#microsoft

In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know.

SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…

## Summary This vulnerability only apply when running on a Windows OS. An unsafe conversion of arguments allows the injection of a malicous commands when starting `yt-dlp` from a commands prompt. > [!CAUTION] > **NOTE THAT DEPENDING ON THE CONTEXT AND WHERE THE LIBRARY IS USED, THIS MAY HAVE MORE SEVERE CONSEQUENCES. FOR EXAMPLE, A USER USING THE LIBRARY LOCALLY IS A LOT LESS VULNERABLE THAN AN ASP.NET APPLICATION ACCEPTING INPUTS FROM A NETWORK/INTERNET.** ## Details The vulnerability have been implemented in a commit (https://github.com/Bluegrams/YoutubeDLSharp/commit/fdf3256da18d0e2da4a2f33ad4a1b72ff8273a50) 3 year ago to fix a issue with unicode characters on Windows. ( In the latest version at the time of writing this, the code seems to have moved here : https://github.com/Bluegrams/YoutubeDLSharp/blob/b2f7968a2ef06a9c7b2c212785cfeac0b187b6d8/YoutubeDLSharp/YoutubeDLProcess.cs#L87 ) In this commit, a new way of starting yt-dlp was implemented, method that was defined as the de...

Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme.

April “In the Trend of VM” (#14): vulnerabilities in Microsoft Windows, VMware products, Kubernetes, and Apache Tomcat. We decided to pause recording new videos, so for now only text. 🤷‍♂️🙂 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) A total of 11 trending vulnerabilities: 🔻 Elevation of Privilege – Windows Cloud Files […]

March episode “In the Trend of VM” (#13): vulnerabilities of Microsoft, PAN-OS, СommuniGate and who should patch hosts with deployed application. I’m posting the translated video with a big delay, but it’s better than never. 😉 📹 Video on YouTube and LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:00 Greetings […]

Was your Microsoft Entra ID account locked? Find out about the recent widespread lockouts caused by the new…

Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to

A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.