Rabia Noureen

SolarWinds’ Serv‑U 15.5.4 update fixes multiple high‑risk vulnerabilities that could have allowed attackers to gain full system control. The patches close critical security gaps that previously enabled root‑level remote code execution. Serv‑U is a secure, multi‑protocol file transfer server that enables organizations to send, receive, and manage data efficiently across internal and external networks. It…

Microsoft has rolled out a new set of features and enhancements for Microsoft Defender for Endpoint this month. These updates expand its security, visibility, and management capabilities across enterprise environments. Microsoft has introduced a new Library management experience in preview in the Defender portal. This new feature allows security analysts to view and manage files…

Microsoft’s newly announced end-of-support deadlines for several legacy Windows platforms have triggered heightened urgency across enterprise IT environments. As security patches and technical support near expiration, organizations are under increasing pressure to remediate risk exposure before unpatched vulnerabilities create operational and compliance liabilities. The Windows 10 Extended Security Updates (ESU) program gives organizations a simple…

Threat actors are actively abusing Microsoft’s OAuth 2.0 Device Authorization flow to compromise Microsoft Entra (formerly Azure AD) accounts without triggering traditional phishing red flags. The attackers leverage social engineering techniques to trick victims into entering attacker-generated device codes on legitimate Microsoft login pages to obtain valid access and refresh tokens. According to a new…

Chinese state-sponsored hackers have quietly leveraged a hard-coded credential flaw in Dell RecoverPoint for Virtual Machines for nearly two years, weaponizing it as a powerful zero-day entry point. The vulnerability grants attackers deep, persistent access to compromised environments, which enables long-term lateral movement and covert control over virtualized infrastructure. RecoverPoint for Virtual Machines (RP4VM) is…

Microsoft has announced a public preview of automatic zone balance for Azure Virtual Machine Scale Sets, expanding its resiliency toolkit for enterprise cloud deployments. The capability is built to proactively safeguard workloads by maintaining balanced VM distribution and minimizing the impact of unexpected availability zone failures. Azure Virtual Machine Scale Sets (VMSS) provide a way…

Microsoft has acknowledged a newly discovered bug that allowed Microsoft 365 Copilot to summarize confidential emails without proper authorization. The flaw effectively bypassed data loss prevention (DLP) policies, compromising safeguards designed to prevent sensitive information from being accessed or processed by automated systems. Microsoft 365 Copilot Chat is an AI‑powered, enterprise‑ready chat experience that lets…

Microsoft has introduced a new Library Management experience in Microsoft Defender. This new feature is aimed at transforming how security analysts manage scripts and tools during live response investigations. Security analysts have long struggled with a fragmented, inefficient process for using scripts and tools during live threat investigations. Assets had to be uploaded in the…

The anticipated mass departure from VMware never materialized, but the industry is now experiencing a strategic shift as organizations reassess their virtualization roadmaps. Broadcom’s sweeping changes have prompted IT leaders to steadily diversify their infrastructure choices. CloudBolt Software released a report dubbed “The Mass Exodus That Never Was: The Squeeze Is Just Beginning.” This survey…

Microsoft is retiring the -Credential parameter in the Exchange Online PowerShell module, effective for all versions released after June 2026. This change marks a shift toward modern, more secure authentication methods for administrators. In the Exchange Online PowerShell module, the -Credential parameter lets administrators pass a PSCredential object (username and password) to the Connect-ExchangeOnline cmdlet…

As AI adoption surges toward a trillion annual enterprise transactions, IT leaders now face an attack surface expanding faster than traditional security models can contain. With nearly 40% of AI activity being blocked due to data‑exposure risks, the stakes for governing AI securely have never been higher. According to Zscaler ThreatLabz’ 2026 AI Security Report,…

The US Cybersecurity and Infrastructure Security Agency has warned about a critical remote code execution (RCE) vulnerability in Microsoft Configuration Manager (ConfigMgr/SCCM). The vulnerability has rapidly escalated into a significant national‑level concern following the release of public exploit code. Microsoft Configuration Manager is an enterprise management platform that helps organizations centrally deploy software, enforce security…