Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Windows
Microsoft makes Windows SSO prompts easier to manage

Microsoft is introducing a new registry-based policy that lets IT administrators automatically accept Windows SSO permissions on Windows 11 versions 24H2 and 25H2 devices …

Visual Studio Code
VS Code agent host runs Copilot, Claude, and Codex in a dedicated process

Developers who lean on AI coding agents often keep several editor windows open at once, each tied to its own session. The 1.129 release of Visual Studio Code reworks that …

ClickFix
ClickFix is changing the economics of social engineering

ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to …

patch tuesday
AI-driven bug hunting fuels record Microsoft Patch Tuesday

Microsoft has released patches for 570+ vulnerabilities on July 2026 Patch Tuesday, including two that are being leveraged by attackers (CVE-2026-56155 and CVE-2026-56164), …

open vault
No one knows how many old shims can still bypass UEFI Secure Boot

The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and …

Microsoft Entra ID
Microsoft Entra ID authentication overhaul to start in September 2026

Microsoft will begin rolling out passkeys as the default authentication experience for Microsoft Entra ID in the public cloud on September 1, 2026. Organizations with SMS or …

key
Fake OAuth client IDs are helping attackers slip past sign-in logs

Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, …

Microsoft
Microsoft demystifies how Windows updates work

Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the …

patch tuesday
July 2026 Patch Tuesday forecast: Is CVE tracking still practical?

I was off by a month in my forecast of record-setting CVE releases from Microsoft. In June, we saw the deluge of over 200 reported CVEs that I expected in May. There were 116 …

Microsoft Intune security update status
Microsoft is rewriting Windows patch guidance because of AI

Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and …

Microsoft Windows Defender
Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)

Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation …

open-source cybersecurity tools
20 open-source cybersecurity tools to keep your team ready for anything

AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools