New guidance urges U.S. government agencies to expedite the switch to Modern Auth in Exchange Online ahead of Microsoft's Oct. 1 deadline.
Microsoft issued a patch for the Follina vulnerability, which was first disclosed in May and has been under active exploitation by attackers.
A zero day flaw (CVE-2022-30190) in Windows and Office is under active attack and MIcrosoft has not issued a patch yet.
Researchers have discovered a sophisticated post-exploitation framework being deployed on Microsoft Exchange servers to assist threat actors with credential harvesting and local reconnaissance.
After Microsoft started blocking macros obtained from the internet by default, email attackers are exploring alternative techniques to distribute Emotet, Qakbot, IcedID and other payloads.