Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

A coding error in several Microsoft 365 Android apps could have allowed a malicious app on the same device to silently obtain account tokens and act as the signed-in user, according to new research ...

Microsoft released Visual Studio Code 1.123 on June 3, adding agent-focused features, larger model context support, integrated browser updates and a new delay for some automatic extension updates.

Your PC has more options than the usual household names.

Preview this article 1 min The latest site acquired is adjacent to land Microsoft already owns. The tech company has now ...

Operation FlutterBridge is a macOS malvertising campaign spreading FlutterShell, a Flutter-based backdoor with adware ...

Beyond productivity gains, the platform play focuses on unifying data, governance, and deployment for enterprise AI.

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

With Merge Agent Handler available on the Microsoft Agent Store, every Microsoft 365 customer can give agents secure, ...

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

After ignoring and even undermining the platform for years, Microsoft is racing to improve Windows 11 this year.