Support Statement — Impact of SharePoint Service Prioritization on Veeam Backup Performance

Article Applicability This article is regarding SharePoint Service Prioritization, a paid, consumption-based Microsoft Azure feature billed through the customer's Microsoft Azure subscription. It affects only SharePoint and OneDrive backup performance. Exchange Online uses a different throttling...

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control C2 or C&C communications. Webworm, first publicly documented by Broadcom-owned Symantec ...

Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

MAL-2026-3651 Malicious code in ms-graph-types (npm)

Two malicious npm packages published by the micresoft account typosquatting "microsoft" are part of a coordinated supply chain attack sharing identical infrastructure with packages published by the superbase account. Each package bundles a 4.5 MB statically-linked, UPX-packed ELF binary at...

[SECURITY] Fedora 44 Update: python-msal-1.36.0-1.fc44

The Microsoft Authentication Library for Python enables applications to integrate with the Microsoft identity platform. It allows you to sign in users or apps with Microsoft identities Azure AD, Microsoft Accounts and Azure AD B2C accounts and obtain tokens to call Microsoft APIs such as Microsof...

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control C2 channel, allowing...

Support Statement — Exchange Web Services (EWS) Deprecation

Challenge Microsoft has announced the deprecation of Exchange Web Services EWS in Exchange Online, with the initial phase-out target of October 1, 2026. Starting July 1, 2026, Microsoft will begin blocking EWS access for Frontline Worker mailbox types Kiosk, F1, and F3 as the first enforcement st...

SharePoint / OneDrive Explorer via Microsoft Graph API

The SharePoint / OneDrive Explorer is a Metasploit Auxiliary module designed to interact with Microsoft Graph API in order to explore and retrieve information from Microsoft SharePoint and Microsoft OneDrive environments. The module authenticates using OAuth2 Client Credentials with a Tenant ID,...

Microsoft Graph Enterprise Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...

Microsoft Graph Advanced Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform advanced intelligence collection in Microsoft 365 environments. The module supports Azure AD application authentication or direct access tokens and enables enumeration of Azure users, SharePoint sites, OneDrive...

Microsoft Graph Cloud Intelligence Collector

The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...

CVE-2023-49283

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

Detecting Malicious Entra OAuth Apps with LLM-Based Permission Risk Scoring

This project presents a unified detection framework that constructs a complete corpus of Microsoft Graph permissions, generates consistent LLM-based risk scores, and integrates them into a real-time detection engine to identify malicious OAuth consent activity...

EUVD-2023-3247

Malicious code in bioql PyPI...

EUVD-2024-0260

Malicious code in bioql PyPI...

EUVD-2023-3185

Malicious code in bioql PyPI...

Retail at risk: How one alert uncovered a persistent cyberthreat​​

In the latest edition of our Cyberattack Series, we dive into real-world cases targeting retail organizations. With 60% of retail companies reporting operational disruptions from cyberattacks and 43% experiencing security compromises in the past year, the risks for businesses continue to increase...

CVE-2023-49282

msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...

New Malware Campaign Exploits Microsoft Graph API to Infect Windows

FortiGuard Labs discovers an advanced attack using modified Havoc Demon and SharePoint. Explore the attack's evasion techniques and security measures...

WordPress plugin WPO365 MICROSOFT 365 GRAPH MAILER 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...