Rabia Noureen

Security experts are warning that Tycoon 2FA remains a serious threat, even after a major law‑enforcement operation dismantled the phishing‑as‑a‑service platform last month. While the takedown disrupted its infrastructure, the techniques behind Tycoon 2FA have quietly spread across other phishing operations. According to a new report from Barracuda, the March 2026 law‑enforcement operation disrupted Tycoon…

Microsoft has acknowledged a critical issue causing some Windows Server domain controllers to enter repeated restart loops after installing the April 2026 security update (KB5082063). The problem impacts both existing environments and newly deployed domain controllers, which complicates recovery and rollout efforts for IT administrators. This problem is caused by crashes in the Local Security…

Microsoft has introduced a new Backup and Recovery feature in public preview in the Entra admin center. This new built-in solution helps organizations restore critical Entra directory objects after accidental changes or security incidents. “Microsoft Entra Backup and Recovery takes backups of supported objects automatically, once a day, retaining up to five days of backup…

Microsoft has committed to providing security updates for all old versions of Exchange Server and Skype for Business. This new phase of the Extended Security Update (ESU) program is designed for customers who need more time to migrate to supported versions of the products. Microsoft’s Extended Security Update (ESU) program is a paid option that…

Microsoft has just released the April 2026 Patch Tuesday updates for all supported versions of Windows 11. This month, Microsoft fixed 163 new vulnerabilities in Windows, Office, Microsoft Edge, Azure, Hyper-V Server, BitLocker, and the Windows Wallet Service. On the quality and experience updates front, Microsoft released a new patch that brings several new features…

Microsoft has launched a new monitoring and reporting platform for Windows 365 in public preview, aimed at simplifying Cloud PC management. The solution unifies health, performance, and configuration insights into a single Microsoft Intune experience. Windows 365 Cloud PC monitoring data has been fragmented, hard to access, and inefficient to use, which makes it difficult…

Non-human identities, service accounts, and AI agents are exploding across modern environments, and security teams aren’t keeping up. As organizations hand real access and autonomy to non‑human identities, attackers are exploiting the gaps, often by simply using trusted credentials rather than breaking in. The SANS 2026 State of Identity Threats & Defenses survey gathered input…

Microsoft has notified its channel partners that prices for Windows 365 Cloud PCs will drop by 20 percent starting on May 1. The move is aimed primarily at making cloud-based desktops more attractive and affordable for small and medium-sized businesses. Windows 365 is a cloud‑based PC service that lets users stream a full Windows desktop…

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive ordering federal civilian agencies to remediate a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). The move comes after confirmed evidence that the flaw is already being actively exploited in real-world attacks. Ivanti Endpoint Manager Mobile (EPMM) is a mobile device management (MDM)…

Outdated operating systems remain common across workplaces, with many organizations still relying on devices that lack critical updates. This lapse in basic security maintenance increases the risk of cyberattacks and leaves sensitive data needlessly exposed. Jamf’s Security 360 Report analyzes data from over a million Mac and mobile devices to show how modern Apple-focused environments…

Microsoft has rolled out a new set of security, governance, and analytics enhancements for Microsoft 365 Copilot, aimed at giving organizations tighter oversight of AI-driven workflows. The updates give administrators more precise tools to monitor usage, enforce policies, and maintain control over how AI is deployed across the enterprise. Microsoft has introduced Purview Data Loss…

Organizations around the world are being quietly breached through a new Microsoft device‑code phishing operation that blends automation and AI to slip past traditional defenses. It allows attackers to hijack a legitimate login process to gain persistent access to corporate email accounts and steal sensitive financial information. This new malicious phishing kit, called EvilTokens, was…