This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

A newly discovered Microsoft Copilot vulnerability enables hackers to access your email and other data. Credit: Thomas Trutschel/Photothek via It seems no matter how many safeguards are put on AI ...

FBI warns Microsoft 365 users of phishing scam. How to stay safe

In late May, the FBI warned U.S. residents of a new phishing scam, Kali365 targeting Microsoft 365 users. Here's how to ID, ...
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users

The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, ...
AOL

Ms. Rachel Asks Followers to Send Danny Go Love After His Son's Death

Ms. Rachelis showing her support for fellow children's entertainer Danny Go... after his son passed away. The YouTuber shared a post encouraging members of the "parent and caregiver community" to turn ...
ZDNet

Microsoft won't send you SMS texts for login anymore - why it's pushing passkeys instead

Microsoft is phasing out SMS as an authentication method. SMS messages are unencrypted and vulnerable to hackers. Microsoft account owners will be prompted to set up a passkey instead. When trying to ...
TechCrunch

Scammers are abusing an internal Microsoft account to send spam links

For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts. It’s ...
Mashable

Scam alert: An official Microsoft email is being used for phishing links

Scammers have found a way to weaponize an official Microsoft email address in order to spread their cyber crimes. Credit: Samuel Boivin/NurPhoto via Getty Images If you've ever received an email from ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
CNBC

Everyone should ask these 3 questions before sending an email or talking in a meeting, says CEO coach

Most people move through interactions at work on autopilot, sending messages or speaking up in meetings without really thinking about their responses until afterward, says leadership coach Aiko Bethea ...
Infosecurity-magazine.com

Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails

A phishing campaign targeting more than 35,000 users across 13,000 organizations has been identified by the Microsoft Defender Research team. The large-scale credential theft campaign used fake ...