Microsoft 365 Security
The latest Microsoft 365 Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365
The FBI issued a warning in May 2026 about a new phishing-as-a-service platform called Kali365 that hijacks Microsoft 365 accounts without a single fake login page. The platform, first spotted in...
Cloud Security Gaps in K-12: Monitoring Google Workspace and Microsoft 365 to Safeguard Student Data
Three data breaches in a single month at K-12 schools across Texas, Ohio, and California exposed over 400,000 student records — not through sophisticated hacking, but via unmonitored cloud accounts...
UK SMEs face 2026 deadline to adopt living Microsoft 365 security baselines
Microsoft’s security baselines are undergoing a fundamental transformation that will reshape how UK small and medium-sized enterprises (SMEs) secure their Microsoft 365 tenants. By 2026, the...
Teams' AI-Fueled Future: Why Microsoft's 2026 Smart Meetings Spark a Governance Crisis for IT
The glossy press release that Microsoft syndicated in June 2026 frames Teams as the lynchpin of the hybrid enterprise—a smarter, AI-infused meeting and collaboration solution that finally delivers...
Massive 24 Billion Credential Leak Sparks Urgent Windows and Microsoft 365 Security Response
An exposed Elasticsearch database containing more than 24 billion credentials—roughly 8.3 terabytes of usernames, email addresses, and passwords—was discovered by Cybernews researchers in...
By 2026, Your Confidential Office Files Can Be Made Invisible to Copilot
{ "title": "By 2026, Your Confidential Office Files Can Be Made Invisible to Copilot", "content": "Microsoft is set to give enterprises a highly anticipated tool: the ability to block Copilot and...
Microsoft Confirms Active Campaign Using Cross-Tenant Teams Chats to Deploy Quick Assist in Ransomware Attacks
Attackers are actively exploiting cross-tenant Microsoft Teams chats and calls to impersonate IT help desk personnel, trick employees into launching Quick Assist, and gain full control over corporate...
Barracuda Unveils AI-Powered Email Protection with Post-Delivery Cleanup for Microsoft 365
Barracuda Networks has taken a decisive step into the post-delivery email security arena with the June 2026 launch of Barracuda Integrated Email Protection, a cloud-native service engineered to hunt...
EvilTokens Phishing Kit Bypasses MFA: How Device Code Phishing Targets Microsoft 365 in 2026
A phishing kit named EvilTokens is behind a fresh wave of attacks targeting Microsoft 365 accounts in 2026. Offered as phishing-as-a-service, the tool exploits a legitimate OAuth 2.0 mechanism—the...
DragonForce Ransomware Hides C2 in Microsoft Teams Relays — Here’s How Windows Admins Can Fight Back
A brazen ransomware attack against a major U.S. services company in December 2025 has revealed a sophisticated new evasion technique: attackers hid their command-and-control (C2) infrastructure...
CVE-2026-42824: Microsoft Shuts Down ‘SearchLeak’ Attack Chain in Copilot
Microsoft has rolled out a critical security update for Microsoft 365 Copilot that neutralizes a one-click data-exfiltration attack chain that researchers at Varonis dubbed “SearchLeak.” The...
FBI Warns Kali365 Phishing Kit Exploits Microsoft Device Code Flow to Slip Past MFA
The FBI’s Internet Crime Complaint Center (IC3) issued an urgent alert in May 2026 about Kali365, a newly identified phishing‑as‑a‑service platform that is systematically hijacking Microsoft...