Security news aggregator

Latest coverage for Microsoft

Microsoft software and cloud platforms underpin enterprise systems, so vulnerabilities and security advisories can affect identity, data, and operations.

23 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Microsoft is a technology company whose Windows, Microsoft 365, Azure, identity services, and developer tools form a widely deployed enterprise computing ecosystem. Its security relevance spans endpoint and server software, cloud control planes, authentication, collaboration data, and the update mechanisms used to maintain them.

Security news under this tag commonly concerns vulnerabilities requiring patching, exploits against exposed services, identity or token compromise, and misconfiguration of cloud permissions or authentication policies. Practitioners should verify affected versions and exposure, apply updates or mitigations, enforce multifactor authentication and least privilege, and monitor relevant audit logs. Incidents involving Microsoft-hosted identities or data may require rapid session and credential containment, investigation across cloud and on-premises systems, and assessment of privacy or regulatory obligations.

Showing 20 most recent headlines of 23 Filtered view
Bank Info Security 10 months, 1 week ago

ISMG Editors: The Pentagon, Microsoft and Chinese Workers

Also: Software Supply Chain Risks, Cato's AI Security BuyIn this week's update, four ISMG editors discussed the Pentagon's review of Microsoft's use of Chinese nationals on U.S. military cloud systems, renewed concerns over software supply chain risks and Cato Networks' first-ever acquisition to boost AI security.

Defrauding search with custom malware, Potato-family exploits A new China-aligned cybercrime crew named GhostRedirector has compromised at least 65 Windows servers worldwide - spotted in a June internet scan - using previously undocumented malware to juice gambling sites' rankings in Google search, according to ESET researchers.…

Bank Info Security 10 months, 2 weeks ago

Microsoft Backs Sola's $35M Push Into Autonomous AI Security

Series A Fuels Deeper AI, Expanded Integrations and Product-Led Growth AdoptionBacked by S32 and Microsoft, Sola Security secured $35 million to advance its autonomous AI engine. The Israeli startup aims to shift from reactive prompts to proactive agent-based systems that solve security tasks across SaaS, cloud and identity domains.

Bank Info Security 10 months, 2 weeks ago

Silver Fox APT Abuses Windows Driver in Active Campaign

Gap in Microsoft Blocklist Exploited, ValleyRAT Runs UndetectedA Chinese nation-state cyber group is exploiting a Microsoft-signed driver to shut down Windows security protections. The attackers deployed the driver through a custom loader. The core weakness that Silver Fox relied on remained exploitable even after patching.

The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts

As government says £9B could end up in Redmond, poll says it's time for new thinking Register debate series Register readers are backing a shift away from Microsoft software as a default across the UK public sector after the government confirmed it expects to spend £9 billion with the software giant over five years.…

The recent mass-theft of authentication tokens from Salesloft, whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google warns the breach goes far beyond access to Salesforce data, noting the hackers responsible also stole valid authentication tokens for hundreds of online services that customers can integrate with Salesloft, including Slack, Google Workspace, Amazon S3, Microsoft Azure, and OpenAI.

Loading more headlines...