Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Security Boulevard

Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden

Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the "internal API" security model obsolete.The "Confused Deputy" Risk: ...
ZDNet

Microsoft to tighten Windows security dramatically in 2025 - here's how

Last summer's CrowdStrike meltdown caused billions of dollars in damage and exposed some fundamental architectural flaws in the Windows platform. A single flawed update from one vendor was enough to ...
TechCrunch

Microsoft probing whether DeepSeek improperly used OpenAI APIs

Just a few hours after David Sacks claimed DeepSeek used OpenAI’s models to train its own models, Bloomberg Law reports that Microsoft is investigating DeepSeek’s use of OpenAI’s application ...
Forbes

Emergency Microsoft Security Warning Confirmed — Act Now, CISA Says

Update, August 10, 2025: This story, originally published on August 7, has been updated with additional information following a demonstration of the shared service principal exploit at the Black Hat ...
Redmond Magazine

Microsoft Bolsters Defender for Office 365 with ICES Ecosystem for Integrated E-mail Security

Microsoft has introduced a new vendor ecosystem for Microsoft Defender for Office 365, expanding its Integrated Cloud Email Security (ICES) strategy through open APIs and tighter integration with ...
CRN

Upcoming Microsoft Security, Resilience Updates Includes Ability To Run Services Outside Windows Kernel

‘We’ve heard the feedback loud and clear,’ David Weston, Microsoft’s corporate vice president of enterprise and OS security, said. Microsoft will release a series of security and resilience services ...
Dark Reading

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...
SecurityWeek

API Threats Grow in Scale as AI Expands the Blast Radius

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.
CRN

Microsoft Ignite 2025: The Biggest Partner Program, Security News

Microsoft partner program and security news from Ignite 2025 includes Microsoft 365 Copilot Business, AI agents in Microsoft Intune and Windows kernel access updates. An upcoming Microsoft Copilot ...
Bleeping Computer

Microsoft Edge to block malicious sideloaded extensions

Microsoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. Edge enables developers to install extensions ...
PC World

Microsoft fixed 100+ security flaws in Windows and Office this month

Yesterday was Patch Tuesday for Microsoft, which means tons of security updates across the company’s products and services. Specifically, 107 new security vulnerabilities have been patched. Microsoft ...