Microsoft’s Patch Tuesday release for April is a whopper

Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even ...
Microsoft

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant ...
Redmondmag.com

Microsoft Uncovers Hackers Posing as IT Helpdesk Staff

Microsoft issued a report warning users about a popular attack method that involves a 'human-operated' attack playbook, in which hackers impersonate IT helpdesk staff using Microsoft Teams to gain ...
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

CISA orders feds to patch BlueHammer flaw exploited as zero-day

CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has ...

Regular Password Resets Aren’t as Safe as You Think

Password resets are one of the easiest ways for attackers to bypass security controls. Specops Software shows how helpdesk ...
Microsoft

Detection strategies across cloud and identities against infiltrating IT workers

The shift to remote and hybrid work since the pandemic expanded global hiring and accelerated digital onboarding, increasing ...

Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak

Amtrak data breach exposes over 2.1 million customer records after CRM access. Learn what was leaked, risks, and steps users ...
Network World

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...
JournalofAccountancy

Accounting, tax, auditing news

Learn how to use the AICPA Code of Professional Conduct and the standards for attestation engagements to address key ethics and independence threats with SOC tool providers, including conflicts of ...