Description: Microsoft's Azure DevOps server was compromised in an attack by the Lapsus$ hacking group. The attackers leaked about a 9 GB zip archive containing the source code for Bing, Cortana, and other projects. Some of the compromised data contain emails and documentation that were clearly used internally by Microsoft engineers.

Description: An unknown attacker is using stolen OAuth user tokens to download data from private repositories on Github. The attacker has already accessed and stolen data from dozens of victim organizations. Github immediately took action and started notifying all the impacted users and organizations about the security breach.

Description: Some of the sensitive information of Microsoft customers was exposed by a misconfigured Microsoft server accessible over the Internet in September 2022. The exposed information includes names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and Microsoft or an authorized Microsoft partner. However, the leak was caused by the "unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem" but the SOCRadar claimed to link this sensitive information to more than 65,000 entities from 111 countries stored in files dated from 2017 to August 2022.

Description: A vulnerability in Microsoft's Exchange email system allowed threat actors with ties to China to steal about 60,000 emails from the US State Department. The accounts of State Department personnel that were compromised were mostly used for diplomatic operations in the Indo-Pacific, and the hackers also obtained a list of all the department's correspondence. Approximately 60,000 unclassified emails were exfiltrated as a result of that breach. No, confidential systems weren't violated. These concerned only the unclassified system. The threat actors employed forged authentication credentials to access user email accounts via Outlook Web Access in Exchange Online (OWA) and Outlook.com, according to Microsoft researchers.

Description: A network named Stargazer Goblin manipulated GitHub to promote malware and phishing links, impacting the platform's integrity by boosting malicious repositories' popularity using ghost accounts. These activities aimed to deceive users seeking free software into downloading ransomware and info-stealer malware, compromising user data and potentially causing financial and reputational harm to both GitHub and its users. GitHub’s response was to disable accounts in violation of their policies and continue efforts to detect and remove harmful content.

Description: Microsoft's AI-powered Copilot exposed to security vulnerabilities where a hacker could access sensitive information such as employee salaries by bypassing file reference protections. Attackers can also manipulate AI to provide their own bank details, glean insights from upcoming financial reports, and trick users into visiting phishing websites. The exploitation of post-compromise AI introduces new risks since it aids attackers in bypassing controls and extracting internal system prompts, leading to unauthorized data access and operations.

Description: Microsoft faced privacy concerns regarding their newly launched AI feature named Recall. Recall captures screenshots every five seconds to assist users in retrieving online activities such as recipes or documents. However, despite safety measures, it was discovered that Recall could capture sensitive information such as credit card numbers and Social Security numbers, even with the 'filter sensitive information' setting active. There were gaps identified when sensitive data was entered into a Notepad window or a loan application PDF within Microsoft Edge, which raised alarm within the privacy and security community, leading to significant scrutiny and potential loss of trust from users.

Description: The GitVenom campaign has aggressively targeted gamers and crypto investors, utilizing GitHub as a platform for hosting malicious projects. With a multitude of fake repositories that contained harmful code, the campaign has deceived users with seemingly legitimate automation tools and crypto bots. The impact of GitVenom included credential theft, unauthorized cryptocurrency transactions, and remote system control through backdoors. The damage extended to personal data compromise and financial losses for the affected users, while also tarnishing GitHub's reputation as a safe space for developers to share code.

Description: GitHub repositories were compromised, leading to the exposure of install action tokens which fortunately had a limited 24-hour lifespan, thus reducing the risk of widespread exploitation. Endor Labs found that other sensitive credentials like those for Docker, npm, and AWS were also leaked, although many repositories adhered to security best practices by referencing commit SHA values rather than mutable tags, mitigating the potential damage. Despite the reduced impact, due to the potential for threat actors to leverage GitHub Actions, users are advised to implement stricter file and folder access controls to enhance security measures and prevent similar incidents in the future.

Description: GitHub was hit by a major DDoS attack that made the website unavailable to many users for several hours. The attackers injected malicious JavaScript code into the pages of those websites that were responsible for the hijacking of their visitors to Github. Github investigated the incident and removed several repositories to secure its servers.

Description: Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and Azure's cloud computing infrastructure. The DDoS attacks that targeted the business's services were allegedly carried out by a group going by the name of Anonymous Sudan (also known as Storm-1359). In a report titled Microsoft Response to Layer 7 Distributed Denial of Service (DDoS) assaults, the IT giant later acknowledged it had been the target of DDoS assaults. Still, he did not disclose further information regarding the outage. The business emphasized that they had not found proof of unauthorized access to or compromise of client data.

Description: GitHub, a prominent code-hosting platform, experienced manipulation of its pages through the use of 'ghost' accounts, as uncovered by Check Point researchers. The cybercriminal known as 'Stargazer Goblin' managed a network of approximately 3,000 fake accounts to promote malware and phishing links by artificially boosting the popularity of malicious repositories. This deceptive action not only jeopardized the integrity of GitHub's community tools but also posed risks to users by distributing malware and info-stealers, like the Atlantida Stealer, under the guise of legitimate software offerings. The platform's extensive user base heightened the potential damage, leading to GitHub's intervention to disable accounts that breach its Acceptable Use Policies.

Description: Microsoft experienced a widespread Azure outage impacting various services including Microsoft 365 products like Office and Outlook. This incident was confirmed by Microsoft as a cyberattack, specifically a distributed denial of service (DDoS), disrupting operations by overloading the infrastructure with excessive traffic. The attack lasted around eight hours and affected customers globally. Microsoft's swift identification and response to the attack minimized the direct impact on end-users, but the service interruption highlights the ever-present threat of cyberattacks and the importance of robust cybersecurity measures.

Description: Microsoft detected Chinese threat actors employing the Quad7 botnet, also known as CovertNetwork-1658 or xlogin, in sophisticated password-spray attacks aimed at stealing credentials. These attacks targeted SOHO devices and VPN appliances, exploiting vulnerabilities to gain unauthorized access to Microsoft 365 accounts. The botnet, which includes compromised TP-Link routers, relayed brute-force attacks and enabled further network exploitation. Affected sectors include government, law, defense, and NGOs in North America and Europe. The attackers, identified as Storm-0940, utilized low-volume password sprays to evade detection and maintained persistence within victims' networks for potential datapoints exfiltration.

Description: A large botnet, composed of over 130,000 devices and attributed to a Chinese-affiliated hacking group, has been targeting Microsoft 365 (M365) accounts through password spraying attacks. By exploiting the use of basic authentication, the botnet bypassed multi-factor authentication (MFA), leveraging stolen credentials. The breach has been ongoing since at least December 2024 and poses significant risks as it operates undetected by exploiting Non-Interactive Sign-In logs. Security teams usually overlook these logs, which conceal the high-volume password spraying attempts. These attacks have had widespread global impacts across numerous M365 tenants, leading to potential compromises in user account security and organizational data integrity.

Description: The GitVenom malware campaign primarily targets GitHub users, particularly gamers and crypto investors, by masquerading as open-source projects. These fake repositories contained malicious scripts with the potential to download further nefarious components and execute them. The campaign, active for years with most infection attempts in Russia, Brazil, and Turkey, managed to compromise GitHub accounts, credentials, and crypto data, executing operations such as the theft of cryptocurrency and installing backdoors for remote access. Financial loss is substantial, reaching approximately 5 BTC, valued at around $485,000 at the time of discovery, affecting users' financial assets and GitHub's reputation as a trusted development platform.

Description: Microsoft experienced massive data breach affecting anonymized data held on its customer support database. The data breach affected up to 250 million people as a result of the tech giant failing to implement proper protections. The information compromised included email addresses, IP addresses and support case details.

Description: The database that drives m.careersatmicrosoft.com was handled by a mobile web development company that Microsoft relied on, and it was accessible without any authentication for a few weeks. All signs pointed to the database, which was a MongoDB instance, not being write-protected. Therefore, an attacker may have altered the database and, as a result, the HTML code of the job listing pages throughout the disclosed time period. Everything was secured once Chris Vickery informed Punchkick and Microsoft of the issue.

Description: The Microsoft AI research division unintentionally published 38TB of critical information while posting a container of open-source training data on GitHub, according to cybersecurity company Wiz. Secrets, private keys, passwords, and more than 30,000 internal Microsoft Teams communications were discovered in a disk backup of the workstations of two workers that was made public by the disclosed data. Wiz emphasized that because Microsoft does not offer a centralized method to manage SAS tokens within the Azure interface, it is difficult to track them. Microsoft claimed that the data lead did not reveal customer data, that no customer data was leaked, and that this vulnerability did not put any internal services at risk.

Description: The GitHub Desktop for Mac and Atom programs, GitHub confirmed that threat actors exfiltrated encrypted code signing certificates. Customer data was not affected, the company claimed, because it was not kept in the affected repositories. According to the business, there is no proof that the threat actor was able to use or decrypt these certificates. According to the business, neither GitHub.com nor any of its other services have been affected by the security compromise.

Description: A massive dump of Microsoft's proprietary internal builds for Windows 10 has been published online, along with the source codes for proprietary software. This is the largest leak affecting Windows products; the data in the dump were probably stolen from Microsoft computers in March. Microsoft's Shared Source Kit, which comprises the source code for the Microsoft PnP and base Windows 10 hardware drivers as well as storage drivers, USB and Wi-Fi stacks, and ARM-specific OneCore kernel code, has been released. Top-secret versions of Windows 10 and Windows Server 2016 that have never been made public are included in the dump.

Description: GitHub, the top software development platform in the world, made some users reset their passwords after discovering an issue that resulted in credentials being recorded in plain text in internal logs. A routine corporate audit uncovered the problem, which involved some users sharing on Twitter the email correspondence that the organisation had received. The business promptly stated that user data was safe and that none of its systems had been compromised. The business further stated that the plaintext passwords were not publicly available and could only be seen by a limited number of its IT workers through internal log files.

Description: GitHub experienced a ransomware attack which include at least 392 GitHub repositories. Some users who fell victim to this hacker have admitted to using weak passwords for their GitHub, GitLab, and Bitbucket accounts. However, all evidence suggests that the hacker has scanned the entire internet for Git config files, extracted credentials, and then used these logins to access and ransom accounts at Git hosting services. It was found that Hundreds of developers have had Git source code repositories wiped and replaced with a ransom demand.

Description: The VSCode Marketplace, operated by Microsoft, suffered a security lapse when two extensions embedding in-development ransomware bypassed the review process. These extensions, downloaded by a handful of users, aimed to encrypt files within a specific test folder and demanded a ransom in ShibaCoin. While the impact was minimal due to the ransomware's limited scope, it revealed significant gaps in Microsoft's review system. This incident sheds light on potential vulnerabilities within widely used developer platforms and highlights the importance of stringent security measures to prevent such breaches.

Description: A critical vulnerability in Microsoft's Azure Automation service could have permitted unauthorized access to other Azure customer accounts. By exploiting the bug, the attacker could get full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. Several companies including a telecommunications company, two car manufacturers, a banking conglomerate, and big four accounting firms, among others, the Israeli cloud infrastructure security company were targeted by exploiting this vulnerability. However, the issue was identified and was remediated in a patch pushed in December 2021.

Description: Microsoft mitigated a security flaw affecting Azure Synapse and Azure Data Factory that could lead to Any malicious actor could have weaponized the bug to acquire the Azure Data Factory service certificate and access another tenant's Integration Runtimes to gain access to sensitive information. However, no evidence of misuse or malicious activity associated with the vulnerability in the wild was reported yet.

Description: A zero-day remote code execution vulnerability named 'Follina' in Microsoft Office discovered recently has the potential for code execution if a victim opens a malicious document in Word. The vulnerability abuses the ability of MSDT to load other assistants “wizards” in Windows, which in turn have the ability to execute arbitrary code from a remote location. It can also allow the attacker to view and edit files, install programs and create new user accounts to the limit of the compromised user’s access rights. The initial versions spotted in the wild required the target to open the malicious document in Word, but the recently discovered variant uses Rich Text Format (.RTF) works only if the user simply selects the file in Windows Explorer. Microsoft has yet not issued a patch but has suggested disabling the MSDT URL Protocol to cut off the attack sequence.

Description: In March 2021, Microsoft encountered a massive security breach that affected over 30,000 organizations in the U.S., ranging from businesses to government agencies. This attack was notably significant due to its broad impact and the exploitation of vulnerabilities within Microsoft's Exchange Server software. The attackers were able to gain access to email accounts, and also install additional malware to facilitate long-term access to victim environments. Given the scale and the method of attack—exploiting software vulnerabilities—the incident highlighted critical concerns regarding software security and the necessity for timely updates and patches. The breach not only compromised sensitive information but also eroded trust in Microsoft's security measures, pushing the company to swiftly address the vulnerabilities and enhance their security posture to prevent future incidents. The repercussions of the attack underscored the importance of robust cybersecurity defenses and the need for constant vigilance in a landscape where threats are continuously evolving.

Description: Microsoft faced a cyberattack where the CVE-2024-21412 vulnerability in the Defender SmartScreen was exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza, affecting users in Spain, Thailand, and the US. Attackers utilized crafted links to bypass security features and install malware that stole data and targeted specific regions. Despite Microsoft releasing a patch for the vulnerability, the attack compromised personal and potentially sensitive information. Organizational cybersecurity defenses were challenged by the innovative methods used by the attackers, underscoring the criticality of awareness and proactive security measures.

Description: In May, Microsoft introduced Recall, an AI that takes screenshots every five seconds for user convenience. However, concerns were raised about privacy and security, leading to delayed launch and modifications. Despite these changes, Tom's Hardware testing revealed the 'filter sensitive information' feature failed to prevent gathering sensitive data. Specifically, Recall captured credit card numbers, social security numbers, and other personal data while filling out a Notepad window and a loan application PDF, compromising users' financial information and privacy.

Description: Microsoft's Windows Key Distribution Center (KDC) Proxy service experienced a significant remote code execution vulnerability, tracked as CVE-2024-43639, which could have allowed unauthenticated attackers to execute arbitrary code on affected servers. The flaw, due to an integer overflow from missing length checks on Kerberos response handling, was patched in November 2024. Had it been exploited, attackers could have gained full control over compromised systems, underlining the critical importance of quick patch deployment in enterprise security.

Description: A vulnerability within GitHub's CodeQL, a security analysis tool, was uncovered that had the potential to be exploited, potentially affecting a vast number of public and private repositories. Despite there being no evidence of actual misuse, the flaw could have allowed for the exfiltration of source code and secrets, jeopardizing the security of internal networks including GitHub's own systems. The vulnerability, which involved the exposure of a GitHub token, was quickly addressed by the GitHub team, showcasing their rapid and impressive response.

Description: Microsoft encountered a security challenge when EncryptHub, also known as SkorikARI, a threat actor emerged with skills in vulnerability research. The actor, credited by Microsoft for uncovering two Windows security issues, could potentially compromise users' safety and data. The vulnerabilities, identified as high-severity CVE-2025-24061 and medium-severity CVE-2025-24071, raised concerns over the Mark of the Web security feature and Windows File Explorer, respectively. EncryptHub's background in ransomware and vishing, combined with these recent activities, signifies a mixed threat profile. Although policies and user vigilance can mitigate risks, the presence of these vulnerabilities unveiled by EncryptHub poses a direct threat to Microsoft's systems and its vast user base.

Description: Microsoft’s Azure Prompt Shield, deployed across its AI services including Azure OpenAI and other enterprise platforms, was revealed to harbor a critical security vulnerability through a deceptively simple emoji smuggling technique. Researchers from Mindgard and Lancaster University demonstrated that by embedding malicious instructions within Unicode emoji variation selectors, attackers can bypass the shield’s content inspection pipeline entirely. Because Azure Prompt Shield fails to normalize or parse these hidden characters in line with the underlying language model, it remains blind to the hidden payload while the model itself executes the commands. In controlled tests, this bypass achieved a perfect 100% success rate, enabling adversaries to unleash unauthorized code execution, data exfiltration attempts, and disallowed content generation. The implications are profound: enterprises relying on Azure’s guardrails may unknowingly expose sensitive intellectual property, customer data, and internal decision-making processes to hostile actors. This flaw not only undermines user trust in Microsoft’s AI safety infrastructure but also highlights an urgent need for more robust Unicode handling and unified guardrail-LM dataset alignment.

Description: A vulnerability known as BadSuccessor in Windows Server 2025’s delegated Managed Service Account (dMSA) feature has been weaponized by a proof-of-concept exploit tool called SharpSuccessor. This tool allows attackers with minimal Active Directory permissions to escalate privileges to the domain administrator level, raising serious security concerns for enterprise environments worldwide. The vulnerability leverages the dMSA migration mechanism and requires only CreateChild permissions over any Organizational Unit (OU) to function. Exploiting this vulnerability could lead to unauthorized access and potential data breaches within organizations.