Microsoft
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)
Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the …
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password …
The AI backdoor your security stack is not built to see
Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious …
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent …
Microsoft’s WinUI agent plugin trims token use by over 70% during development
Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX …
Microsoft turns Copilot Studio into an AI agent control center
The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent …
Microsoft’s agentic security system found four critical Windows RCE flaws
Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows …
Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days
Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly …
Dirty Frag: Unpatched Linux vulnerability delivers root access
A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag …
One keypress is all it takes to compromise four AI coding tools
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The …
Teams calls are about to get a lot harder to fake
Microsoft Teams Calling is getting a new feature that will warn users about suspicious inbound VoIP calls from first-time external callers who might be impersonating trusted brands.
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender …
Featured news
Resources
Don't miss
- Why AI changed the threat model for travel technology
- AI red teaming agents change how LLMs get tested
- Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
- TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
- Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)