Blog

When a user account becomes locked, account lockout event id 4740 is logged on your domain controllers. It is the primary signal administrators rely on to begin troubleshooting. While the event itself is straightforward, interpreting it correctly and using it effectively to identify the true source of a lockout is not always obvious. What is…

Threat actors are actively abusing Microsoft’s OAuth 2.0 Device Authorization flow to compromise Microsoft Entra (formerly Azure AD) accounts without triggering traditional phishing red flags. The attackers leverage social engineering techniques to trick victims into entering attacker-generated device codes on legitimate Microsoft login pages to obtain valid access and refresh tokens. According to a new…

In this episode of First Ring Daily, Brad Sams and Paul Thurrott discuss recent comments from software engineers Mark Russinovich and Linus Torvalds on how they use AI for coding. 

In this article, I look at Personally Identifiable Information (PII) and why it’s important to identity and protect it in your organization. What is PII data? Personally Identifiable Information (PII) refers to any information that can be used to identify a specific individual. Types of PII Although all personally identifiable information is linked to a…

Chinese state-sponsored hackers have quietly leveraged a hard-coded credential flaw in Dell RecoverPoint for Virtual Machines for nearly two years, weaponizing it as a powerful zero-day entry point. The vulnerability grants attackers deep, persistent access to compromised environments, which enables long-term lateral movement and covert control over virtualized infrastructure. RecoverPoint for Virtual Machines (RP4VM) is…

Microsoft has announced a public preview of automatic zone balance for Azure Virtual Machine Scale Sets, expanding its resiliency toolkit for enterprise cloud deployments. The capability is built to proactively safeguard workloads by maintaining balanced VM distribution and minimizing the impact of unexpected availability zone failures. Azure Virtual Machine Scale Sets (VMSS) provide a way…

Microsoft has acknowledged a newly discovered bug that allowed Microsoft 365 Copilot to summarize confidential emails without proper authorization. The flaw effectively bypassed data loss prevention (DLP) policies, compromising safeguards designed to prevent sensitive information from being accessed or processed by automated systems. Microsoft 365 Copilot Chat is an AI‑powered, enterprise‑ready chat experience that lets…

Microsoft has introduced a new Library Management experience in Microsoft Defender. This new feature is aimed at transforming how security analysts manage scripts and tools during live response investigations. Security analysts have long struggled with a fragmented, inefficient process for using scripts and tools during live threat investigations. Assets had to be uploaded in the…

The anticipated mass departure from VMware never materialized, but the industry is now experiencing a strategic shift as organizations reassess their virtualization roadmaps. Broadcom’s sweeping changes have prompted IT leaders to steadily diversify their infrastructure choices. CloudBolt Software released a report dubbed “The Mass Exodus That Never Was: The Squeeze Is Just Beginning.” This survey…

IT pros are already using AI to write scripts, summarize logs, and troubleshoot issues. The catch? Most workflows still involve a clumsy relay race: copy text from a remote session, paste it into a chatbot, copy the answer back, then repeat. All while hoping you don’t leak something sensitive into chat history. Marc-André Moreau, CTO…

Microsoft is retiring the -Credential parameter in the Exchange Online PowerShell module, effective for all versions released after June 2026. This change marks a shift toward modern, more secure authentication methods for administrators. In the Exchange Online PowerShell module, the -Credential parameter lets administrators pass a PSCredential object (username and password) to the Connect-ExchangeOnline cmdlet…

As AI adoption surges toward a trillion annual enterprise transactions, IT leaders now face an attack surface expanding faster than traditional security models can contain. With nearly 40% of AI activity being blocked due to data‑exposure risks, the stakes for governing AI securely have never been higher. According to Zscaler ThreatLabz’ 2026 AI Security Report,…