Search CyberNews

Found 17 articles for "Microsoft"
Microsoft Reins in RoguePlanet Zero-Day Threat Vulnerabilities Dark Reading
Dark Reading Jul 10, 2026 1 min read

Microsoft Reins in RoguePlanet Zero-Day Threat

The researcher known as "Nightmare-Eclipse" published a proof-of-concept (PoC) exploit for the Windows Defender vulnerability in early June after dropping several other Microsoft zero-days.

A Record-Breaking Patch Tuesday for June 2026 Vulnerabilities Krebs on Security
Krebs on Security Jul 10, 2026 4 min read

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker Research The Hacker News
The Hacker News Jul 10, 2026 1 min read

Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint. Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intrusion, then to online accounts prosecutors say belong to 19-year-old Peter Stokes. Stokes is

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a malicious collaboration-style lure to push users into the legitimate Microsoft device login experience,

New Ghost Phishing Wave Is Breaking Traditional Email Security Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This β€œghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk is clear: traditional URL checks may miss the attack while Microsoft 365 access, sensitive data, and response time

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for its antivirus and

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk Vulnerabilities The Hacker News
The Hacker News Jul 10, 2026 1 min read

npm 12 Disables Install Scripts by Default to Reduce Supply Chain Risk

GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA). The Microsoft-owned subsidiary noted that the following npm install behaviors that used to run automatically before have been made opt-in - allowScripts defaults to off, meaning

New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware Malware The Hacker News
The Hacker News Jul 10, 2026 1 min read

New GigaWiper Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from. Each is a different way to break a machine: wipe the whole disk, overwrite the Windows drive, or run fake "ransomware" that scrambles files with a key it never saves

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access Threats The Hacker News
The Hacker News Jul 10, 2026 1 min read

Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access

A threat actor has been targeting organizations spanning multiple sectors with voice-based fake security requests that prompt Microsoft 365 users to enroll a new Entra passkey with an aim to carry out data extortion attacks. The threat actor, tracked by Okta under the moniker O-UNC-066, has deployed a panel-controlled phishing kit that's capable of targeting the passkey enrollment process. The