Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the "internal API" security model obsolete.The "Confused Deputy" Risk: ...

Microsoft, Huntress, and Intego this month detailed attacks that show the ongoing evolution of the highly popular compromise technique.

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.

Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.

The AgreeTo add-in for Outlook has been hijacked and turned into a phishing kit that stole more than 4,000 Microsoft account ...

Microsoft announced today that the Exchange Web Services (EWS) API for Exchange Online will be shut down in April 2027, after ...

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real ...

A Microsoft Outlook add-in was abandoned and taken over by hackers, who used it to collect email accounts and banking data.

OpenClaw faces security vulnerabilities and misconfiguration risks despite rapid patches and its transition to an OpenAI-backed foundation.

Legacy email integrations, third-party apps, and in-house tools must move to Microsoft Graph before EWS is disabled for good.

New connector brings Copilot activity data into Microsoft Sentinel to improve visibility, detection and investigation.

As if admins haven't had enough to do this week Ignore patches at your own risk. According to Uncle Sam, a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being ...