ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Microsoft fixes machine learning bug flagging Adobe emails as spam
<html><body><p>Microsoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. [...]</p></body></html>
New whitepaper outlines the taxonomy of failure modes in AI agents
<html><body><p>Read the new whitepaper from the Microsoft AI Red Team to better understand the taxonomy of failure mode in agentic AI.</p> <p>The post <a href="https://www.microsoft.com/en-us/security/blog/2025/04/24/new
New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT
<html><body><p>Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files. This attack chain leverages an
Microsoft now pays up to $30,000 for some AI vulnerabilities
<html><body><p>Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. [...]</p></body></html>
Microsoft fixes bug causing incorrect 0x80070643 WinRE errors
<html><body><p>Microsoft says it resolved a known issue causing erroneous 0x80070643 installation failure errors when deploying the April 2025 Windows Recovery Environment (WinRE) updates. [...]</p></body></html>
Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities
<html><body><p>Microsoft has launched an expanded bug bounty program offering rewards of up to $30,000 for researchers who identify critical vulnerabilities in AI systems within its Dynamics 365 and Power Platform produc
Understanding the threat landscape for Kubernetes and containerized assets
<html><body><p>The dynamic nature of containers can make it challenging for security teams to detect runtime anomalies or pinpoint the source of a security incident, presenting an opportunity for attackers to stay undete
Hackers Exploiting Microsoft 365 OAuth Workflows to Target Organizations
<html><body><p>A new campaign by Russian threat actors. These actors are exploiting legitimate Microsoft OAuth 2.0 authentication workflows to compromise targeted organizations. Since early March 2025, these sophisticate
Hackers Exploited 17-year-old Vulnerability to Weaponize Word Documents
<html><body><p>Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspecting Win
Microsoft fixes Remote Desktop freezes caused by Windows updates
<html><body><p>Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices. [...]</p></body></html>
Microsoft fixes Windows Server 2025 blue screen, install issues
<html><body><p>Microsoft has fixed several known issues that caused Blue Screen of Death (BSOD) and installation issues on Windows Server 2025 systems with a high core count. [...]</p></body></html>
Windows 10 KB5055612 preview update fixes a GPU bug in WSL2
<html><body><p>Microsoft has released the optional KB5055612 preview cumulative update for Windows 10 22H2 with two changes, including a fix for a GPU paravirtualization bug in Windows Subsystem for Linux 2 (WSL2). [...]
Cookie-Bite attack PoC uses Chrome extension to steal session tokens
<html><body><p>A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain access to c
Hackers Leverage Windows MS Utility Tool to Inject Malicious DLL Payload
<html><body><p>Threat actors are increasingly exploiting mavinject.exe, a legitimate Microsoft utility, to bypass security controls and compromise systems. This sophisticated attack technique allows hackers to hide mali
Secure Future Initiative reveals Microsoft staff focus
<html><body><p>IT security is now a metric in the Microsoft employee appraisal process</p></body></html>
Microsoft Boosts MSA Signing Service Security on Azure Following Storm-0558 Breach
<html><body><p>In a significant security enhancement following last year’s high-profile Storm-0558 breach, Microsoft has completed the migration of its Microsoft Account (MSA) signing service to Azure confidential VMs. T
“Microsoft’s Secure Future Initiative” Biggest Cybersecurity Project in Its History
<html><body><p>Microsoft has released its second progress report on the Secure Future Initiative (SFI), described as the largest cybersecurity engineering project in the company’s history. Led by Charlie Bell, Executive
Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users
<html><body><p>Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alert
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan
<html><body><p>Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, the AhnLab
Microsoft Entra account lockouts caused by user token logging mishap
<html><body><p>Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. [...]</p></body></html>