Microsoft
Microsoft makes Windows SSO prompts easier to manage
Microsoft is introducing a new registry-based policy that lets IT administrators automatically accept Windows SSO permissions on Windows 11 versions 24H2 and 25H2 devices …
VS Code agent host runs Copilot, Claude, and Codex in a dedicated process
Developers who lean on AI coding agents often keep several editor windows open at once, each tied to its own session. The 1.129 release of Visual Studio Code reworks that …
ClickFix is changing the economics of social engineering
ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to …
AI-driven bug hunting fuels record Microsoft Patch Tuesday
Microsoft has released patches for 570+ vulnerabilities on July 2026 Patch Tuesday, including two that are being leveraged by attackers (CVE-2026-56155 and CVE-2026-56164), …
No one knows how many old shims can still bypass UEFI Secure Boot
The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and …
Microsoft Entra ID authentication overhaul to start in September 2026
Microsoft will begin rolling out passkeys as the default authentication experience for Microsoft Entra ID in the public cloud on September 1, 2026. Organizations with SMS or …
Fake OAuth client IDs are helping attackers slip past sign-in logs
Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, …
Microsoft demystifies how Windows updates work
Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the …
July 2026 Patch Tuesday forecast: Is CVE tracking still practical?
I was off by a month in my forecast of record-setting CVE releases from Microsoft. In June, we saw the deluge of over 200 reported CVEs that I expected in May. There were 116 …
Microsoft is rewriting Windows patch guidance because of AI
Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and …
Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)
Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation …
20 open-source cybersecurity tools to keep your team ready for anything
AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems …
Featured news
Resources
Don't miss
- CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance
- Romania’s land registry hit by cyber attack, data allegedly for sale
- Reading between the lines of a cyber insurance policy
- What public money does to open-source projects
- Ransom demands are down, email is the top way attackers get in