Microsoft has successfully disrupted RedVDS, a significant cybercrime platform that has been linked to approximately $40 million in losses reported in the U.S. since March 2025. The platform was known for offering a virtual desktop service that criminals used to conduct various illegal activities. This disruption is a major step in combating cybercrime, as it not only targets the infrastructure used by attackers but also aims to deter future criminal operations. The impact of RedVDS has been felt widely, affecting numerous victims who have suffered financial losses due to the platform's activities. By taking action against RedVDS, Microsoft is contributing to a broader effort to enhance cybersecurity and protect individuals and businesses from ongoing threats.
Articles tagged "Microsoft"
Found 30 articles
APT28, a Russian cyber espionage group, has been observed targeting entities involved in energy research and defense collaboration. The group has employed tactics that involve impersonating well-known webmail and VPN services, including Microsoft OWA, Google, and Sophos VPN portals, to deceive users into revealing sensitive information. This attack is significant as it aims to infiltrate organizations that play a critical role in energy security and defense, potentially leading to the theft of valuable research and intelligence. The ongoing nature of these attacks poses a serious risk to national security and the integrity of the affected sectors, highlighting the need for organizations to enhance their cybersecurity measures. Users should be cautious and verify the authenticity of services before entering any sensitive information.
Latest news
Attackers are employing a combination of social engineering tactics, including fake CAPTCHAs and counterfeit Blue Screen of Death (BSOD) messages, to trick users into executing harmful code. This method, known as ClickFix, prompts victims to copy and paste malicious scripts, potentially compromising their systems. The attacks primarily target unsuspecting Windows users who may panic upon seeing the fake BSOD, believing their computer has crashed. It's crucial for users to be aware of these tactics and to verify the legitimacy of any error messages before taking action. This incident serves as a reminder of the importance of maintaining vigilance against deceptive online threats.
BleepingComputer
Microsoft has responded to concerns raised by a security engineer regarding potential prompt injection vulnerabilities in its Copilot AI assistant. The engineer pointed out issues related to how the AI processes inputs, which could allow malicious prompts to bypass security measures. However, Microsoft disagrees, stating that these issues do not qualify as vulnerabilities. This disagreement reflects a broader debate between tech companies and security researchers about what constitutes a risk in generative AI systems. As AI technology becomes more integrated into various applications, understanding these distinctions is crucial for both developers and users, as it impacts how security measures are implemented and perceived.
BleepingComputer
A new social engineering attack called ClickFix is targeting the hospitality industry in Europe by using fake Windows Blue Screen of Death (BSOD) screens. This scheme tricks users into believing their systems have crashed, prompting them to manually compile and run malicious software. The attackers are specifically focusing on employees in hotels and related businesses, making this a significant threat to sensitive customer data and operational continuity. Companies in this sector need to raise awareness among staff and implement training to recognize such scams. The use of a familiar error screen is particularly deceptive, as it plays on users' fears of system failures, leading them to take harmful actions without realizing the risks.
Researchers have identified a campaign dubbed 'Zoom Stealer' that targets users of popular web browsers, specifically Chrome, Firefox, and Microsoft Edge. This attack has already impacted around 2.2 million users through 18 malicious browser extensions. These extensions are designed to gather sensitive information related to online meetings, including URLs, IDs, topics, descriptions, and even embedded passwords. The implications of this data theft are significant, as it can lead to unauthorized access to corporate meetings and sensitive discussions. Companies using these browsers should be vigilant and consider removing any unverified extensions to protect their data.
Microsoft Teams is set to enhance messaging security by automatically enabling safety features starting in January. This change aims to protect users from potentially harmful content that could be flagged as malicious. By making these features default, Microsoft is proactively addressing the risks associated with messaging in its platform, which is widely used for business communication. The move is significant as it helps ensure that organizations and their employees have an added layer of security against threats that could compromise sensitive information. Users will benefit from these updates without needing to make manual adjustments, streamlining the process of maintaining secure communication.
A recent extended security update for Windows 11 inadvertently caused issues with Message Queuing (MSMQ), a feature important for enterprise background task management. This glitch could disrupt services for businesses that rely on MSMQ for their operations, potentially affecting data processing and communication between applications. Users of Windows 10 are now receiving an out-of-band update aimed at addressing these MSMQ problems. It is crucial for enterprises to apply this update promptly to ensure their systems remain stable and functional. Failure to do so could lead to significant operational delays and inefficiencies.
Infosecurity Magazine
A recent report from Proofpoint reveals a rise in phishing attacks that take advantage of Microsoft's OAuth device code flow. These campaigns target Microsoft 365 users, tricking them into providing access to their accounts through fake sign-in prompts. The attacks exploit the trust users place in the OAuth process, which is designed to facilitate secure authentication. As a result, individuals and organizations using Microsoft 365 could be at risk of unauthorized access to sensitive information. This surge in phishing attempts underscores the need for heightened awareness and vigilance among users to avoid falling victim to these scams.
Infosecurity Magazine
JumpCloud has identified a vulnerability in its Remote Assist feature for Windows that could allow attackers to escalate privileges locally or launch denial-of-service attacks on managed endpoints. This flaw affects systems running the JumpCloud Windows Agent, posing a risk to organizations that rely on this software for remote management. If exploited, the vulnerability could give unauthorized users elevated access to sensitive system functions, potentially leading to further malicious actions. Users and administrators of JumpCloud services should be aware of this issue and take steps to secure their systems. It's crucial for organizations to stay informed about such vulnerabilities to protect their data and infrastructure.
Hackread – Cybersecurity News, Data Breaches, AI, and More
A serious vulnerability identified as CVE-2025-34352 affects the JumpCloud Remote Assist for Windows agent, allowing local users to gain full SYSTEM privileges on company devices. Discovered by XM Cyber, this flaw poses a significant risk to organizations using the software, as it could enable unauthorized access and control over sensitive company systems. Businesses are strongly urged to update their JumpCloud software to version 0.317.0 or later to mitigate this high-severity security issue. Failure to address this vulnerability could lead to severe operational disruptions and data breaches. Immediate action is crucial to ensure the safety and integrity of company devices and networks.
Microsoft has acknowledged that its December 2025 security updates are causing failures in Message Queuing (MSMQ) functionality. This issue is impacting enterprise applications and Internet Information Services (IIS) websites, potentially disrupting business operations. Users and organizations relying on these services may experience significant downtime and communication issues, as MSMQ is crucial for message delivery in distributed applications. Microsoft has not yet provided specific patches or workarounds to resolve this problem, leaving affected users in a challenging situation until a fix is released. This situation highlights the importance of thorough testing of security updates before deployment, especially in enterprise environments.
CyberVolk, a pro-Russian hacktivist group, has launched a new ransomware-as-a-service (RaaS) called VolkLocker, which has a significant flaw. Researchers from SentinelOne discovered that VolkLocker contains a hard-coded master key, allowing victims to decrypt their files without paying the ransom. This ransomware, which surfaced in August 2025, targets Windows systems and is part of an ongoing trend of ransomware attacks that can disrupt businesses and individuals alike. The presence of this flaw means that while the ransomware may still be a concern, victims have a potential way to recover their data without succumbing to the attackers' demands. This incident underscores the ongoing battle between cybercriminals and security researchers, as vulnerabilities in ransomware can lead to unexpected outcomes for victims.
BleepingComputer
A new zero-day vulnerability has been discovered in Windows that affects the Remote Access Connection Manager (RasMan) service, allowing attackers to crash it. This flaw could disrupt remote access services for users and organizations relying on Windows systems. Unofficial patches have been made available for users who want to mitigate the risk before an official fix is released. As this vulnerability is a zero-day, it is crucial for affected users to apply these patches promptly to avoid potential exploitation. The issue underscores the need for vigilance in maintaining system security, especially for those using Windows.
Microsoft's new Copilot feature allows non-technical users to create AI agents without coding skills. While this democratizes access to AI, it raises significant concerns about data security. The capability for users to create these agents could inadvertently lead to the exposure of sensitive company data. Researchers warn that without proper safeguards, these no-code tools may become a vector for data leaks, putting organizations at risk. Companies will need to implement strict guidelines and monitoring to prevent misuse and protect their information.