Skip to content
The Nexus
DossierENTITY

Microsoft 365

Coverage of Microsoft 365 in the Nexus archive.

Earliest in view: May 17 · 14:43 UTCMost recent: Jun 28 · 13:53 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 28 · 13:53 UTCFOX NEWS
    FBI warns Microsoft users about passwordless scam

    The FBI warns about a phishing-as-a-service platform called Kali365 targeting Microsoft 365 accounts. The scam bypasses multifactor authentication by exploiting Microsoft's device code login process to steal OAuth tokens, granting attackers access to Outlook, Teams, and OneDrive without requiring passwords.

  • SECURITYJun 26 · 06:30 UTCTHE REGISTER
    Security boss thought MFA would be too much security

    A senior director at a cybersecurity company, who was allegedly its COO, overreacted to a multi-factor authentication (MFA) rollout for Microsoft 365, falsely claiming it crippled an invoicing system. The actual issue was a buggy invoicing software, but the director demanded an immediate rollback, resulting in reduced security. The incident highlighted poor decision-making despite the team's successful implementation.

  • SECURITYJun 19 · 17:25 UTCR/SCAMS
    Microsoft Billing Scam?

    A user's mother received a PayPal charge for Microsoft 365 without purchasing it, and the billing email appears to be from 'billing.microsoft.co', which is not recognized as an official Microsoft billing domain. The user is unsure if this is a scam.

  • BUSINESSJun 10 · 12:13 UTCNY POST
    I stopped paying for Microsoft 365 and bought Office 2024 for $105 instead

    The author stopped paying for Microsoft 365 and purchased Microsoft Office 2024 Home & Business for $104.97, a one-time fee available until June 14, as an alternative to ongoing subscription costs.

  • TECHNOLOGYJun 10 · 09:14 UTCTHE VERGE
    Microsoft is disabling Office 2019 for Mac next month

    Microsoft will disable Office 2019 for Mac next month by not renewing a validation certificate, forcing users to upgrade to Office 2024 or a Microsoft 365 subscription. The company revised its support statement to clarify apps will stop working, contradicting earlier assurances they would 'continue to function.'

  • SECURITYJun 5 · 18:09 UTCBLEEPING COMPUTER
    Chinese APT deploys new malware to keep access to hacked networks

    A Chinese espionage group named UNC5221 is using new malware, including Brickstorm, Plenet, and AgentPSD, to maintain access to hacked Microsoft 365 environments.

  • SECURITYJun 3 · 19:00 UTCDARK READING
    Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

    A disabled security setting in Android versions of Microsoft apps like Word, PowerPoint, and Excel allowed attackers to steal user logins and data. The vulnerability stemmed from a coding error that exposed Microsoft 365 accounts to potential takeover.

  • SECURITYJun 2 · 21:32 UTCDARK READING
    FBI-Flagged Phishing Kit Kali365 Expands Its Reach

    The FBI-flagged phishing kit Kali365, previously targeting Microsoft 365, now expands to AWS, Okta, and Russian platforms using device code phishing. This marks an increase in the platform's scope and threat level.

  • TECHNOLOGYJun 2 · 18:02 UTCTECHCRUNCH
    Microsoft launches Scout, an OpenClaw-inspired personal assistant

    Microsoft launched Scout, a new AI assistant inspired by OpenClaw, designed to integrate the capabilities of OpenClaw into the Microsoft 365 ecosystem. The assistant was introduced at Microsoft's Build event.

  • TECHNOLOGYJun 2 · 18:00 UTCTHE VERGE
    Microsoft Scout is a new AI personal assistant built on OpenClaw

    Microsoft Scout is a new AI personal assistant built on OpenClaw, designed to integrate into Microsoft 365 apps like Outlook, OneDrive, and Teams. It assists with tasks such as organizing calendars, expense reporting, and email drafting, offering broader capabilities than Microsoft's Copilot. Corporate vice president Omar Shahine described it as the first real personal assistant offered by Microsoft.

  • TECHNOLOGYMay 29 · 14:51 UTCTHE REGISTER
    Microsoft slaps new coat of paint on Copilot, buries annoying button

    Microsoft redesigned its Copilot app for Microsoft 365, introducing a faster interface, improved response times for complex prompts, and a task-aware workspace for prompts. The update addresses user complaints about a disruptive floating button, offering an option to move it to the ribbon. Copilot usage increased by 27-43% across Word, Excel, PowerPoint, and Outlook following the changes.

  • SECURITYMay 28 · 10:07 UTCNBC5 CHICAGO
    FBI warns of major phishing scam, with hackers ‘hijacking' Microsoft Outlook, 365 users

    The FBI warns of a phishing scam targeting Microsoft Outlook and 365 users, using a pre-packaged phishing kit called Kali 365 distributed via Telegram. Hackers exploit OAuth tokens to bypass multi-factor authentication, gaining unauthorized access to accounts and services like Outlook, Teams, and OneDrive.

  • SECURITYMay 27 · 21:34 UTCTHE HILL
    Cyber attackers are hijacking Microsoft Outlook, Teams and 365 log-ins, FBI says

    The FBI has issued a public warning about a new phishing tool that allows cyber attackers to access Microsoft 365 user accounts without requiring passwords. This tool is being used to hijack log-ins for Microsoft Outlook, Teams, and 365 services.

  • SECURITYMay 25 · 12:45 UTCBLEEPING COMPUTER
    FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

    The FBI has issued a warning about the Kali365 phishing-as-a-service platform, which exploits OAuth device code authentication to hijack Microsoft 365 accounts. The service steals session tokens and bypasses multi-factor authentication (MFA), posing a significant cybersecurity threat.

  • SECURITYMay 22 · 20:41 UTCCYBERSCOOP
    FBI warns about fast-growing phishing kit targeting Microsoft 365 users

    The FBI warns about Kali365, a phishing-as-a-service platform targeting Microsoft 365 users by bypassing multi-factor authentication through OAuth device code phishing. The tool enables cybercriminals to steal access tokens, leading to data theft, ransomware, and other attacks. Researchers note its rapid growth, AI-driven tactics, and low barriers for less-technical attackers.

  • SECURITYMay 22 · 20:01 UTCRECORDED FUTURE NEWS
    FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks

    The FBI has issued a warning about Kali365, a phishing-as-a-service platform operating on Telegram that enables cybercriminals to steal OAuth tokens and gain unauthorized access to Microsoft 365 environments. The advisory follows attacks in April targeting Microsoft 365 users. This threat represents a significant security risk for organizations relying on cloud-based Microsoft services.

  • BUSINESSMay 22 · 10:57 UTCTHE VERGE
    Microsoft’s consumer marketing chief to leave next year

    Yusuf Mehdi, Microsoft's executive vice president and consumer chief marketing officer, announced his departure after 35 years with the company, effective next year. He will continue leading marketing efforts for Windows, Copilot for consumers, and Microsoft 365 consumer business until 2027. Mehdi cited the need for time and space to ensure the team's continued success during this critical period for Microsoft.

  • TECHNOLOGYMay 20 · 15:51 UTCTHE REGISTER
    Plex appeal fades as Lifetime Pass jumps to $750

    Plex is increasing the price of its Lifetime Plex Pass from $249.99 to $749.99, effective July 1, in an effort to encourage recurring subscriptions over one-time payments. Existing Lifetime Plex Pass holders will not be affected by the price change. The move reflects a growing trend in the tech and streaming industries towards subscription-based models.

  • SECURITYMay 19 · 19:35 UTCBLEEPING COMPUTER
    Microsoft Self-Service Password Reset abused in Azure data theft attacks

    A threat actor is targeting Microsoft 365 and Azure production environments, stealing data by abusing legitimate applications and administration features, including Microsoft Self-Service Password Reset. The attacks are leveraging legitimate tools to gain unauthorized access. This has led to data theft in various instances.

  • SECURITYMay 19 · 11:30 UTCTHE HACKER NEWS
    The New Phishing Click: How OAuth Consent Bypasses MFA

    A phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries in just five weeks. The targets received a message asking them to enter a short code and complete their normal MFA challenge. This phishing attack bypassed multi-factor authentication.

  • SECURITYMay 17 · 14:43 UTCBLEEPING COMPUTER
    Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

    The Tycoon2FA phishing kit has been updated to support device-code phishing attacks, allowing it to hijack Microsoft 365 accounts by abusing Trustifi click-tracking URLs. This new capability enables attackers to gain unauthorized access to sensitive information. The phishing kit's evolution poses a significant threat to account security.