Live
No Patch to Install: How the Outlook Copilot Command Injection Flaw Changes Your Security Playbook·MSFT +0.1%Malta Tops EU in Daily Microsoft Copilot Usage, Eurobarometer Finds: IT Admins Must Build AI Rules Now·NVDA +3.0%Attackers Are Tricking Microsoft Users Into Adding Rogue Passkeys—Here’s the Fix·GOOGL +1.2%User-Reported Scams Land Directly in Teams Admin Center’s Protection Reports·AMZN +2.9%July 2026 and Still No Federal Privacy Law: The Windows Data Resilience Imperative·MSFT +0.1%Stop ConsentFix Phishing: Lock Down OAuth App Consent in Microsoft Entra ID Now·NVDA +3.0%ARToken Panel: How a React-Based Phishing Kit Is Hijacking Microsoft 365 Sessions via Device Code Attacks·GOOGL +1.2%Anthropic’s Claude Tag Launches on Slack, Leaving Microsoft Teams Users with a Fragmented AI Experience·AMZN +2.9%No Patch to Install: How the Outlook Copilot Command Injection Flaw Changes Your Security Playbook·MSFT +0.1%Malta Tops EU in Daily Microsoft Copilot Usage, Eurobarometer Finds: IT Admins Must Build AI Rules Now·NVDA +3.0%Attackers Are Tricking Microsoft Users Into Adding Rogue Passkeys—Here’s the Fix·GOOGL +1.2%User-Reported Scams Land Directly in Teams Admin Center’s Protection Reports·AMZN +2.9%July 2026 and Still No Federal Privacy Law: The Windows Data Resilience Imperative·MSFT +0.1%Stop ConsentFix Phishing: Lock Down OAuth App Consent in Microsoft Entra ID Now·NVDA +3.0%ARToken Panel: How a React-Based Phishing Kit Is Hijacking Microsoft 365 Sessions via Device Code Attacks·GOOGL +1.2%Anthropic’s Claude Tag Launches on Slack, Leaving Microsoft Teams Users with a Fragmented AI Experience·AMZN +2.9%

Microsoft 365 Security

The latest Microsoft 365 Security coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 1:12 PM
Latest Most Read Breaking
Sort
Command Injection · Cve 2026 55145

No Patch to Install: How the Outlook Copilot Command Injection Flaw Changes Your Security Playbook

Microsoft has disclosed a command injection vulnerability in Outlook Copilot, but this isn't a typical Patch Tuesday update. CVE-2026-55145, published on July 14, 2026, carries a CVSS base score of...

Advertisement
Ai Risk · Data Governance

July 2026 and Still No Federal Privacy Law: The Windows Data Resilience Imperative

It’s July 2026, and the United States remains the only major economy without a comprehensive national consumer privacy law. Instead, a patchwork of more than a dozen state laws—each with its own...

AI AI & Copilot Desk·1w ago
Entra Id Governance · Identity Security

Stop ConsentFix Phishing: Lock Down OAuth App Consent in Microsoft Entra ID Now

A new breed of phishing attack is automating the theft of Microsoft 365 access tokens—and it works by exploiting a single, often-overlooked setting in every Entra ID tenant. Security researchers...

SE Security Desk·2w ago
Bec And Sharepoint · Device Code Phishing

ARToken Panel: How a React-Based Phishing Kit Is Hijacking Microsoft 365 Sessions via Device Code Attacks

Cisco Talos has unearthed a menacing new threat actor panel dubbed ARToken, a React-based operator dashboard that streamlines the entire kill chain for compromising Microsoft 365 accounts. Tightly...

SE Security Desk·2w ago
Claude Ai Agents · Claude Tag

Anthropic’s Claude Tag Launches on Slack, Leaving Microsoft Teams Users with a Fragmented AI Experience

Anthropic dropped a not-so-subtle challenge to Microsoft’s enterprise dominance on June 23, 2026, when it opened the beta for Claude Tag—but only within Slack, snubbing Microsoft Teams for the...

AI AI & Copilot Desk·2w ago
Ai Certification · Azure Administration

Microsoft Retires AI-102 Exam on June 30, 2026: What It Means for Azure AI Engineers

Microsoft has set June 30, 2026, as the effective retirement date for the AI-102: Designing and Implementing an Azure AI Solution exam. Anyone currently studying for this certification or planning to...

AI AI & Copilot Desk·2w ago
Conditional Access · Entra Id

Huntress Managed ISPM Now Generally Available, Hardening Microsoft 365 Identities for MSPs

Managed service providers (MSPs) now have a new weapon in the escalating battle against identity-based attacks targeting Microsoft 365 tenants. Huntress announced the general availability of its...

SE Security Desk·2w ago
Entra Id Posture · Identity Hardening

Huntress Demo: Standard M365 User Hits Global Admin in 5 Minutes 30 Seconds—No Exploit Needed

A standard Microsoft 365 user was escalated to Global Administrator in five minutes and 30 seconds during a live product launch demonstration by cybersecurity firm Huntress. The attack required no...

SE Security Desk·2w ago
Device Code Phishing · Entra Conditional Access

FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365

The FBI issued a warning in May 2026 about a new phishing-as-a-service platform called Kali365 that hijacks Microsoft 365 accounts without a single fake login page. The platform, first spotted in...

SE Security Desk·2w ago