Olivia
Online
Paolo H.
@grex86
Modern Work & Cybersecurity Director @4wardIT
Milan, Italy
Joined September 2007
175 Following
113 Followers
8.9K Posts
🔊 Advanced Hunting Schema Changes 🤖
Fellow XDR Defenders do take note the AIAgentsInfo table is transitioning to the AgentsInfo table. Remember to change your custom detection KQL code referencing AIAgentsInfo before 1 July 2026.
Please help spread the changes.🫡
Link: https://t.co/ONa8QGcJSI
#Cybersecurity #DefenderXDR #AIAgentsInfo
scoop: Microsoft has restricted employees from using Anthropic's new Claude Fable 5 model in GitHub Copilot, because of data retention concerns. Microsoft’s legal teams are evaluating Anthropic’s new data retention changes. Full details 👇https://t.co/D3YofUD5hp
🔒 Power Platform governance just got a major upgrade
Advanced Connector Policies are now GA—giving admins precise control over connectors, actions & even AI agents 🤖
Think allowlist-first, safer by default ✅
#Copilot #PowerPlatform
https://t.co/SjQz8LT0kK
🚨 73 Microsoft GitHub repos just went dark.
They were hit by Miasma, a self-replicating supply chain attack spreading through trusted open-source channels.
Azure and MicrosoftDocs repos were among those impacted.
Read this: https://t.co/J1Pyrr4mlR
Who to follow
Agdiwo
@agdiwo
IT consultancy firm based in Gothenburg, Sweden. Focus is around #MEMCM, #MSIntune, #Powershell, and #Windows11.
Rich Lilly
@richlilly
Chief Technology Officer (CTO) & Partner | Refoundry | Microsoft Security, AI, Identity & Cloud Strategy
たむてんとテむ
@tamtaentotaem
Industry 4.0's labourer/student
he/him
Microsoft's new Global Secure Access Operations Guide is really good.
Almost all maintenance and health checks are easy to set up as automated tasks using Sentinel, playbooks, or the Zero Trust Assessment (using Azure Automation)
Includes a full RACI matrix, and the playbooks on managing app segments + config backup is very useful 😇 https://t.co/u71zJIrwZY
Microsoft Launches Container Management Support for Security Groups https://t.co/tuayjeZ5Gn #Microsoft365 #MVPBuzz
Going to leave this for anyone who needs it (everyone)
https://t.co/aUvCH7rhnC
Please take the time to block device code authentication in your environments.
It'll instantly combat Device Code Phishing attacks. It's also advice given by the FBI and MS.
https://t.co/1FghIqb84L
Defender AV's ASR rules really are fantastic, great way to break attacker tools while still allowing your apps to work
I need to update my blog, but the core is there - KQL queries to help build your allow lists and get it done
https://t.co/Di1lfwkrWD
Some lessons learned 🧵
I don’t know what happened between Microsoft and #NightmareEclipse behind closed doors
Maybe Nightmare Eclipse was unreasonable. Maybe Microsoft was. Maybe both.
But I think Microsoft badly misjudged this situation.
When you’re the largest software vendor on the planet, you don’t get to behave like an angry individual in an internet argument.
You have to be the adult in the room.
Deleting repositories, talking about criminal investigations and turning the whole thing into a public fight was a mistake. The damage from that goes far beyond this one researcher.
What surprised me most is how quickly people started sharing their own MSRC stories afterwards.
- Months without responses
- “Working as intended”
- Bounty disputes
- Reports that went nowhere
People don’t suddenly start telling those stories for no reason. I think Microsoft broke a lot of porcelain here.
And for what exactly?
I don’t see much upside.
Microsoft is now auto-syncing Purview RBAC roles into Entra ID, which is why admins are seeing new roles + PIM alerts like “PurviewRoleAssignmentMigrator”.
This is expected behaviour, not a misconfig.
Breakdown here:
https://t.co/1XbEJOAFde
#Purview #Entra #PIM #PurviewRBAC
🧙♂️ Detecting Teams Impersonation via RMM Exfiltration
A true KQLWizard masterpiece — stitching together detection logic to deliver high‑fidelity alerts against Teams impersonation attacks that pivot into data exfiltration through RMM tools.
As highlighted by the Microsoft Defender Security Research Team (April 2026), these attacks are both prevalent and notoriously stealthy. With this detection, SOCs gain an early warning system to spot impersonation attempts and move swiftly to mitigation.
KQL Code:
https://t.co/6QewzOXc96
#ThreatHunting #DefenderXDR #KQLWizard #DetectionEngineering
As of right now, Microsoft are rolling our Passkey (FIDO2) registration campaigns! Read more here: https://t.co/xtiJWhD1Pw 💙
For clarity, you will only be impacted if:
• The Passkeys (FIDO2) authentication method policy is Enabled
• Allow self‑service setup is Enabled
• Target specific AAGUIDs is not selected (no AAGUID restrictions configured)
• The Registration Campaign state is set to Microsoft‑managed
• The tenant has at least one user enabled for both synced passkeys and device‑bound passkeys
It's worth checking your settings right away!
#Entra #Microsoft
If you do anything with Defender Antivirus / MDE, you should definitely read this to understand what is coming :)
This will solve a bunch of problems ranging from policy conflicts (GPO vs Intune), local policy changes by admins or attackers, and more
❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design."
All of them. Including credentials for sites you won't open this session.
Researcher @L1v1ng0ffTh3L4N tested every major Chromium browser. Edge is the only one that behaves this way.
Chrome decrypts credentials on demand, and App-Bound Encryption locks the keys to an authenticated Chrome process so other processes can't reuse them.
In Chrome, plaintext surfaces only during autofill or when a password is viewed, making memory scraping far less useful.
What makes this extra weird is that Edge still demands re-authentication before revealing those passwords in its Password Manager UI, while the same browser process already holds every one of them in plaintext.
In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process. In the published PoC video, a compromised admin account lifts stored credentials from two other logged-on (and even disconnected) users with Edge running.
Microsoft's official response when notified: "by design."
The finding was disclosed April 29 at BigBiteOfTech by PaloAltoNtwks Norway, alongside a small educational tool that lets anyone verify the cleartext storage for themselves.
This is a huge update for access packages 👇
Today, one of my favorite feature announcements ever at the M365 Community Conference - Public Preview of Skills in SharePoint.
We’re excited skills enable end user customization and best practice sharing that has always been key to Microsoft’s collaboration tools and ecosystem - now for the AI era.
#M365con26 #SharePoint
https://t.co/EC1caAzvMQ
Detecting Plain‑Text Password Exposure Using Custom Regex in Microsoft Purview https://t.co/Eef7CUNTOS
We’re excited to announce an expanded partnership with @Microsoft, establishing Speedtest as the integrated network performance testing platform across Bing and Windows.
Rolling out now to all eligible Windows devices! Read more: https://t.co/xwNBeJGlof
I updated my blog about Entra ID App Registrations vs Service Principals. It was only a couple of months ago that I learned that with Graph API, it's possible to add credentials directly to service principals and that they never show up in Entra Portal except in audit log.
https://t.co/21HGJuVzC7
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers