New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. [...]
Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.
Search across headline titles and summaries.
Background for this topic.
Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.
Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. [...]
Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. [...]
Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...]
Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. [...]
The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats that previously focused on Windows. [...]
Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. [...]
Microsoft has shared a new method to fix a bug preventing app uninstalls or updates on Windows 10 for those unwilling to deploy this month's preview update. [...]
Microsoft now blocks the Windows 11 24H2 update on computers with standalone scanners, multi-function printers, fax machines, modems, and other network devices with eSCL protocol support. [...]
Microsoft is working on fixing an ongoing and widespread Microsoft 365 outage that is impacting multiple services and features, including Exchange Online, Microsoft Teams, and SharePoint Online. [...]