ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Kali365 phishing kit bypasses MFA and steals Microsoft logins
The FBI has warned that attackers are using a new phishing kit to gain long-term access to Microsoft Outlook, Teams, and OneDrive accounts.
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique exten
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a high-severity SharePoin
GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse After GitHub Ban
The anonymous researcher known as Nightmare-Eclipse has been blocked from two major code-hosting platforms in less than a week, as their disruptive public zero-day campaign against Microsoft draws serious real-world cons
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post From poisoned search results to GPU mining
Microsoft Defender Now Automatically Isolates Compromised Devices to Stop Ransomware
Microsoft Defender for Endpoint has introduced automatic device isolation, a proactive containment capability that disconnects compromised workstations from the network the moment a high-confidence attack is detected wit
Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow authenticated attackers to execute arbitrary code remotely across multiple versions of the platform. Tracked as CVE-2026-456
Microsoft Defender can now automatically isolate hacked endpoints
Microsoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers' attempts to move laterally across the network. [...]
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerabili
Windows Server 2016 Domain Controller May Fail with 15-Character Hostname
Windows administrators are facing a disruptive bug in Windows Server 2016 following Microsoft’s May 12, 2026, security update KB5087537. The update introduced a critical flaw that caused domain controller discovery to co
Identitäten zwischen Cloudarchitektur und AD-DS-Kompatibilität
Microsoft Entra ID und Microsoft Entra Domain Services bilden zwei technisch getrennte Ebenen der Identitätsarchitektur. Dieser Text analysiert Unterschiede, Grenzen und Zusammenspiel beider Dienste und ordnet ihren Ein
Microsoft: Domain Controller lookup may fail on Windows Server 2016
Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. [...]
CVE-2026-21509
Currently trending CVE - Hype Score: 4 - Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authen
Hackers Use Browser-Locking CypherLoc Kit to Push Fake Microsoft Support Calls
A newly identified scareware kit called CypherLoc is locking victims’ browsers and tricking them into calling fake Microsoft support lines. The kit has been linked to roughly 2.8 million attacks since the start of 2026,
Microsoft Entra: Phishing-resistente Anmeldung per Passkey
<p>Microsoft erweitert die Authentifizierung in Microsoft Entra ID um eine zusätzliche Variante passwortloser Anmeldung auf Windows-Systemen. Die Funktion basiert auf FIDO2-Passkeys und integriert sich in den lokalen Con
Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks
A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that ultimately accessed Active Directory. According
CVE-2026-41104 - Microsoft Planetary Computer Pro Information Disclosure Vulnerability
CVE ID :CVE-2026-41104 Published : May 22, 2026, 10:04 p.m. | 55 minutes ago Description :None Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, a
CVE-2026-42901 - Microsoft Entra ID Elevation of Privilege Vulnerability
CVE ID :CVE-2026-42901 Published : May 22, 2026, 10:04 p.m. | 55 minutes ago Description :None Severity: 10.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, a
CVE-2026-45659 - Microsoft SharePoint Remote Code Execution Vulnerability
CVE ID :CVE-2026-45659 Published : May 22, 2026, 10:04 p.m. | 55 minutes ago Description :None Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and mo