Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers
Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally
Microsoft Says Hackers Pivoting to Identity CompromiseHackers are as likely to log in as break in, warns Microsoft in an annual assessment of cyberthreats. During the first half of 2025, identity-based attacks rose by 32% due to credentials stolen by infostealers or password and email combinations plucked from bulk data breaches.
Fancy Bear can't keep its claws out of Outlook inboxes The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.…
Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. [...]
Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials
Phishers check in, your credentials check out, Microsoft warns An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials
Russian SVR Targeting Government, Academia, Defense Organizations GloballyA Russian-state hacking group is posing as Microsoft employees and sending malicious configuration files as email attachments to target organizations across the world. The campaign has the hallmarks of a Midnight Blizzard phishing campaign although its use of an RDP configuration file is novel.
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic
Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it's unlikely that many programmers fell for this scam, it's notable because less targeted versions of it are likely to be far more successful against the average Windows user.
Company Is Sending Email Alerts to Customers Whose Data Was Accessed by HackersMicrosoft is alerting its customers whose data may have been accessed by Russian state hackers following a January attack that compromised the emails of company executives. Microsoft also shared a link to a custom-built secure system that customers can use to review their stolen data.
Affected federal agencies must comb through mails, reset API keys and passwords The US Cybersecurity and Infrastructure Security Agency (CISA) warns that Russian spies who gained access to Microsoft's email system were able to steal sensitive data, including authentication details and that immediate remedial action is required by affected agencies.…
Microsoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. [...]
Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers
The company's systems currently detect and investigate an average of 156,000 BEC attacks daily
Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA)
CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication (MFA) support to Modern Authentication alternatives. [...]