Insights

26/6/2025

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials.

12/6/2025

A critical zero-click vulnerability in Microsoft 365 Copilot, dubbed “EchoLeak,” enables attackers to automatically exfiltrate sensitive organizational data without requiring any user interaction.

2/6/2025

We're excited to announce the general availability of Researcher and Analyst, two first-of-their-kind reasoning agents designed specifically for work. Since these agents debuted in April through the Frontier program, early users are increasingly turning to them to complete complex, analytical work in minutes—saving time and resources. Now, these powerful agents are available to everyone with a Microsoft 365 Copilot license.

12/5/2025

Apple on Monday pushed out patches for security vulnerabilities across the macOS, iPhone and iPad software stack, warning that code-execution bugs that could be triggered simply by opening a rigged image, video or website.

19/5/2025

Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. WithSecure's Threat Intelligence team discovered the campaign after they were brought in to investigate a ransomware attack. The researchers found that the attack started with a malicious KeePass installer promoted through Bing advertisements that promoted fake software sites.

23/5/2025

Microsoft is now testing a new feature in Notepad that can generate text for you using AI. It’s part of a Windows 11 update being released to Windows Insiders in the Canary and Dev channels with Copilot Plus PCs.

14/4/2025

Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens.

23/4/2025

The recent DeepSeek security breach has once again highlighted the significant vulnerabilities in artificial intelligence (AI) systems and raises alarming questions about where the exposed data may have ended up. Shortly after DeepSeek's release, security researchers uncovered extensive vulnerabilities in the system's infrastructure. Publicly exposed sensitive user data and proprietary information like this often makes its way to the Dark Web — a thriving underground market where stolen data is routinely traded, sold, and exploited.

2/5/2025

After supporting passwordless Windows logins for years and even allowing users to delete passwords from their accounts, Microsoft is making its biggest move yet toward a future with no passwords. Now it will ask people signing up for new accounts to only use more secure methods like passkeys, push notifications, and security keys instead, by default.