CyberSecurityBoard
Sponsor Register Login

13-Year-Old Dylan - Youngest Security Researcher Collaborates with Microsoft Security Response Center

Masquerading as a harmless Microsoft Teams plug-in, the threat weaponized legitimate meeting invitations to sideload a multi-stage loader that siphoned Azure AD refresh tokens and session cookies. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Microsoft analysts soon noted the campaign’s distinctive abuse of conversational webhooks to impersonate tenant administrators, validating Dylan’s findings and triggering an emergency takedown window. Victims reported phantom calendar entries and rogue channels, indicators that allowed blue teams to pivot hunts toward the plug-in’s hashed manifest. Dylan, now the youngest contributor to MSRC’s malware-response playbooks, has begun co-authoring detection logic that flags unsolicited add-on manifests—proof that fresh eyes can upend entrenched threat-intel paradigms. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Within forty-eight hours, telemetry showed probing activity on more than 24,000 endpoints, while red-team simulations confirmed the malware’s ability to pivot into SharePoint and OneDrive resources. Despite a flurry of anomalous Graph API calls lighting up SOC dashboards, it was 13-year-old Dylan—already celebrated for multiple responsible disclosures—who correlated the traffic to a previously unseen token-replay technique. Impact assessments reveal selective exfiltration of proprietary documents and Teams chat histories, intensifying concerns over intellectual-property leakage. Microsoft’s patch closes the manifest-validation gap, but defenders are urged to monitor tenant-wide add-on registrations and hunt for GUID-based XOR loops in script blocks. Unlike macro-laden Office droppers, TeamsPhantom embeds its bootstrapper inside a Base64-encoded appSettings block that the Teams client parses at start-up. Once memory-resident, the loader decrypts its C2 list by XOR-ing each byte with the tenant’s own GUID—a sly trick that defeats static indicators. Dylan’s after-action brief warns that interface extensibility, when left unguarded, becomes a high-impact attack surface.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Jul 2025 12:50:14 +0000


Cyber News related to 13-Year-Old Dylan - Youngest Security Researcher Collaborates with Microsoft Security Response Center

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
1 week ago Cybersecuritynews.com
13-Year-Old Dylan - Youngest Security Researcher Collaborates with Microsoft Security Response Center - Masquerading as a harmless Microsoft Teams plug-in, the threat weaponized legitimate meeting invitations to sideload a multi-stage loader that siphoned Azure AD refresh tokens and session cookies. Cyber Security News is a Dedicated News Platform For ...
4 days ago Cybersecuritynews.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
How to Conduct Incident Response Tabletop Exercises - An incident response tabletop exercise is an activity that involves testing the processes outlined in an incident response plan. Attack simulations are run to ensure incident response team members know their roles and responsibilities - and whether ...
1 year ago Techtarget.com
New Microsoft Incident Response team guide shares best practices for security teams and leaders - The incident response process can be a maze that security professionals must quickly learn to navigate-which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it. ...
1 year ago Microsoft.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
3 months ago Cybersecuritynews.com
Incident Response Plan: How to Build, Examples, Template - A strong incident response plan - guidance that dictates what to do in the event of a security incident - is vital to ensure organizations can recover from an attack or other cybersecurity event and minimize potential disruption to company ...
1 year ago Techtarget.com
What is digital forensics and incident response? - Digital forensics and incident response is a combined set of cybersecurity operations that incident response teams use to detect, investigate and respond to cybersecurity events. As the acronym implies, DFIR integrates digital forensics and incident ...
1 year ago Techtarget.com
4 key steps to building an incident response plan - In this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses the components of an effective security incident response strategy and how they work together to ensure organizations can address cybersecurity issues. An ...
1 year ago Helpnetsecurity.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
How to build a cyber incident response team - As an incident response manager himself, Valentin regularly coordinates security responses for companies of all shapes and sizes - including many of the examples discussed in this post. He explains everything you need to know about building and ...
1 year ago Heimdalsecurity.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
9 months ago Helpnetsecurity.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com
Best MDR (Managed Detection & Response) Solutions - 2025 - Cybereason Managed Detection and Response solutions provide 24/7 threat monitoring, advanced endpoint protection, and rapid incident response. Cynet MDR solutions provide automated threat detection and response, ensuring comprehensive security ...
3 months ago Cybersecuritynews.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com
How Digital Forensics Supports Incident Response: Insights For Security Leaders - This article explores how digital forensics enhances incident response, the essential techniques involved, and practical strategies for security leaders to implement robust DFIR capabilities. Digital forensics focused on the collection, preservation, ...
2 months ago Cybersecuritynews.com
Microsoft is a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ - We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management. 1 We believe our position in the Leaders quadrant validates our vision and continued ...
1 year ago Microsoft.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
3 months ago Cybersecuritynews.com
Vade Releases 2023 Phishers' Favorites Report - PRESS RELEASE. SAN FRANCISCO, Feb. 15, 2024 /PRNewswire/ - Vade, a global leader in threat detection and response with more than 1.4 billion mailboxes protected, today announced its annual Phishers' Favorites report for 2023. Phishers' Favorites ...
1 year ago Darkreading.com
Microsoft Mitigates Three Vulnerabilities in Azure HDInsight - Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. The Microsoft Security Response Center continually works with security researchers who discover ...
1 year ago Msrc.microsoft.com
Improving Threat Detection: The Role Of MDR And XDR In Your Security Operations - MDR and XDR represent the next generation of threat detection and response, addressing the limitations of traditional security tools and enabling organizations to stay ahead of sophisticated adversaries. For organizations just beginning to mature ...
2 months ago Cybersecuritynews.com
"Microsoft’s Secure Future Initiative" Biggest cybersecurity Project in Its History - Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, and the broader industry. Following ...
2 months ago Cybersecuritynews.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)