Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

Microsoft

20 articles

Microsoft Security Blog General Microsoft Jul 2

Improving security posture across the Microsoft partner ecosystem

Read how Microsoft strengthens partner ecosystem security with CSP vetting, least privilege access, monitoring, and risk management best practices. The post ...

Microsoft Security Blog →

Security Affairs CVE Microsoft Jul 2

U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog

U.S.

1 IOC

Security Affairs →

BleepingComputer TTPs Microsoft Jul 2

ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds

ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to ...

T1556

BleepingComputer →

SC Media General Microsoft Jul 2

Researchers detail attack chain escaping Anthropic's Claude Cowork sandbox

The attack chain exploits two reported weaknesses in Claude Cowork for Windows.

SC Media →

SC Media General Microsoft Jul 2

Massive password spray attack targets Azure CLI, bypasses MFA

The attack, which leveraged a deprecated OAuth flow called Resource Owner Password Credentials (ROPC), made over 81 million login attempts between June 12 an...

SC Media →

BleepingComputer General Microsoft SAP Jul 2

Microsoft fixes bug that removed Copilot button in Outlook

Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic)...

BleepingComputer →

GBHackers Phishing Microsoft Jul 2

EvilTokens-Linked ARToken Panel Exposes 80+ APIs for Microsoft 365 Token Theft

A fully featured phishing-as-a-service (PhaaS) panel named “ARToken” that closely mirrors the EvilTokens infrastructure first profiled in early 2026, but wit...

T1566 T1041 T1598

GBHackers →

GBHackers CVE Microsoft Jul 2

CISA Adds Actively Exploited Microsoft SharePoint Vulnerability to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a newly discovered vulnerability in Microsoft SharePoint Server, tracked as CV...

1 IOC

GBHackers →

BleepingComputer Vulnerability Disclosure Microsoft Jul 2

CISA: Microsoft SharePoint RCE flaw now actively exploited

CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [.

T1190

BleepingComputer →

SecurityWeek CVE Microsoft Jul 2

CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability

CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Ex...

T1190 1 IOC

SecurityWeek →

The Hacker News CVE Microsoft Jul 2

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

The U.S.

T1190 1 IOC

The Hacker News →

GBHackers Campaigns Microsoft Jul 2

LSHIY Password Spray Attack Hits Microsoft 365 Accounts With 81 Million Login Attempts

A large-scale password spray campaign linked to the infrastructure provider LSHIY LLC has targeted Microsoft 365 environments, resulting in over 81 million l...

GBHackers →

SC Media Phishing Microsoft Jul 1

New phishing-as-a-service platform ARToken offers advanced BEC capabilities

ARToken operates as an affiliate of the EvilTokens phishing-as-a-service operation, which targets Microsoft 365 accounts and bypasses multi-factor authentica...

T1566 T1598

SC Media →

SC Media General Microsoft Jul 1

Microsoft Teams enhances bot protection with human verification

The new technology acts like a security guard, requiring a human user to verify the identity of bots in the meeting lobby before the session begins.

SC Media →

SC Media General Microsoft Jul 1

Microsoft Azure’s CLI target of automated password spray attacks

Huntress researchers saw 78 user accounts compromised across 64 organizations.

SC Media →

SecurityWeek General Microsoft Jul 1

Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings

Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated parti...

SecurityWeek →

The Hacker News Campaigns Microsoft Jul 1

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a "...

The Hacker News →

HackRead General Microsoft Google Jul 1

Fake “Google Notes” Browser Extension Caught Swapping Crypto Wallet Addresses

McAfee says a Google Notes browser extension is replacing copied crypto payment details, putting wallet transfers at risk for Chrome, Brave, and Microsoft Ed...

HackRead →

BleepingComputer Campaigns Microsoft Jul 1

Hackers target Microsoft 365 accounts with 81 million login attempts

An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. [.

BleepingComputer →

Microsoft Security Blog General Microsoft Jul 1

Microsoft named a leader in the Frost Radar for cloud and application runtime security

Frost & Sullivan names Microsoft a leader as cloud and application security converge into unified, runtime risk reduction. The post Microsoft named a leader ...

Microsoft Security Blog →

«Previous page 1 ... 3 4 5 6 7 ... 44 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA