New ARToken Phishing Kit Abuses Microsoft’s OAuth Device Code Flow to Hijack Microsoft 365 Accounts
Cisco Talos has uncovered ARToken, a phishing panel that abuses Microsoft's device code sign-in flow to steal Microsoft 365 session tokens without a password or MFA prompt. The...
Critical Microsoft 365 RCE Flaw CVE-2025-60727 Exploitable via Malicious Excel Files — Patch Now
Microsoft has disclosed CVE-2025-60727, a critical out-of-bounds read remote code execution vulnerability in Microsoft 365 Apps, Excel 2016, and multiple Office versions. An attacker can achieve full system...
Microsoft Lets connectivity.office.com TLS Certificate Expire, Breaking Enterprise Microsoft 365 Diagnostics
Microsoft allowed the TLS certificate for connectivity.office.com — a critical enterprise Microsoft 365 diagnostic endpoint — to expire on June 14, 2026, triggering browser security warnings and breaking...
Meet Pink: The New Extortion Group Using Vishing and Microsoft 365 Tools to Drain Enterprise Cloud Storage
A new extortion group called Pink (CL-CRI-1147) has emerged, targeting enterprise organizations through voice phishing to steal Microsoft 365 credentials and cloud files. With ties to the Com...
Hackers Are Calling You on Microsoft Teams Pretending to Be IT Support — How to Detect and Stop the Attack
Threat actors are systematically abusing Microsoft Teams' external collaboration features to impersonate IT helpdesk staff, convincing employees to grant remote access and install malware. Black Basta ransomware affiliates...
Microsoft Patches Three Critical Information Disclosure Vulnerabilities in Microsoft 365 Copilot and Edge
Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities — CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 — affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. All...