A new wave of digital deception has hit the Microsoft Azure ecosystem, where newly discovered vulnerabilities have allowed cybercriminals to create malicious apps that perfectly mimic official services like Microsoft Teams or the Azure Portal . These “fake” applications are identical to the originals, capable of deceiving even experienced users. The discovery, made by researchers at Varonis , revealed that Azure security measures designed to block sensitive names could be bypassed using invisible Unicode characters. By inserting characters like the Combining Grapheme Joiner (U+034F) between letters, such as in “Az͏u͏r͏e͏ ͏P͏o͏r͏t͏a͏l” , attackers were able to register apps that appeared legitimate but

While Internet Explorer has officially been out of support since June 2022, Microsoft recently faced a threat that exploited Internet Explorer Mode (IE Mode) in Edge , which was designed to provide compatibility with legacy applications and government portals. Cybercriminals exploited zero-day vulnerabilities in the Chakra JavaScript engine , coupled with social engineering techniques, to execute remote code and gain complete control over victims’ devices. “Our security team received intelligence that malicious actors were abusing IE mode in Edge to compromise unsuspecting devices,” explains Gareth Evans, head of security for Microsoft Edge. The attacks followed a specific pattern: users were directed to

This time, hackers are targeting Nintendo , the historic Japanese video game company that has been tooth and nail for decades defending its intellectual property and the industrial secrets that fuel the Mario, Zelda, and Pokémon universes. The Crimson Collective group, already known for having previously hacked the network of open source software giant Red Hat , has claimed to have compromised Nintendo’s internal servers, gaining access to the company’s confidential files and data. Cybersecurity intelligence firm Hackmanac shared a screenshot on X that allegedly shows internal Nintendo folders containing data such as production assets, developer files, and backups. However, no specific

The world of VoIP telephony has once again ended up in the crosshairs of cybercriminals. This time it’s FreePBX, the open-source platform built on Asterisk and widely used by companies, call centers, and service providers. The Sangoma FreePBX Security Team has raised the alarm: a zero-day vulnerability is affecting systems that expose the Administrator Control Panel (ACP) to the network. And this isn’t a theoretical threat: the exploit has already been actively exploited for days, with serious consequences for those who haven’t taken adequate countermeasures. The attack: arbitrary commands and mass compromises According to initial reports, the exploit allows attackers to execute

Microsoft is raising the alarm: the Storm-0501 cybercriminal group has evolved. No more “traditional” attacks on on-premise machines, no more ransomware that encrypts local files. Now the threat is moving directly above us, into the cloud, where many companies thought they were safe. This is a momentous transition: malicious executables that infect servers and PCs are no longer needed. Storm-0501 now leverages the same native cloud capabilities to do its dirty work. We’re talking about: The result? Fierce pressure, not through the usual “paid decryptor,” but through direct blackmail: either you pay, or your data in the cloud disappears or remains encrypted

A Black Thursday for millions of Microsoft Teams users around the world. A key feature of the collaboration platform – opening embedded Office documents – has suddenly been knocked out, sparking frustration and slowdowns in companies and organizations that rely on the service daily. The heart of collaboration is jammed Teams was born with a clear goal: to provide a single, integrated environment where chat, channels, and documents merge to make work faster and more collaborative. But today, opening a Word, Excel, or PowerPoint directly from Teams has become an impossible mission: screenshots of Infinite loading, cryptic errors, blank windows. A broken