Live
FBI Warns of Kali365 Phishing Platform Hijacking Microsoft 365 via Device Code Attacks·MSFT +0.1%Microsoft's Agentic Enterprise Platform Unifies AI Agent Governance Across M365, Azure, and Security·NVDA +3.0%Always On, Always Governed: Inside Microsoft Scout's Agent Identity Model·GOOGL +1.2%MSPs Combat Microsoft 365 Configuration Drift to Stop Silent Security Erosion·AMZN +2.9%Microsoft Copilot Health Preview Raises HIPAA, Privacy Risks for M365 IT Admins·MSFT +0.1%FBI Warns Kali365 Phishing Steals OAuth Tokens to Bypass MFA in Microsoft 365·NVDA +3.0%Prompt Injection in Copilot Cowork Lets Attackers Steal M365 Files Without Approval·GOOGL +1.2%CVE-2026-32185: Microsoft Teams Spoofing Exposes Critical Trust-Boundary Failure, Patch Now·AMZN +2.9%FBI Warns of Kali365 Phishing Platform Hijacking Microsoft 365 via Device Code Attacks·MSFT +0.1%Microsoft's Agentic Enterprise Platform Unifies AI Agent Governance Across M365, Azure, and Security·NVDA +3.0%Always On, Always Governed: Inside Microsoft Scout's Agent Identity Model·GOOGL +1.2%MSPs Combat Microsoft 365 Configuration Drift to Stop Silent Security Erosion·AMZN +2.9%Microsoft Copilot Health Preview Raises HIPAA, Privacy Risks for M365 IT Admins·MSFT +0.1%FBI Warns Kali365 Phishing Steals OAuth Tokens to Bypass MFA in Microsoft 365·NVDA +3.0%Prompt Injection in Copilot Cowork Lets Attackers Steal M365 Files Without Approval·GOOGL +1.2%CVE-2026-32185: Microsoft Teams Spoofing Exposes Critical Trust-Boundary Failure, Patch Now·AMZN +2.9%

Microsoft 365 Security

The latest Microsoft 365 Security coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 11:28 PM
Latest Most Read Breaking
Sort
Device Code Phishing · Kali365 Phishing

FBI Warns of Kali365 Phishing Platform Hijacking Microsoft 365 via Device Code Attacks

The FBI has issued an urgent public warning about Kali365, a phishing-as-a-service platform that weaponizes device code authentication to steal Microsoft 365 access tokens. The alert, released in May...

Advertisement
Ai Privacy Governance · Copilot Health

Microsoft Copilot Health Preview Raises HIPAA, Privacy Risks for M365 IT Admins

Microsoft opened the Copilot Health preview to consumer Microsoft 365 subscribers in the United States on May 29, 2026, giving eligible adults the ability to connect medical records, lab results, and...

AI AI & Copilot Desk·6w ago
Conditional Access · Device Code Phishing

FBI Warns Kali365 Phishing Steals OAuth Tokens to Bypass MFA in Microsoft 365

The FBI has issued an urgent public warning about a phishing-as-a-service platform called Kali365 that is systematically targeting Microsoft 365 accounts by abusing device-code authentication. The...

SE Security Desk·6w ago
Ai Governance · Copilot Cowork

Prompt Injection in Copilot Cowork Lets Attackers Steal M365 Files Without Approval

A critical vulnerability in Microsoft's Copilot Cowork agent can be exploited to exfiltrate sensitive Microsoft 365 files, security researchers warned on May 26, 2026. PromptArmor disclosed that by...

AI AI & Copilot Desk·7w ago
Cve 2026 32185 · Microsoft 365 Security

CVE-2026-32185: Microsoft Teams Spoofing Exposes Critical Trust-Boundary Failure, Patch Now

{ "title": "CVE-2026-32185: Microsoft Teams Spoofing Exposes Critical Trust-Boundary Failure, Patch Now", "content": "Microsoft published CVE-2026-32185 in its Security Update Guide on May 12,...

SE Security Desk·9w ago
Cve-2026-41101 · Microsoft 365 Security

Word for Android Spoofing Flaw: CVE-2026-41101 Fix via Play Store

Microsoft’s May 2026 security updates include a fix for CVE-2026-41101, a spoofing vulnerability in Word for Android that could undermine trust in the mobile document editing experience. Published...

SE Security Desk·9w ago
Ai Governance · Insider Risk Management

Microsoft Purview to Reveal Risky AI Prompts in Plaintext by June 2026

Microsoft has confirmed that a powerful new capability is coming to its Purview Insider Risk Management platform, set to roll out between May and June 2026. Enterprise security teams will soon be...

AI AI & Copilot Desk·10w ago
Exchange Online · Microsoft 365 Security

Exchange Online to Block TLS 1.0/1.1 for POP and IMAP by July 2026

Microsoft has set July 2026 as the final cutoff for Exchange Online POP3 and IMAP4 clients that still negotiate Transport Layer Security (TLS) versions 1.0 or 1.1. After that date, every connection...

SE Security Desk·11w ago
Adaptive Content Security · Ai Agent Security

Bonfy ACS 2.0 Targets Copilot Security Gaps with Agent-First Approach

Bonfy has launched Adaptive Content Security 2.0, positioning it as a critical solution for enterprises grappling with AI security challenges in Microsoft 365 environments. The release comes as...

AI AI & Copilot Desk·17w ago