GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defend...
20 articles
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defend...
Microsoft Teams’ trusted infrastructure has been exploited by threat actors to secretly route malicious traffic, leading to a highly stealthy ransomware camp...
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure.
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The W...
An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts.
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. [.
ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account...
Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]).
Developers coordinate code across README files, issue threads, and pull request discussions. Much of that exchange happens in English, and a large share happ...
Microsoft has triggered widespread browser security warnings after allowing the TLS certificate for a critical Microsoft 365 connectivity testing domain to e...
Microsoft 365 Copilot has been found vulnerable to a critical one-click data exfiltration attack chain dubbed “SearchLeak,” exposing sensitive enterprise dat...
The SearchLeak vulnerability, identified as CVE-2026-42824, is a three-stage attack chain developed by Varonis researchers.
See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post Microsoft Defender email se...
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterpris...
Trust3 AI has announced AgentDOS, an enterprise control plane that provides visibility into AI agents, including real-time token consumption monitoring acros...
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, O...
Windows 11 cumulative update KB5094126, released on June 9, 2026, for builds 26200.8655 and 26100.
Microsoft is rolling out workplace check-in via Wi-Fi for Teams and Microsoft Places. Connect to your office network and your in-office presence updates auto...