Microsoft

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days 2026-05-13 at 00:31 By Zeljka Zorz Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than […]

Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days Read More »

Microsoft Patches 137 Vulnerabilities

Microsoft Patches 137 Vulnerabilities 2026-05-12 at 21:50 By Ionut Arghire Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence. The post Microsoft Patches 137 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 137 Vulnerabilities Read More »

One keypress is all it takes to compromise four AI coding tools

One keypress is all it takes to compromise four AI coding tools 2026-05-08 at 01:14 By Mirko Zorz Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you

One keypress is all it takes to compromise four AI coding tools Read More »

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations 2026-05-05 at 17:45 By Eduard Kovacs The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations appeared first on SecurityWeek. This article is an excerpt

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations Read More »

AI is speeding up nation-state cyber programs

AI is speeding up nation-state cyber programs 2026-04-24 at 08:40 By Mirko Zorz Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and diplomatic tools.

AI is speeding up nation-state cyber programs Read More »

OneDrive updates focus on AI, access control, and compliance

OneDrive updates focus on AI, access control, and compliance 2026-04-22 at 13:48 By Anamarija Pogorelec Microsoft OneDrive’s recent updates focus on improving intelligence, collaboration, and administrative control. “Last year, we made a promise: your files should work for you, not the other way around. That meant reimagining OneDrive not just as a place to store

OneDrive updates focus on AI, access control, and compliance Read More »

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild 2026-04-17 at 14:32 By Zeljka Zorz The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild Read More »

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest 2026-04-16 at 15:03 By Eduard Kovacs Researchers found more than 80 high-impact cloud and AI vulnerabilities during the event, which had a $5 million prize pool. The post Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest appeared first on

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest Read More »

Windows is getting stronger RDP file protections to fight phishing attacks

Windows is getting stronger RDP file protections to fight phishing attacks 2026-04-16 at 01:19 By Sinisa Markovic Microsoft has introduced new Windows protections starting with the April 2026 security update to reduce phishing attacks that abuse Remote Desktop (.rdp) files. With these updates, the Remote Desktop Connection app displays stronger warning dialogs before a connection

Windows is getting stronger RDP file protections to fight phishing attacks Read More »

Microsoft ends desktop detour for sensitivity labels in Office web apps

Microsoft ends desktop detour for sensitivity labels in Office web apps 2026-04-15 at 01:42 By Sinisa Markovic Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. Specifying users in the Permissions dialog (Source: Microsoft) Users can now apply sensitivity

Microsoft ends desktop detour for sensitivity labels in Office web apps Read More »

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities 2026-04-14 at 22:26 By Eduard Kovacs Experts say this is the second-largest Microsoft Patch Tuesday ever based on CVE count. The post Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities Read More »

BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings

BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings 2026-04-13 at 17:31 By Kevin Townsend Claims that “Microsoft is running one of the largest corporate espionage operations in modern history” face scrutiny as researchers analyze LinkedIn’s browser extension probing The post BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings appeared first on

BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings Read More »

AI-enabled device code phishing campaign exploits OAuth flow for account takeover

AI-enabled device code phishing campaign exploits OAuth flow for account takeover 2026-04-07 at 14:59 By Anamarija Pogorelec A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research

AI-enabled device code phishing campaign exploits OAuth flow for account takeover Read More »

GitHub Copilot CLI gets a second-opinion feature built on cross-model review

GitHub Copilot CLI gets a second-opinion feature built on cross-model review 2026-04-07 at 12:56 By Anamarija Pogorelec Coding agents make decisions in sequence: a plan is drafted, implemented, then tested. Any error introduced early compounds as subsequent steps build on the same flawed assumption. Self-reflection is a recognized mitigation technique, and one GitHub Copilot already

GitHub Copilot CLI gets a second-opinion feature built on cross-model review Read More »

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches 2026-04-03 at 14:57 By Anamarija Pogorelec Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches Read More »

Microsoft releases open-source toolkit to govern autonomous AI agents

Microsoft releases open-source toolkit to govern autonomous AI agents 2026-04-03 at 08:39 By Anamarija Pogorelec AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, AutoGen, CrewAI, and Azure AI Foundry Agent Service have made this kind of autonomy straightforward to

Microsoft releases open-source toolkit to govern autonomous AI agents Read More »

Microsoft adds high-volume email sending to Exchange Online

Microsoft adds high-volume email sending to Exchange Online 2026-04-02 at 07:58 By Anamarija Pogorelec Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll notifications, IT alerts, and security advisories, without running into the sending limits designed for person-to-person email. Microsoft

Microsoft adds high-volume email sending to Exchange Online Read More »

Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost

Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost 2026-03-31 at 16:05 By Anamarija Pogorelec Microsoft released Windows 11 Insider Preview Build 29558.1000 to the Canary Channel, part of the optional 29500 build series. The build carries a set of changes focused on the Windows Console, a

Windows 11 gets a rebuilt console engine with regex search, Sixel images and a 10x speed boost Read More »

Microsoft hands Entra ID users new option for MFA

Microsoft hands Entra ID users new option for MFA 2026-03-25 at 12:46 By Anamarija Pogorelec Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, expanding support for third-party identity providers. Configure external MFA in Microsoft Entra ID (Source:

Microsoft hands Entra ID users new option for MFA Read More »

Microsoft details AI prompt abuse techniques targeting AI assistants

Microsoft details AI prompt abuse techniques targeting AI assistants 2026-03-24 at 14:02 By Anamarija Pogorelec Prompt abuse occurs when crafted inputs manipulate an AI system into producing unintended behavior, such as attempting to access sensitive information or overriding built-in safety instructions. Prompt injection is also recognized as one of the top risks in the 2025

Microsoft details AI prompt abuse techniques targeting AI assistants Read More »

Scroll to Top