Microsoft

Microsoft Defender Experts track expanding infostealer campaigns hitting macOS via ClickFix prompts, malicious DMG installers, and Python-based stealers. DigitStealer, MacSync, and AMOS lead the wave.

Microsoft warns of ClickFix variant that deliberately crashes Chrome, then social-engineers victims into running PowerShell. Only domain-joined hosts targeted.

Microsoft's February 2026 Patch Tuesday fixes 59 flaws including six actively exploited zero-days. CrowdStrike confirmed CVE-2026-21533 was used in attacks targeting US and Canada since December.

CVE-2026-21509 bypasses OLE security protections across Office 2016-2024. CISA adds it to KEV catalog with February 16 deadline.

KB5074109 update causing UNMOUNTABLE_BOOT_VOLUME errors on some Windows 11 devices. Physical machines affected; VMs appear unimpacted.

Microsoft disrupts multi-stage attack combining adversary-in-the-middle phishing with BEC. Attackers abused SharePoint and inbox rules for persistence.

Varonis researchers disclosed a vulnerability chain that let attackers exfiltrate user data through Copilot with a single malicious link click. Microsoft has patched the issue.

Coordinated takedown seizes cybercrime service that enabled 191,000 account compromises. Operation marks Microsoft's 35th action against criminal infrastructure.

January 2026 Patch Tuesday addresses CVE-2026-20805, an info disclosure bug already under attack. CISA gives feds until February 3 to patch.

Threat actors spoof organization domains by abusing complex mail routing and weak DMARC policies. Microsoft blocked 13 million malicious emails in October alone.