Geek-Guy.com

Tag: Microsoft’s

AI, Apps, Global Security News

Microsoft’s new cloud PCs place AI agents under enterprise controls

Microsoft’s Windows 365 for Agents, a cloud PC platform for agentic workloads, runs AI agents in secure environments. Organizations can direct agents with natural language to interact with applications, browsers, files, and enterprise systems. The platform is available in public preview. A conceptual computer-using agent architecture. (Source: Microsoft) Users will be able to automate workflows…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management

The Underground Malware-Signing-as-a-Service That Makes Ransomware Look “Verified” on Windows

The Core Technical Concept: Code Signing At the center of Microsoft’s disruption of the Fox Tempest cybercrime operation is a foundational trust mechanism that modern operating systems rely on heavily: code signing. Code signing is a cryptographic trust framework used by operating systems such as Windows to verify both the integrity and origin of executable…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, malware

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unauthorized access.” Hours later, the company’s X account confirmed the worst: “Yesterday we…

Read more →

AI, Apps, Global Security News, malware

Internet Explorer may be dead, but its ghost still runs malware

Microsoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired. According to new research from Bitdefender, attackers continue to abuse Microsoft HTML Application Host (MSHTA), a built-in Windows utility capable of executing VBScript and JavaScript from local or remote…

Read more →

AI, Exploits, Global Security News, Network Security

Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming

Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubbed CloudZ and a custom plugin named Pheno that together allow attackers to harvest credentials…

Read more →

AI, Apps, Endpoint, Exploits, Global Security News, malware, Risk Management

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubbed CloudZ and a custom plugin named Pheno that together allow attackers to harvest credentials…

Read more →

AI, Global Security News

Visual Studio cloud agents now run inside GitHub Copilot

Microsoft’s April update to Visual Studio introduces cloud agent integration in GitHub Copilot, enabling developers to offload tasks to remote infrastructure for scalable, isolated execution. You can now start cloud agent sessions directly from Visual Studio. Custom agents now support user-level definitions that persist across projects, making it easier to reuse configurations. The update also…

Read more →

AI, Apps, Global Security News, Risk Management

Microsoft patched an ‘agent-only’ role that was not

An administrative role meant for AI agents within Microsoft’s Entra ID ecosystem could allow privilege escalation and tenant takeover attacks, as it had privileges over more than agent-related objects. Researchers at Silverfort found that users assigned to Microsoft’s “Agent ID Administrator” role, scoped to agent-related objects like blueprints and agent identities, could take ownership of…

Read more →

AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security

Azure SRE Agent flaw let outsiders silently eavesdrop on enterprise cloud operations

A high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure. The issue was identified by Enclave AI researcher Yanir Tsarimi, who detailed the findings in a blog post describing how agent interactions could be accessed without proper authentication controls. The vulnerability has…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management

Microsoft’s Windows Recall still allows silent data extraction

Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…

Read more →

AI, Cybersecurity, Exploits, Global Security News, malware, privacy, Risk Management

Microsoft’s Windows Recall still allows silent data extraction

Microsoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator privileges, kernel exploits, or breaking encryption. Alexander Hagenah, executive director at Zürich-based financial infrastructure operator SIX Group,…

Read more →

Global Security News

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device security > Secure Boot. Updated 2023 certificates are being delivered automatically through Windows Update to consumer devices and some…

Read more →

AI, Exploits, Global Security News

EvilTokens abuses Microsoft device code flow for account takeovers

A new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit “EvilTokens” that lets attackers capture authentication tokens by tricking users into completing a legitimate login process in Microsoft’s own environment. The activity, observed since at least mid-February, relies on social…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

Active Directory Flaw Enables SYSTEM Privilege Escalation

A vulnerability in Microsoft’s Active Directory Domain Services could allow attackers to escalate privileges and potentially take full control of affected systems.  “Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network,” said Microsoft in its advisory. How the Active Directory…

Read more →

AI, APAC, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management

March Patch Tuesday: Three high severity holes in Microsoft Office

Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities. Still, Jack Bicer, director of vulnerability research at Action1, says these Office-related flaws should be treated “with urgency.” “Productivity tools remain one of the most…

Read more →

AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management

OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector

ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams.  Key Takeaways  OAuth Device Code phishing is rising rapidly. Campaigns abusing Microsoft’s Device…

Read more →

Endpoint, Global Security News

New Defender deployment tool streamlines Windows device onboarding with single executable

Microsoft’s Defender deployment tool for Windows helps administrators manage device onboarding at scale with updated progress visibility and additional controls. Simplified deployment with added administrative controls The tool adapts to the operating system and supports endpoint security across a broad range of Windows devices. It eliminates the need for separate onboarding files for modern and…

Read more →

AI, Global Security News

Windows 365 for Agents brings managed cloud PCs to autonomous workflows

Microsoft’s Windows 365 for Agents is a cloud platform that gives AI agents secure access to cloud PCs. It lets builders run copilots, agents, and automated workflows in Windows environments without managing infrastructure. The platform includes security, policy controls, scalability, and visibility so agents can browse websites, process data, and complete tasks inside a managed…

Read more →

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Risk Management, Threats

Microsoft Patch Tuesday matches last year’s zero-day high with six actively exploited vulnerabilities

Microsoft’s latest security update is littered with zero-day vulnerabilities, actively exploited defects that account for more than 10% of the total CVEs the vendor addressed in this month’s Patch Tuesday update. The vendor addressed 59 vulnerabilities affecting its various products for business operations and underlying systems, including six defects that were actively exploited prior to…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →

AI, Blog, CVE, CVEs, Cybersecurity, Denial of Service, Exploits, Global Security News, Network Security, Risk Management

CVE-2026-0227: Palo Alto Networks Fixes GlobalProtect DoS Flaw Allowing Remote Firewall Disruption

Shortly after Microsoft’s massive January Patch Tuesday release addressing the CVE-2026-20805 zero-day vulnerability in Windows Desktop Window Manager, another technology giant has issued a security fix. This time, Palo Alto Networks has warned of a high-severity flaw affecting its GlobalProtect Gateway and Portal, noting that a proof-of-concept (PoC) exploit is available. GlobalProtect is Palo Alto…

Read more →