A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data ...
Microsoft

Phishing actors exploit complex routing and misconfigurations to spoof domains

Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, ...

Microsoft Copilot reprompt exploit allowed attackers to steal your AI data

Varonis Threat Labs has published a report detailing a now patched security exploit discovered in Copilot that let attackers ...
The Hacker News

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft’s January 2026 Patch Tuesday fixes 114 Windows flaws, including an actively exploited Desktop Window Manager bug ...
Infosecurity Magazine

Phishing Attacks Exploit Misconfigured Email Routing Settings to Target Microsoft 365 Users

“Successful credential compromise through phishing attacks may lead to data theft or business email compromise (BEC) attacks ...
Krebs on Security

Patch Tuesday, January 2026 Edition

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported ...
Dark Reading

Phishers Exploit Office 365 Users Who Let Their Guard Down

Microsoft said that Office 365 tenants with weak configurations and who don't have strict anti-spoofing protection enabled ...
Dark Reading

Microsoft Starts 2026 With a Bang: A Freshly Exploited Zero-Day

Among them is a zero-day vulnerability in Desktop Window Manager (DWM) designated as CVE-2026-20805 (CVSS score: 5.5), which ...
SecurityWeek

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Eight Windows and Office vulnerabilities patched this month have been assigned a critical severity rating. A majority can be ...
The Hacker News

Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Attackers exploit misconfigured email routing and weak spoof protections to send internal-looking phishing emails for ...
Redmondmag.com

Zero-Day Attack Drives 113-Vulnerability Patch Tuesday Release to Start 2026

Microsoft rang in 2026 with its biggest January Patch Tuesday rollout in four years, shipping fixes for 113 vulnerabilities ...
Computer Weekly

Microsoft patches 112 CVEs on first Patch Tuesday of 2026

January brings a larger-than-of-late Patch Tuesday update out of Redmond, but an uptick in disclosures is often expected at ...