Microsoft
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last …
Microsoft sets a path to switch off NTLM across Windows
Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been …
Microsoft sets new timeline for Sentinel transition to Defender portal
Microsoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, …
Conditional Access enforcement change coming to Microsoft Entra
Microsoft will change how Conditional Access policies are enforced in Microsoft Entra starting March 27, 2026, with a phased rollout continuing through June 2026. The change …
Microsoft brings AI-powered investigations to security teams
Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak …
Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)
Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted …
Microsoft Entra ID will auto-enable passkey profiles, synced passkeys
Starting March 2026, Microsoft Entra ID will automatically enable passkey profiles and introduce support for synced passkeys. Passkey profiles move into general availability …
Inside Microsoft’s veteran-to-tech workforce pipeline
The technology workforce is changing, and military veterans are increasingly being recognized as one of the industry’s most valuable and dependable talent pools. In this Help …
Microsoft introduces winapp, an open-source CLI for building Windows apps
Microsoft has released winapp, a new command line interface aimed at simplifying the process of building Windows applications. The open-source tool targets developers who rely …
Energy sector orgs targeted with AiTM phishing campaign
Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started …
Microsoft updates the security baseline for Microsoft 365 Apps for enterprise
Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications …
Microsoft shuts down RedVDS cybercrime subscription service tied to millions in fraud losses
Microsoft has announced a coordinated legal action in the United States and the United Kingdom to disrupt RedVDS, a global cybercrime subscription service tied to large-scale …
Featured news
Resources
Don't miss
- 88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)
- Buggy Vect ransomware is effectively a data wiper, researchers find
- CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)
- The Exchange Online security controls organizations keep getting wrong
- Identity discovery: The overlooked lever in strategic risk reduction