Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > Microsoft 365
#Microsoft 365

New ARToken Phishing Kit Abuses Microsoft’s OAuth Device Code Flow to Hijack Microsoft 365 Accounts

4 July 2026  |  dark6  |  Phishing

Cisco Talos has uncovered ARToken, a phishing panel that abuses Microsoft's device code sign-in flow to steal Microsoft 365 session tokens without a password or MFA prompt. The...

>> read more

Critical Microsoft 365 RCE Flaw CVE-2025-60727 Exploitable via Malicious Excel Files — Patch Now

30 June 2026  |  dark6  |  Vulnerability

Microsoft has disclosed CVE-2025-60727, a critical out-of-bounds read remote code execution vulnerability in Microsoft 365 Apps, Excel 2016, and multiple Office versions. An attacker can achieve full system...

>> read more

Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics

16 June 2026  |  dark6  |  Vulnerability

Microsoft allowed the TLS certificate for connectivity.office.com — a critical enterprise Microsoft 365 diagnostic endpoint — to expire on June 14, 2026, triggering browser security warnings and breaking...

>> read more

Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage

10 June 2026  |  dark6  |  Cybercrime

A new extortion group called Pink (CL-CRI-1147) has emerged, targeting enterprise organizations through voice phishing to steal Microsoft 365 credentials and cloud files. With ties to the Com...

>> read more

Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack

1 June 2026  |  dark6  |  Phishing

Threat actors are systematically abusing Microsoft Teams' external collaboration features to impersonate IT helpdesk staff, convincing employees to grant remote access and install malware. Black Basta ransomware affiliates...

>> read more

Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge

11 May 2026  |  dark6  |  Vulnerability

Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities — CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 — affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. All...

>> read more