login.microsoftonline.com
-
Microsoft disrupts RedVDS cybercrime subscription service in U.S. and U.K. action
Microsoft executed coordinated legal action in the U.S. and U.K. to seize RedVDS infrastructure and take its sites offline. RedVDS activity has driven about US $40 million in reported U.S. fraud losses since March 2025.
-
Researchers find VS Code extensions that install stealer malware, Microsoft removes packages
Researchers and security firms found two malicious Visual Studio Code extensions that stole credentials, screenshots and browser data; Microsoft removed the packages and analysts warned developers to review extensions and supply-chain risks.
-
Microsoft to block unauthorized scripts on Entra ID sign-ins with CSP update
Microsoft will change the Content Security Policy for browser-based Entra ID sign-ins at login.microsoftonline.com to block unauthorized scripts and allow only trusted Microsoft domains, with a global rollout beginning mid-to-late October 2026; organisations are asked to test sign-in flows and avoid tools that inject code.
