Live
FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365·MSFT +0.1%Cloud Security Gaps in K-12: Monitoring Google Workspace and Microsoft 365 to Safeguard Student Data·NVDA +3.0%UK SMEs face 2026 deadline to adopt living Microsoft 365 security baselines·GOOGL +1.2%Teams' AI-Fueled Future: Why Microsoft's 2026 Smart Meetings Spark a Governance Crisis for IT·AMZN +2.9%Massive 24 Billion Credential Leak Sparks Urgent Windows and Microsoft 365 Security Response·MSFT +0.1%By 2026, Your Confidential Office Files Can Be Made Invisible to Copilot·NVDA +3.0%Microsoft Confirms Active Campaign Using Cross-Tenant Teams Chats to Deploy Quick Assist in Ransomware Attacks·GOOGL +1.2%Barracuda Unveils AI-Powered Email Protection with Post-Delivery Cleanup for Microsoft 365·AMZN +2.9%FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365·MSFT +0.1%Cloud Security Gaps in K-12: Monitoring Google Workspace and Microsoft 365 to Safeguard Student Data·NVDA +3.0%UK SMEs face 2026 deadline to adopt living Microsoft 365 security baselines·GOOGL +1.2%Teams' AI-Fueled Future: Why Microsoft's 2026 Smart Meetings Spark a Governance Crisis for IT·AMZN +2.9%Massive 24 Billion Credential Leak Sparks Urgent Windows and Microsoft 365 Security Response·MSFT +0.1%By 2026, Your Confidential Office Files Can Be Made Invisible to Copilot·NVDA +3.0%Microsoft Confirms Active Campaign Using Cross-Tenant Teams Chats to Deploy Quick Assist in Ransomware Attacks·GOOGL +1.2%Barracuda Unveils AI-Powered Email Protection with Post-Delivery Cleanup for Microsoft 365·AMZN +2.9%

Microsoft 365 Security

The latest Microsoft 365 Security coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 7:46 PM
Latest Most Read Breaking
Sort
Device Code Phishing · Entra Conditional Access

FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365

The FBI issued a warning in May 2026 about a new phishing-as-a-service platform called Kali365 that hijacks Microsoft 365 accounts without a single fake login page. The platform, first spotted in...

Advertisement
Credential Stuffing · Elasticsearch Exposure

Massive 24 Billion Credential Leak Sparks Urgent Windows and Microsoft 365 Security Response

An exposed Elasticsearch database containing more than 24 billion credentials—roughly 8.3 terabytes of usernames, email addresses, and passwords—was discovered by Cybernews researchers in...

SE Security Desk·3w ago
Copilot Governance · Information Protection

By 2026, Your Confidential Office Files Can Be Made Invisible to Copilot

{ "title": "By 2026, Your Confidential Office Files Can Be Made Invisible to Copilot", "content": "Microsoft is set to give enterprises a highly anticipated tool: the ability to block Copilot and...

AI AI & Copilot Desk·4w ago
Microsoft 365 Security · Microsoft Teams

Microsoft Confirms Active Campaign Using Cross-Tenant Teams Chats to Deploy Quick Assist in Ransomware Attacks

Attackers are actively exploiting cross-tenant Microsoft Teams chats and calls to impersonate IT help desk personnel, trick employees into launching Quick Assist, and gain full control over corporate...

SE Security Desk·4w ago
Barracudaone · Email Protection

Barracuda Unveils AI-Powered Email Protection with Post-Delivery Cleanup for Microsoft 365

Barracuda Networks has taken a decisive step into the post-delivery email security arena with the June 2026 launch of Barracuda Integrated Email Protection, a cloud-native service engineered to hunt...

SE Security Desk·4w ago
Identity Protection · Microsoft 365 Security

EvilTokens Phishing Kit Bypasses MFA: How Device Code Phishing Targets Microsoft 365 in 2026

A phishing kit named EvilTokens is behind a fresh wave of attacks targeting Microsoft 365 accounts in 2026. Offered as phishing-as-a-service, the tool exploits a legitimate OAuth 2.0 mechanism—the...

SE Security Desk·4w ago
Byovd Drivers · Command And Control

DragonForce Ransomware Hides C2 in Microsoft Teams Relays — Here’s How Windows Admins Can Fight Back

A brazen ransomware attack against a major U.S. services company in December 2025 has revealed a sophisticated new evasion technique: attackers hid their command-and-control (C2) infrastructure...

SE Security Desk·4w ago
Ai Governance · Ai Security

CVE-2026-42824: Microsoft Shuts Down ‘SearchLeak’ Attack Chain in Copilot

Microsoft has rolled out a critical security update for Microsoft 365 Copilot that neutralizes a one-click data-exfiltration attack chain that researchers at Varonis dubbed “SearchLeak.” The...

AI AI & Copilot Desk·4w ago
Conditional Access · Device Code Authentication

FBI Warns Kali365 Phishing Kit Exploits Microsoft Device Code Flow to Slip Past MFA

The FBI’s Internet Crime Complaint Center (IC3) issued an urgent alert in May 2026 about Kali365, a newly identified phishing‑as‑a‑service platform that is systematically hijacking Microsoft...

SE Security Desk·4w ago