Bleeping Computer

Microsoft Trusted Signing service abused to code-sign malware

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates ...

Device codes are the new frontier for phishing as Barracuda detects 7 million attacks in four weeks

Device code phishing has advantages over traditional credential phishing in stealth, persistence and evasion. New research ...

Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising ...
Bleeping Computer

Microsoft: Hackers steal emails in device code phishing attacks

An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing. The targets are in the ...

Why Edge stores your passwords in plaintext, according to Microsoft

A security researcher found that Edge stores your plaintext passwords in memory when you use the browser to manage them. In a ...
The Hacker News

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft disclosed a credential theft campaign targeting 35,000+ users at 13,000+ organizations across 26 countries.
ZDNet

Microsoft is changing the way you sign in - and it could be a security nightmare

Those of you who use a Microsoft account to sign in to Microsoft websites should be aware of an upcoming change that could put your security at risk. In a recent update to a support page on using a ...
Dark Reading

From Code Red to Rust: Microsoft's Security Journey

Microsoft is reflecting back on security lessons learned over the past 25 years. As one of the most targeted digital estates in the world, the company sees threats against its products up close every ...