft announced 2 Zero-Day, 10 Critical, and 57 Important vulnerabilities. From an Impact perspective, Remote Code Execution vulnerabilities accounted for 39%, followed by Information Disclosure at 25% and Escalation of Privilege at 20%. Patches for this……
-
Critical flaw in Microsoft Copilot could have allowed zero-click attack
by
in SecurityNewsResearchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/flaw-microsoft-copilot-zero-click-attack/750456/
-
Critical flaw in Microsoft Copilot could have allowed zero-click attack
by
in SecurityNewsResearchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/flaw-microsoft-copilot-zero-click-attack/750456/
-
Critical flaw in Microsoft Copilot could have allowed zero-click attack
by
in SecurityNewsResearchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/flaw-microsoft-copilot-zero-click-attack/750456/
-
Microsoft creates separate Windows 11 24H2 update for incompatible PCs
by
in SecurityNewsMicrosoft confirmed on Tuesday that it’s pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month’s Patch Tuesday. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-creates-separate-windows-11-24h2-update-for-incompatible-pcs/
-
Windows Task Scheduler Flaw Allows Attackers to Escalate Privileges
by
in SecurityNewsA critical elevation of privilege vulnerability has been identified in the Windows Task Scheduler service, tracked as CVE-2025-33067. Officially published on June 10, 2025, by Microsoft as the assigning CNA (CVE Numbering Authority), this flaw allows attackers to potentially gain elevated privileges on affected systems, bypassing normal user restrictions and compromising the integrity of the…
-
Windows Common Log File System Driver Flaw Allows Attackers to Escalate Privileges
by
in SecurityNewsMicrosoft addressed a critical security flaw (CVE-2025-32713) in the Windows Common Log File System (CLFS) driver during its June 2025 Patch Tuesday. The heap-based buffer overflow vulnerability enables local attackers to escalate privileges to SYSTEM-level access, posing significant risks to enterprise environments. Anatomy of CVE-2025-32713 The vulnerability stems from improper memory handling in the CLFS…
-
Microsoft fixes unreachable Windows Server domain controllers
by
in SecurityNewsMicrosoft has resolved a known issue that caused some Windows Server 2025 domain controllers to become unreachable after a restart and triggered app or service failures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-unreachable-windows-server-domain-controllers/
-
Multiple Microsoft Office Vulnerabilities Enable Remote Code Execution by Attackers
by
in SecurityNewsMicrosoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software. The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, each received a CVSS v3.1 base score of…
-
Microsoft fixes Windows Server auth issues caused by April updates
by
in SecurityNewsMicrosoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-auth-issues-caused-by-april-updates/
-
Ohne Nutzerinteraktion: Microsoft Office anfällig für Schadcode-Attacken
by
in SecurityNewsWer Microsoft Office verwendet, sollte dringend die Juni-Updates einspielen. Angreifer können ohne Zutun des Nutzers Schadcode zur Ausführung bringen. First seen on golem.de Jump to article: www.golem.de/news/ohne-nutzerinteraktion-microsoft-office-anfaellig-fuer-schadcode-attacken-2506-197030.html
-
June Patch Tuesday resolves Windows zero-day
by
in SecurityNewsMicrosoft fixes 66 bugs, including an actively exploited WebDAV remote-code execution flaw, but the BadSuccessor vulnerability remains unpatched. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366625855/June-Patch-Tuesday-resolves-Windows-zero-day
-
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)
by
in SecurityNewsFor June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/11/microsoft-fixes-zero-day-exploited-for-cyber-espionage-cve-2025-33053/