The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
Dark Reading

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

A China-backed persistent threat actor known as Webworm is targeting governmental organizations across Europe, and it's using unusual command-and-control mechanisms to do so. Security vendor ESET this ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Bleeping Computer

Microsoft traces Universal Print issues to Graph API code change

Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change. Universal Print is a cloud-based print ...
Bleeping Computer

New GoGra malware for Linux uses Microsoft Graph API for comms

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. The malware is developed by Harvester, an espionage group ...
Business Wire

Postman Announces Collaboration with Microsoft to Expand AI Model Choice, Accelerate Developer Workflows, and Unify API Governance

SAN FRANCISCO--(BUSINESS WIRE)--Postman, a leading API platform, today announced a collaboration with Microsoft that expands AI model choice in Postman's Agent Mode, deepens integration across the ...
Visual Studio Magazine

Microsoft Ships Production-Ready Agent Framework 1.0 for .NET and Python

Microsoft says Agent Framework 1.0 is the production-ready release, with stable APIs and long-term support for both .NET and Python. The framework is presented as a unified successor path that builds ...
Redmond Magazine

Microsoft's SharePoint Turns 25, Rolls Out Agentic AI Building and Governance Tools

Microsoft introduced AI in SharePoint, enabling natural language-driven site, page and list creation under the Microsoft 365 Copilot license. Advanced AI capabilities initially rely on Anthropic's ...
TechRepublic

Microsoft Is Retiring Standalone SharePoint, OneDrive Plans

Microsoft will retire standalone SharePoint Online and OneDrive for Business plans, ending sales in June 2026 and service in December 2029. Microsoft is making a big change to how businesses buy ...
Microsoft

Infostealers without borders: macOS, Python stealers, and platform abuse

Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing ...