CyberSecurityBoard
Sponsor Register Login

Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents

According to a ANYRUN report shared with Cyber Security News , this error triggered a sudden influx of Adobe Acrobat Cloud links being uploaded to their sandbox for analysis. “We saw a sudden inflow of Adobe Acrobat Cloud links being uploaded to ANYRUN’s sandbox a couple of hours ago.” “To stop leaks, we’re making all these analyses private, but users continue to share confidential documents publicly. Our team traced it back to a false positive from Microsoft Defender XDR, which mistakenly flagged the following legitimate URL as malicious: acrobat[.]adobe[.]com/id/urn:aaid:sc:” ANY.RUN shared the report with Cyber Security News. The incident began when Microsoft Defender XDR, a widely used advanced threat protection platform, mistakenly flagged legitimate Adobe Acrobat Cloud links specifically URLs starting with acrobat[.]adobe[.]com/id/urn:aaid:sc:—as malicious. In this case, the misclassification by Microsoft Defender XDR prompted users to take actions that inadvertently exposed sensitive data, underscoring the need for accurate threat detection to prevent such cascading effects. ANYRUN’s investigation revealed that the false positive led free-plan users to upload more than 1,700 Adobe files containing confidential data, affecting hundreds of organizations. The report also advised users encountering false positives in Microsoft Defender XDR to submit them to Microsoft for analysis and resolution, a step that could help prevent similar incidents in the future. The leak, which involved corporate data from hundreds of companies, has raised alarm bells about the risks of misclassification in threat detection systems and the unintended consequences of user behavior in response to such errors. As noted in a web report by PUPUWEB on April 24, 2025, false positives can erode trust in detection systems and lead to significant security risks if not addressed promptly. A couple of hours ago we saw a sudden inflow of Adobe Acrobat Cloud links being uploaded to ANYRUN's sandbox. ANY.RUN research identified a large-scale data leak event triggered by a false positive in Microsoft Defender XDR. The ANYRUN incident serves as a stark reminder of how errors in cloud-related security tools can amplify these vulnerabilities, leading to unintended consequences like widespread data exposure. Many of these uploads were initiated by users on ANYRUN’s free plan, which defaults to public sharing mode, inadvertently exposing sensitive corporate documents to the wider internet.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 25 Apr 2025 04:50:09 +0000


Cyber News related to Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
8 months ago Aws.amazon.com
Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents - According to a ANYRUN report shared with Cyber Security News , this error triggered a sudden influx of Adobe Acrobat Cloud links being uploaded to their sandbox for analysis. “We saw a sudden inflow of Adobe Acrobat Cloud links being uploaded to ...
1 month ago Cybersecuritynews.com
Inside the Challenges of XDR Implementation and How to Overcome Them - Unlike endpoint detection and response, which collects only endpoint security telemetry, XDR collects data from native and third-party security domains including endpoints, cloud workloads, identities and more, then aggregates and applies relevant ...
1 year ago Securityboulevard.com
How AI is strengthening XDR to consolidate tech stacks - VentureBeat continues to see CISOs and their security teams migrate from Endpoint Detection and Response to XDR for greater consolidation savings and a more unified view of all attack surfaces and potential threats. XDR is riding a strong wave of ...
1 year ago Venturebeat.com
Top 10 XDR (Extended Detection & Response) Solutions - 2025 - CrowdStrike Falcon XDR uses this data to extend EDR outcomes and advanced threat detection across the security stack, thereby stopping breaches more quickly. It does this by using CrowdStrike’s world-class machine learning, artificial ...
2 months ago Cybersecuritynews.com
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com
Improving Threat Detection: The Role Of MDR And XDR In Your Security Operations - MDR and XDR represent the next generation of threat detection and response, addressing the limitations of traditional security tools and enabling organizations to stay ahead of sophisticated adversaries. For organizations just beginning to mature ...
1 month ago Cybersecuritynews.com
XDR In Penetration Testing: Leveraging Advanced Detection To Find Vulnerabilities - For example, XDR’s ability to map telemetry from endpoints, firewalls, and cloud platforms might reveal that a vulnerability in a legacy application allows attackers to bypass network segmentation controls, a scenario that individual security tools ...
1 month ago Cybersecuritynews.com
Microsoft Defender for Endpoint is Integrated with Check Point Horizon XDR/XPR - Microsoft Defender for Endpoint integrates with Check Point's extended detection and response solution - Horizon XDR/XPR. One-click integration connects the endpoint solution and telemetry is added to the XDR/XPR artificial intelligence driven data ...
1 year ago Blog.checkpoint.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics - Windows Defender places malicious files into quarantine upon detection. Fox-IT's open-source digital forensics and incident response framework Dissect can now recover this metadata, in addition to recovering quarantined files from the Windows ...
1 year ago Blog.fox-it.com
Extended Detection and Response: The Core Element of Zero-Trust Security - Extending and enhancing threat detection and response capabilities in the face of a growing attack surface is the primary result of XDR when it comes to security efficacy. This outcome can contribute not only to comprehensive protection but also to ...
1 year ago Securityboulevard.com
Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team - AI is quickly becoming a force multiplier-presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. Microsoft Copilot for Security is already showing immediate impact for security teams ...
1 year ago Microsoft.com
Netography Fusion Expands Microsoft Integrations for Greater Context Enrichment and Faster Compromise Detection - We've got great news for companies that have deployed Microsoft security products in their tech stack - the Netography Fusion® Network Defense Platform now ingests context from Microsoft Defender for Endpoint product and the Microsoft Defender XDR ...
1 year ago Securityboulevard.com
Azure MACC Credits Gathering Dust? Use Them to Get the Best Prevention-First Security - As we enter 2024, your organization may have unused MACC or Azure commit-to-consume credits as your annual renewal date draws near. Whether you have credits that will soon expire or are starting to plan your Azure spend for the next 12 months, Check ...
1 year ago Blog.checkpoint.com
​​Microsoft is a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms - It's no secret that ransomware is top of mind for many chief information security officers as the number of attacks has increased exponentially. Scaling device protection and security operations center efficiency by simplifying, automating, and ...
1 year ago Microsoft.com
Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com
Windows Defender Best Practices - Optimizing Endpoint Protection - Microsoft Defender for Endpoint has emerged as a critical tool in this landscape, offering AI-driven threat detection, automated response, and integration with broader security ecosystems like Microsoft Defender XDR. By combining Defender’s native ...
1 month ago Cybersecuritynews.com
Microsoft Defender adds detection of unsecure Wi-Fi networks - If you're not a Microsoft Defender user with a Microsoft 365 Family or Personal subscription, you can also protect yourself by enabling multi-factor authentication on as many of your accounts as possible and turning off automatic Wi-Fi connections to ...
8 months ago Bleepingcomputer.com
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR For Maximum Protection - To effectively counter these threats, organizations must integrate Digital Forensics, Extended Detection and Response (XDR), and Endpoint Detection and Response (EDR) into a unified security framework. It involves two main components: digital ...
1 month ago Cybersecuritynews.com
Extended Detection and Response (XDR) - CISO Investment Trends - By consolidating telemetry data and applying advanced analytics, XDR enables security teams to prioritize high-fidelity alerts and accelerate incident resolution a critical advantage in an era when median breach costs exceed $4.5 million. Proactive ...
1 month ago Cybersecuritynews.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Microsoft Defender will isolate undiscovered endpoints to block attacks - Since June 2022, Defender for Endpoint has also been able to isolate hacked and unmanaged Windows devices, blocking all communication to and from the compromised devices to stop attackers from spreading through victims' networks. Microsoft also ...
2 months ago Bleepingcomputer.com
SentinelOne vs Palo Alto Cortex XDR: Which Tool is Best? - SentinelOne and Palo Alto are two of the top brands in this space, and this comparison will help you decide if either one of the company's tools is right for you. SentinelOne's Singularity platform offers four subscription tiers that include their ...
1 year ago Techrepublic.com
Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)