Microsoft 365
-
Hackers exploit trusted Microsoft redirects and ADFS to steal Microsoft 365 logins, researchers say
Researchers describe a phishing campaign that uses legitimate office.com redirects and a misconfigured Microsoft tenant with ADFS to harvest Microsoft 365 credentials, bypassing some security controls. The attack chain begins with a misleading Google ad for “Office 265,” redirects through Office to a phantom domain, and uses conditional access restrictions to conceal the page from…
-
Experts Warn of New Phishing Threats Exploiting Link Wrapping Services
Cybersecurity experts have identified a new phishing campaign that exploits link wrapping services from leading vendors to conceal malicious links, significantly raising the risk of successful attacks. The tactics involve sophisticated methods of masking URLs, allowing threat actors to redirect victims to fraudulent pages designed to capture sensitive information.
-
New AI Vulnerability Discovered in Microsoft 365 Copilot: ‘EchoLeak’
A new zero-click vulnerability known as ‘EchoLeak’ has been discovered in Microsoft 365 Copilot, enabling attackers to exfiltrate sensitive data without user interaction. While Microsoft has patched the flaw, experts advise businesses to enhance their cybersecurity measures to prevent future exploits.
