microsoft

Mirage2FA Phishing Kit Uses HTML Smuggling to Steal Microsoft 365 Credentials

Researchers at Fortra uncovered Mirage2FA, a phishing kit that uses HTML smuggling and obfuscated JavaScript to deploy fake Microsoft 365 login pages, tricking users into submitting credentials and multi-factor authentication details. The campaign employs business-themed lures and short-lived domains to carry out Microsoft 365 account takeovers, potentially exposing email, files, Teams messages, and other cloud resources. Users affected are advised to reset passwords, revoke sessions, review MFA methods, and check for unauthorized mailbox access.

https://www.helpnetsecurity.com/2026/06/26/mirage2fa-phishing-kit-microsoft-365-html-smuggling/

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch Is in Development

Microsoft has confirmed a privilege escalation zero-day vulnerability in Microsoft Defender, known as RoguePlanet (CVE-2026-50656), and is developing a patch to address it. The flaw, disclosed by researcher Chaotic Eclipse, exploits a race condition that can grant SYSTEM-level access regardless of Defender’s real-time protection setting.

https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html

Crooks Found a New Way to Collaborate Using Teams – by Hiding Command-and-Control Traffic

Researchers at Symantec discovered that DragonForce ransomware operators used a custom Go-based backdoor called Backdoor.Turn to hide command-and-control communications within legitimate Microsoft Teams traffic, effectively disguising malicious activity as routine corporate collaboration. The malware leveraged Microsoft Teams and Skype infrastructure, including TURN relay servers and QUIC connections, to evade detection while maintaining persistent access to a major US services company's network over two months. This represents the first known instance of malware using Microsoft Teams for covert command-and-control communication.

https://www.theregister.com/cyber-crime/2026/06/16/crooks-found-a-new-way-to-collaborate-using-teams-by-hiding-command-and-control-traffic/5256296

June 2026 Patch Tuesday Fixes 200 Microsoft Vulnerabilities

Microsoft's June 2026 Patch Tuesday addressed a record number of 200 vulnerabilities across its products, aiming to enhance security and mitigate risks from potential exploits. This massive update underscores the increasing complexity and volume of vulnerabilities in software ecosystems and highlights the critical need for timely patch management in cybersecurity defense.

https://thecyberexpress.com/june-2026-patch-tuesday-200-microsoft/

The Miasma Worm’s Path of Destruction

The Miasma worm is a new, aggressive variant of the Mini Shai-Hulud malware that has recently compromised Red Hat’s npm packages and spread to 73 Microsoft GitHub repositories, including critical Azure and Durable Task projects. It exploits legitimate GitHub OIDC tokens and valid SLSA provenance attestations to bypass traditional security defenses, weaponizes AI coding tools to propagate when infected repos are cloned, and targets cloud identities in GCP and Azure. Security teams are advised to assume credential compromise, rotate all secrets, audit environments for unauthorized activity, and implement strict dependency allowlisting and SBOMs to defend against such sophisticated supply chain attacks.

https://cloudsmith.com/blog/miasma-worms-path-of-destruction

Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Microsoft has released a critical security update for Microsoft Edge addressing a vulnerability (CVE-2026-45495) that allows remote attackers to execute arbitrary code by exploiting improper validation of user-supplied file paths in feedback log processing. The flaw, requiring user interaction such as visiting a malicious webpage or opening a crafted file, could enable attackers to run code with the current user's privileges, leading to risks like data theft and local persistence; users and administrators are urged to apply the patch immediately.

https://cybersecuritynews.com/microsoft-edge-vulnerability-code-execution/

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

A newly disclosed, unpatched vulnerability in the Windows Search URI handler allows attackers to steal users' NTLMv2 hashes by inducing them to click specially crafted links that connect to malicious SMB servers. This issue, similar to a previously patched flaw in the Windows Snipping Tool, poses risks of relay attacks and deeper network access, but Microsoft has declined to issue a fix, recommending mitigations like blocking outbound SMB traffic and disabling NTLM where possible.

https://thehackernews.com/2026/06/unpatched-windows-search-uri.html

Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users

A critical vulnerability called FlagLeft was discovered in six major Microsoft 365 Android apps, where a debug flag left enabled in production allowed any app on the device to silently obtain valid Microsoft account tokens without user consent. This flaw exposed billions of users to account takeover risks, enabling attackers to access emails, files, and calendar data under the victim's identity; Microsoft has since patched the issue and urged users to update affected apps immediately.

https://cybersecuritynews.com/microsoft-365-android-apps-account-takeover-vulnerability/

Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy

Microsoft has clarified that it does not intend to take legal action against security researchers conducting good-faith vulnerability research, following backlash from the community over its response to a researcher known as Nightmare Eclipse who publicly disclosed multiple unpatched Windows zero-day exploits. The company emphasized that legal escalation would target only those engaged in malicious activities causing harm, reaffirmed its commitment to coordinated vulnerability disclosure, and pledged improved communication and transparency with researchers.

https://cybersecuritynews.com/microsoft-clarifies-nightmare-eclipse-controversy/

Microsoft Copilot Cowork Exfiltrates Files

Microsoft Copilot Cowork in Microsoft 365 is vulnerable to file exfiltration attacks via indirect prompt injection, exploiting the fact that sending emails and Teams messages to the active user occurs without manual approval. Attackers can use poisoned skills to cause Copilot Cowork to send messages containing pre-authenticated download links to sensitive files, which are exfiltrated when the user opens the messages, posing a significant security risk that can be mitigated by restricting permissions and file downloads in SharePoint.

https://www.promptarmor.com/resources/microsoft-copilot-cowork-exfiltrates-files

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft disclosed two actively exploited vulnerabilities in Defender, CVE-2026-41091 and CVE-2026-45498, which have been patched in the latest versions of Defender. The vulnerabilities, which overlap with previously disclosed zero-days, enable privilege escalation and denial-of-service attacks. Microsoft also addressed a heap-based buffer overflow vulnerability (CVE-2026-45584) in the same update.

https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft has released a mitigation for the YellowKey vulnerability (CVE-2026-45585), a BitLocker security feature bypass that allows attackers with physical access to circumvent device encryption on affected Windows 11 and Windows Server versions. The exploit uses specially crafted files to spawn an unrestricted shell during recovery mode, granting full access to encrypted data, and Microsoft recommends updating WinRE images and switching from TPM-only to TPM+PIN protection to prevent exploitation.

https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html

Windows Zero-Day Barrage Continues After Patch Tuesday

Security researcher “Nightmare Eclipse” has disclosed six Windows zero-day vulnerabilities over the past six weeks, including new flaws named YellowKey, GreenPlasma, and MiniPlasma, following Microsoft's May 2026 Patch Tuesday. These vulnerabilities enable severe attacks such as bypassing BitLocker encryption, privilege escalation, and disabling Microsoft Defender, with some already actively exploited, highlighting significant ongoing security challenges for Windows users despite patches.

https://www.darkreading.com/cyberattacks-data-breaches/windows-zero-day-barrage-continues-after-patch-tuesday

Microsoft Exchange Zero-Day Under Attack, No Patch Available

Microsoft disclosed a zero-day vulnerability (CVE-2026-42897) in Exchange Outlook Web Access (OWA) that is actively being exploited and stems from a cross-site scripting (XSS) flaw allowing attackers to compromise mailboxes and execute spoofing attacks. While no patch is yet available, Microsoft recommends enabling the Exchange Emergency Mitigation Service or applying an updated mitigation tool to reduce risk until a security update is released.

https://www.darkreading.com/vulnerabilities-threats/microsoft-exchange-zero-day-no-patch

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced MDASH, a multi-model AI-driven system designed to autonomously discover, validate, and prove exploitable vulnerabilities in complex codebases like Windows. Tested in a private preview, MDASH identified 16 flaws fixed in the latest Patch Tuesday, including critical remote code execution vulnerabilities in Windows networking and authentication components. This system represents a production-grade advancement in AI vulnerability discovery by orchestrating over 100 specialized AI agents to enhance security at enterprise scale.

https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html

Scroll to Top