Microsoft Rolls Out AI-Powered Agent Mode For Office Applications - 1

Image by Ed Hardie, from Unsplash

Microsoft Rolls Out AI-Powered Agent Mode For Office Applications

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Microsoft is expanding its AI tools in Office apps with the rollout of Agent Mode and Office Agent in Microsoft 365 Copilot.

In a rush? Here are the quick facts:

  • Agent Mode is now available in Excel and Word, with PowerPoint coming soon.
  • Excel’s Agent Mode can generate formulas, analyze data, and create visualizations.
  • Word’s Agent Mode streamlines drafting, editing, and formatting through conversation.

The update brings new features that improve spreadsheet and document creation and presentation development through interactive tools which minimize manual work.

“Today, we’re bringing vibe working to Microsoft 365 Copilot with Agent Mode in Office apps and Office Agent in Copilot chat,” the company said , framing the move as part of a shift toward closer human–AI collaboration.

Agent Mode is launching in Excel and Word, with PowerPoint to follow. The AI models in Excel perform advanced data analysis, generate formulas, and build visualizations. Microsoft says that the system can also check its own results and correct errors, making the spreadsheet more accessible to non-experts.

The system accepts user commands which include “Run a full analysis on this sales data set. I need essential business data which will form the basis for my company decision-making process. Make it visual.”

Word offers Agent Mode as a functionality which enables users to enhance their document creation and editing work flow. A prompt like “summarize recent customer feedback and highlight key trends” produces a draft that Copilot can refine through follow-up questions, and formatting suggestions. The company describes this as shifting document creation into a more conversational process.

Office Agent, built into Copilot’s chat, is focused on creating PowerPoint presentations and Word documents. It begins by clarifying what the user wants, gathers information online, and then produces a structured draft. Users have the ability to modify content and visual elements before making their final choices through the standard Office applications.

Fake Teams Installer Evades Detection, Targets Enterprise Users - 2

Image by Mika Baumeister, from Unsplash

Fake Teams Installer Evades Detection, Targets Enterprise Users

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A new cyber campaign is using fake Microsoft Teams installers to infect users with the Oyster backdoor, also known as Broomstick.

In a rush? Here are the quick facts:

  • Fake Microsoft Teams installers are spreading via SEO poisoning and malvertising.
  • Execution installs the Oyster backdoor, also known as Broomstick, on the system.
  • Oyster enables remote access, system profiling, and delivery of additional payloads.

Security researchers at Blackpoint SOC are warning that attackers are redirecting Teams search results to fake websites that mimic the original Teams interface. They do this through a combination of SEO poisoning, and malvertising attacks.

The ad link directed users to a deceptive installer called ‘MSTeamsSetup.exe’ which presents itself as authentic yet performs harmful operations.

The trojanized installer performs its operations by installing a DLL called ‘ CaptureService.dll ’ in a random folder under ‘%APPDATA%\Roaming’ and creates a scheduled task to ensure persistence.

Oyster functions as a standard Windows process to execute additional payloads through its operation. These include remote access creation and system information collection.

The campaign mirrors earlier fake PuTTY operations, showing a recurring trend of attackers abusing trusted software brands for initial access. Blackpoint SOC noted, “By attaching a digital signature, threat actors aim to bypass basic trust checks and reduce suspicion from both end users and security controls that flag unsigned executables.”

The Oyster system maintains contact with attacker domains ‘nickbush24[.]com’ and ‘techwisenetwork[.]com’ to achieve long-term stealthy access. The use of well-known software brands and manipulated search results increases the likelihood of successful compromise while evading casual detection.

Organizations are urged to download collaboration tools only from verified Microsoft domains and avoid relying on search engine results.

“Personnel should use bookmarks and verified vendor domains when downloading software and remain vigilant to the fact that even common productivity tools can be abused as vehicles for malware delivery,” Blackpoint SOC advised.

This campaign highlights the ongoing risk of SEO-based attacks combined with commodity malware, demonstrating that even familiar enterprise software can be weaponized against unsuspecting users.