Storm-1175 hits in 24 hours — how to protect your hybrid M365 stack from Medusa
Microsoft Threat Intelligence reports that Storm-1175 deploys Medusa ransomware within a single day of initial access. Here is what we check first at HaggeBurger.
Articles on Microsoft cloud security, identity architecture and AI readiness.
Microsoft Threat Intelligence reports that Storm-1175 deploys Medusa ransomware within a single day of initial access. Here is what we check first at HaggeBurger.
BlueHammer is patched, but RedSun and UnDefend are now actively exploited with no fix yet. Here is how to protect Defender-based Windows endpoints.
CISA added CVE-2026-32201 to KEV and the flaw is being exploited against SharePoint Server. Here is how to check whether your environment is exposed.
An unauthenticated RCE with CVSS 9.8 in the Windows IKE Service Extensions can hit every domain-joined Windows host. Here is how to confirm the April patch actually deployed.
Microsoft reports 10-15 campaigns per day. How to block the attack in Conditional Access.
CVE-2026-32201 is actively exploited against SharePoint Server. Here is how to protect your environment.
Two Swedish municipalities forced back to paper and pen. How to avoid the same fate.
Microsoft released an emergency fix for SharePoint Server on April 14. CISA added it to the KEV catalog the same day. If you run SharePoint on-prem you need to act this week.
Microsoft shipped today's Patch Tuesday with 80-100+ CVEs. The bigger story is the June 26 Secure Boot certificate expiry — you have two Patch Tuesdays left.
A published zero-day in Windows Defender signature updates gives attackers SYSTEM privileges. No patch exists. Here is how to protect your endpoints.
Storm-2755 uses AI to craft phishing emails that trick M365 users into giving up their tokens. Here is how to protect yourself.
APT28 compromised 18,000 routers to steal Microsoft 365 tokens. Here is how to check if your customers are affected.
New phishing-as-a-service kit bypasses MFA entirely through Microsoft 365 device code flow. Here is how to block it.
New PhaaS platform steals M365 tokens by tricking users into authenticating on Microsofts own login page.
April Windows updates enforce AES-only Kerberos for service accounts. Legacy RC4 dependencies will break.
Attackers had access to Region Värmland M365 email accounts for four months. CERT-SE warns of increasing BEC attacks against Swedish organizations.
An actively exploited vulnerability in Chrome and Edge requires immediate patching. CISA added CVE-2026-5281 to its KEV catalog.
Microsoft April update enforces AES-only Kerberos. Service accounts still using RC4 will break. Here is how to prepare.
Over 340 M365 organizations compromised via device code phishing. MFA is useless. Here is how to block it.
The EvilTokens platform steals M365 tokens that survive password resets. Here is how to block the attack in Conditional Access.
CVE-2026-26144 allows an attacker to use Copilot Agent in Excel to exfiltrate data without any user interaction.
Russian threat actors exploit Microsoft device code authentication to hijack M365 accounts. Conditional Access can stop it.
CVE-2026-26113 and CVE-2026-26110 allow code execution just by viewing an email in the Preview Pane.
The right accessories make the difference between a home office that works and one that frustrates. Here is what you need.
How to use tablets as productivity tools in your business — not just entertainment devices.
How to secure, configure, and manage all company phones centrally — whether iPhone or Android.
Stop configuring laptops manually. With Intune and Autopilot, you set up a new device in 15 minutes instead of 3 hours.
A guide for IT managers at Swedish SMBs who want to select the right hardware for Microsoft 365, Intune, and Defender.
Avoid costly mistakes when upgrading your company IT. Here are the five most important questions to ask before you buy.
Active campaign steals M365 tokens via OAuth device code flow. 340+ organizations compromised. Here is how to block the attack.
Iran-linked Handala used Microsoft Intune to wipe 200,000+ devices at Stryker. Here is how to protect your organization.
A Swedish government region suffered a phishing attack that gave attackers access to email accounts for four months undetected. Here is how to avoid the same fate.
Two critical RCE vulnerabilities in Microsoft Office let attackers execute code just by previewing a document in Outlook. Patch now.
The Tycoon2FA phishing platform is back after Europol's takedown. AiTM attacks bypass standard MFA and steal M365 tokens.
Microsoft Entra ID stops supporting app auth without a service principal on March 31. Check your app registrations now.
Active device code phishing campaign exploits Railway.com and AI-generated lures to steal M365 tokens. Password resets won't help.
CVE-2026-26144 enables attackers to weaponize Copilot Agent for zero-click data exfiltration from Excel. Patch now.
Säkerhetspolisen annual report confirms: cyberattacks against Swedish organizations are constant. What SMBs should do now.
CISA warns of actively exploited iOS attack chain threatening anyone running Microsoft Authenticator, Outlook, or Teams on iPhone.
ThreatHunter.ai published Detection Pack v2 with five new Sigma rules and KQL queries for Microsoft Sentinel covering: MuddyWater pre-positioning IOCs, PIM Authentication Context gap detection, three-layer bulk wipe prevention for Intune, stale session detection, and Rclone exfiltration detection.
CVE-2026-26144 in Excel can be exploited to make Microsoft Copilot exfiltrate sensitive data without any user interaction.
CISA urges all organizations to harden Microsoft Intune after Iran-linked Handala wiped 200,000 devices at medtech giant Stryker.
A critical Excel vulnerability combines XSS with prompt injection to turn Copilot Agent into a data exfiltration tool. Zero-click — no user interaction required.
Microsoft DART reveals how attackers use Teams voice calls and Quick Assist to deploy backdoors. Here is how to protect your organization.
CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities catalog with a 3-day patch deadline. If you run SharePoint on-prem, act now.
Passwords are the weakest link in enterprise security. FIDO2 security keys and passkeys in Microsoft Entra ID offer a phishing-resistant alternative that eliminates credential theft entirely.
When two companies merge, their IT environments collide. Duplicate tenants, overlapping identities, and inconsistent security policies create cost, risk, and friction. Here is a structured approach to M365 tenant consolidation.
The last six months have seen an unprecedented acceleration in AI capabilities. From reasoning models to autonomous agents, the technology is advancing faster than most organizations can adapt.
Most organizations running Microsoft 365 Business Premium are only using a fraction of the security features included in their license. Here is how to unlock the full value.