SecurityMicrosoft has warned of active exploitation involving the newly disclosed Dirty Frag Linux local privilege escalation vulnerability, which can help attackers move from a low-privileged account to root. The issue affects kernel networking components such as esp4, esp6, and rxrpc, making it especially important for administrators to review module exposure, restrict local access, and prepare for vendor kernel patches.
3 min read · May 8, 2026
SecurityMicrosoft Defender researchers disclosed two fixed vulnerabilities in Semantic Kernel that could let prompt injection escalate into host-level remote code execution in AI agents. The findings matter because they show how unsafe tool parameter handling in agent frameworks can turn natural language inputs into code execution paths, raising the stakes for organizations building or securing AI-powered apps.
3 min read · May 7, 2026
SecurityMicrosoft outlined major passkey and account recovery updates across Entra ID, Windows, External ID, and Microsoft Password Manager as part of World Passkey Day. The changes matter for IT teams because they expand phishing-resistant sign-in options, improve recovery security, and continue the retirement of weaker authentication methods such as security questions.
3 min read · May 7, 2026
SecurityMicrosoft says it has been named an Overall Leader and Market Leader in KuppingerCole Analysts’ 2026 Emerging AI Security Operations Center report. The announcement highlights Microsoft’s push beyond traditional SOAR toward AI-driven, agent-assisted security operations in Sentinel and Security Copilot to help SOC teams improve speed, consistency, and scale.
3 min read · May 6, 2026
SecurityMicrosoft has identified a new ClickFix-style campaign targeting macOS users with fake troubleshooting and utility instructions hosted on blogs and content platforms. Instead of downloading apps, victims are tricked into running Terminal commands that bypass typical macOS app checks and deploy infostealers such as Macsync, SHub Stealer, and AMOS.
3 min read · May 6, 2026
SecurityMicrosoft has detailed a large-scale adversary-in-the-middle (AiTM) phishing campaign that used fake code-of-conduct investigations to steal authentication tokens. The attack combined polished social engineering, staged CAPTCHA pages, and a legitimate Microsoft sign-in flow, highlighting why phishing-resistant protections and stronger email defenses matter.
3 min read · May 6, 2026
SecurityMicrosoft has detailed CVE-2026-31431, a high-severity Linux local privilege escalation flaw that can grant root access across major distributions and cloud-hosted workloads. The issue matters because it affects shared-kernel environments such as containers and Kubernetes, increasing the risk of container escape, lateral movement, and host compromise if systems are not patched quickly.
3 min read · May 2, 2026
SecurityMicrosoft Agent 365 is now generally available for commercial customers, giving IT and security teams a unified control plane to observe, govern, and secure AI agents across Microsoft 365, endpoints, and cloud environments. New preview capabilities also extend visibility to shadow AI, local Windows agents, multicloud agent platforms, and policy-based controls through Defender and Intune.
3 min read · May 1, 2026
SecurityMicrosoft reports 8.3 billion phishing emails detected in Q1 2026, with QR code phishing more than doubling and CAPTCHA-gated campaigns evolving quickly. The findings matter for security teams because attackers are shifting toward link-based credential theft, while disruption efforts against Tycoon2FA show coordinated action can reduce phishing impact.
3 min read · Apr 30, 2026
SecurityMicrosoft has announced new security capabilities across Agent 365, Defender for Cloud, GitHub Advanced Security, and Microsoft Purview. The updates focus on improving visibility into AI agent activity, strengthening code-to-runtime protection, and accelerating data security investigations for security and IT teams.
3 min read · Apr 30, 2026
SecurityMicrosoft has published a practical framework for CISOs and security leaders to run more effective risk reviews amid rising AI-enabled cyberthreats. The guidance focuses on eight review areas—from assets and applications to authentication, authorization, and network isolation—to help organizations shift from reactive response to proactive risk reduction.
3 min read · Apr 29, 2026
SecurityMicrosoft Sentinel UEBA now adds richer behavioral analytics for AWS CloudTrail data, giving security teams built-in context like first-time geography, uncommon ISP, unusual actions, and abnormal operation volume. The update helps defenders detect suspicious AWS activity faster and reduces the need for complex KQL baselines and manual enrichment.
3 min read · Apr 28, 2026