Rabia Noureen

Microsoft has quietly patched a critical flaw in Microsoft 365 Copilot that could allow hackers to access and summarize enterprise files without generating any record in the audit log. This loophole meant attackers could steal sensitive data while leaving no trace for security teams to detect. In a blog post, Zack Korman, CTO of cybersecurity…

Cybercriminals have found a clever new way to exploit Active Directory Federation Services (ADFS) and generate legitimate-looking Office.com URLs that secretly redirect users to phishing sites. This tactic not only makes the malicious links appear trustworthy but also allows attackers to slip past traditional security filters with ease. Active Directory Federation Services (ADFS) is a…

Microsoft has detailed its roadmap to make its products and services quantum-safe by 2033. The company plans to begin rolling out quantum-resistant capabilities for early deployment by 2029, giving organizations ample time to prepare for the quantum era. Microsoft has launched the Quantum Safe Program (QSP) to prepare its entire ecosystem for the security challenges…

Microsoft Defender for Identity has introduced a new AI-powered posture alert designed to help administrators quickly identify potential credential exposure in Active Directory. This feature provides organizations with an edge in preventing breaches before attackers can exploit them. Microsoft mentioned that this new feature addresses the critical issue of accidental credential exposure. This problem occurs…

Microsoft has rolled out a new out-of-band (OOB) update for Windows 11 and Windows 10. This emergency patch aims to fix a critical bug that broke reset and recovery tools after the August 2025 Patch Tuesday updates. Microsoft acknowledged this issue on its Windows release health dashboard on August 18. This new bug triggers when…

Microsoft’s newest Windows security update is unexpectedly causing problems for SSD storage, with reports linking the issue to last week’s KB5063878 patch. The bug has left Windows 11 users facing drive errors and potential data loss. According to X user Nekorusukii (@Necoru_cat), the latest Microsoft Defender update introduces a bug causing some storage drives to…

Microsoft has launched Project Ire, an AI-powered solution designed to detect and analyze malware. This new offering aims to enhance the detection and mitigation of software threats in real-time. This new Project Ire is built through a collaboration between Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum. It utilizes advanced language models, reverse…

Microsoft has patched an issue that was breaking Windows updates when deployed via the Windows Update Standalone Installer (WUSA) from a network share. This bug hit systems running Windows 11 version 24H2 and Windows Server 2025. The Windows Update Standalone Installer (WUSA) is a built-in Windows utility that allows users to manually install update packages…

As AI agents become more embedded in daily operations, organizations are beginning to recognize the critical role of identity security in managing these digital entities. According to new research from Okta, most IT leaders still lack a mature strategy to govern non-human identities, which pose a growing risk to enterprise security. Okta conducted a global…

Microsoft has introduced Prompt Orchestration Markup Language (POML), a new open-source framework that streamlines the design and coordination of AI prompts for developers. POML is built for multi-agent systems and it enables more structured, scalable, and adaptable AI workflows. Prompt Orchestration Markup Language (POML) is an open-source framework developed to simplify the design and coordination…

Cybercriminals are evolving their tactics and now targeting even the most phishing-resistant protections like FIDO by deceiving users into downgrading their authentication. Proofpoint’s latest research details how attackers manipulate browser behavior and deploy custom phishing kits to compromise accounts that were once considered secure. Passkey (FIDO2) authentication is a modern, passwordless login method that uses…

Semperis has recently launched EntraGoat, a new open-source tool that configures an intentionally vulnerable simulation environment for Microsoft Entra ID (formerly Azure AD). It’s designed to help security teams safely explore and understand identity-based attacks in a controlled, hands-on lab setting. Modern Entra ID setups often contain hidden risks that can be easily exploited by…