ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Microsoft blames macOS update for undismissible Teams location prompts
Microsoft has confirmed user reports that the Teams team collaboration app is displaying non-dismissible location prompts on some macOS systems. [...]
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ appeared firs
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. [...]
CVE-2026-42897
Currently trending CVE - Hype Score: 4 - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a networ
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains. The post
The New Phishing Click: How OAuth Consent Bypasses MFA
In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform
Microsoft confirms patching issues in restricted Windows networks
Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. [...]
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (ve
Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data
A threat actor known as Storm-2949 has launched a sophisticated, multi-layered cloud attack campaign targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure environments. The campaign w
CVE-2026-45495 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE ID :CVE-2026-45495 Published : May 18, 2026, 6:17 p.m. | 18 hours, 4 minutes ago Description :Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Severity: 8.8 | HIGH Visit the link for
Microsoft Edge: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um falsche Informationen darzustellen, und um Schadcode auszuführen.
Microsoft confirms Windows 11 security update install issues
Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]
Microsoft Edge: Keine Klartext-Passwörter mehr im Browserprozess
Microsofts Edge hatte alle Passwörter aus dem Passwort-Manager beim Start geladen und im Klartext vorgehalten. Jetzt aber nicht mehr.
Microsoft Authenticator: Lücke ermöglicht unbefugten Zugriff
Microsoft warnt vor einer Sicherheitslücke im Authenticator. Angreifer können Sign-in-Token abgreifen und damit Zugriff erlangen.
Google Chrome und Microsoft Edge: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Google Chrome und Microsoft Edge ausnutzen, um Schadcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um Sicherheitsvorkehrung
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [...]
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was ex
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more.
Microsoft Exchange: Zero-Day-Lücke wird angegriffen
In Microsofts Exchange klafft eine Zero-Day-Lücke, die Angreifer bereits missbrauchen. Admins sollten rasch handeln.
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: