Inception Security
@Inceptionsec
Securing SMBs with Microsoft licensing (Defender/Sentinel). Free Inception Foresight M365 assessment: https://www.inceptionsecurity.com/m365assessment
You might like
SMBs: What’s the biggest threat hiding in your Microsoft 365? Hackers hunt weak spots, phishing scams, device breaches, or sneaky misconfigurations. Don’t leave it to chance. Our free Inception Foresight assessment scans your M365 in under 30 mins, exposing risks (like phishing…
If you are responding to the Cisco 0-day, make sure you are taking breaks. Make sure to hydrate and get that charcuterie board. If you are needing help responding to the 0-day. We will help you out. Hit us up. Pro tip: look for missing message id 302013 and 302014.
Just discovered a wild vulnerability in Entra ID Actor Tokens that could've handed hackers Global Admin access to your tenant, like, total takeover with barely a trace. Microsoft patched it (CVE-2025-55241), but it's a wake-up call for monitoring those old APIs. Dive into the…
New in Microsoft Teams: Built-in detection for malicious URLs in chats—rolling out now to combat phishing spikes (up 30% in Q3 2025). Great step, but for mid-sized teams (5-1,200 users), oversharing in channels + weak Defender configs still leave doors wide open. Pro tip: Layer…
CVE-2025-53786 Alert: Hackers could escalate from on-prem Exchange to full M365 takeover in hybrids. SMBs, don't let this hit you! Quick fixes: Re-run HCW, boost Sentinel monitoring, and enforce CA policies. Read our blog for the full breakdown + free tips:…
Just days after Microsoft's Sept 2025 Patch Tuesday fixed 81 vulns (including 2 zero-days), CISA warns: CVE-2025-53786 in Exchange hybrids could let hackers escalate from on-prem to cloud—total identity takeover risk for SMBs. No exploits yet, but "likely" per experts. Is your…
“We already have MFA, so we’re secure.” That’s the most common (and most dangerous) belief we hear from businesses. Here’s the truth: - Hackers bypass MFA every single day using Legacy Authentication. - It’s an old login method that doesn’t support MFA. - If it’s enabled, a…
🚨 79% more breaches. That’s what Microsoft’s 2025 report found when companies stacked too many security tools. More tools ≠ more security. More tools = more chaos. The fix? 👉 Simplify. 👉 Unify. 👉 Secure employee access without hiring a big security team. Here’s how we do…
Most Microsoft 365 environments have 7 hidden security gaps. Hackers know them. Do you? Here’s what you get for FREE: ✅ Full Microsoft 365 Security Assessment ✅ Detailed risk report ✅ Action plan aligned to Microsoft best practices ✅ Backed by Inception Protection 👉 Read…
🚨 New Blog: A zero-day DOM-based extension clickjacking attack is targeting password managers. ✔️ Hidden form fields ✔️ Overlay deception ✔️ Autofill exploited in a single click Our breakdown → how it works, who’s vulnerable, and what you should do now.…
🚨 MFA ≠ Safe 🚨 Hackers don’t just bypass MFA in Microsoft 365 — they make it theirs. ➡️Legacy auth ➡️AiTM phishing ➡️OAuth consent ➡️Adding their own MFA device We built KQL hunts + a response playbook. 🛡️ inceptionsecurity.com/post/the-1-mic… #M365 #CyberSecurity #MFA #ThreatHunting…
inceptionsecurity.com
How Hackers Bypass MFA in Microsoft 365 — and How to Detect and Stop Them
Learn how hackers use Microsoft 365 MFA bypass to gain access, add persistence, and exfiltrate data. Detect attacks with KQL queries and stop them fast.
Ransomware has leveled up in 2025. It’s not just “lock the files and hope for a payout” anymore. Now it’s AI-powered evasion, data theft before encryption, and attackers blending into normal activity so well they look like part of your IT team. We put together a guide that…
New blog: How threat actors abuse Microsoft 365 Direct Send to bypass controls and land “internal” phish in inboxes. We cover IOC hunting, connector scoping, RejectDirectSend, and DMARC hardening—plus a free M365 assessment. Read now👇 inceptionsecurity.com/post/microsoft… #M365 #Defender…
inceptionsecurity.com
Microsoft 365 Direct Send Phishing: How Internal-Looking Emails Bypass Defenses
Phishers are increasingly abusing a little-known Microsoft 365 feature called Direct Send to make malicious emails appear to come from within your company. In July 2025, researchers disclosed a...
We have seen this in the wild. #Cybersecurity #ClickFix #OSINT #Phishing #Castleloader
🚨 New malware CastleLoader is hijacking systems through fake GitHub repos and phishing sites—469 confirmed infections. It spreads stealers and RATs, uses PowerShell, and mimics trusted dev tools. It’s stealthy. It’s spreading. Here’s how it works ↓ thehackernews.com/2025/07/castle…
United States Trends
- 1. Veterans Day 327K posts
- 2. Luka 80.8K posts
- 3. Nico 136K posts
- 4. Toy Story 5 5,634 posts
- 5. Gambit 37.1K posts
- 6. Travis Hunter 2,279 posts
- 7. Mavs 31.5K posts
- 8. Sabonis 3,217 posts
- 9. Vets 29K posts
- 10. Pat McAfee 3,959 posts
- 11. Kyrie 7,458 posts
- 12. Wike 97.5K posts
- 13. Payne 10.7K posts
- 14. Wanda 26.2K posts
- 15. Bond 71.8K posts
- 16. Battlenet 2,415 posts
- 17. Jay Rock 3,257 posts
- 18. Antifa 176K posts
- 19. Tomas 19.9K posts
- 20. Rogue 47.5K posts
You might like
-
MAC & Bleu - Building the Future
@macandbleu -
Dynamic Trend
@DynamicTrendInc -
Daniel Gomez Aguilera
@dani107923 -
Mentaltune
@mentaltune -
Bluesphere Ventures
@BluesphereHQ -
Tiny-Tim.eth
@TinyTimFerriss -
Mitra9
@Mitra9Brands -
SimplyCodes
@SimplyCodesHQ -
John Dunigan
@JADunigan2 -
Cosmo DeStefano
@cpdestefano -
Mark Tinderholt
@MarkTinderholt -
John Berger
@JohnBerger_CEO -
Reckless Speculation Podcast
@RecklessSpecul1
Something went wrong.
Something went wrong.