Agent Identity Security
The latest Agent Identity Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
GPU-Z 2.70.0 Security Overhaul Prompts Urgent Update for Windows Users
TechPowerUp releases GPU-Z 2.70.0 with a re-engineered kernel driver to address security vulnerabilities, alongside expanded support for NVIDIA RTX 5000, Intel Arc Battlemage, and Qualcomm Adreno X1 GPUs. The update is crucial for Windows users to mitigate risks from kernel-level attacks and ensure accurate hardware diagnostics.
Windows 11 KB5094126 Update Sparks Boot Failures, BitLocker Recovery on Enterprise PCs
The June 9, 2026 cumulative update KB5094126 for Windows 11 24H2 and 25H2 is triggering boot failures and BitLocker recovery screens on enterprise devices. Reports indicate the issue may be linked to Secure Boot or TPM changes, forcing IT admins to enter recovery keys and roll back the update. Microsoft has yet to respond as companies scramble to mitigate the damage.
Microsoft Patches 209 Vulnerabilities in June 2026 Update, Pushing 2026 CVE Total Past 500
Microsoft released 209 security patches on June 9, 2026, covering 24 product families and pushing the 2026 total beyond 500 CVEs. The massive update demands careful triage and rapid deployment, as IT teams grapple with hundreds of related third-party advisories. The sustained high volume of vulnerabilities highlights the need for automated, risk-based patch management strategies.
EvilTokens Phishing Kit Bypasses MFA: How Device Code Phishing Targets Microsoft 365 in 2026
A phishing-as-a-service kit called EvilTokens is exploiting Microsoft 365's OAuth 2.0 device authorization grant flow to bypass multi-factor authentication. Active in 2026, these campaigns trick users into approving malicious app registrations, granting attackers persistent access to email, files, and services. Organizations must secure their authentication flows with Conditional Access and user education, not just rely on MFA.
Windows Still Runs These 4 Services on Every PC—Here’s Why You Should Disable Them
Windows 10 and 11 run several services by default—like Print Spooler, Smart Card, Distributed Link Tracking, and Windows Search—that many home users never need. This article explains each service's purpose, security implications, and provides step-by-step instructions to safely disable them, helping reclaim system resources and improve security.
DragonForce Ransomware Hides C2 in Microsoft Teams Relays — Here’s How Windows Admins Can Fight Back
The DragonForce ransomware group used a novel technique in December 2025, hiding command-and-control traffic within Microsoft Teams relay infrastructure via a custom Go backdoor. The attack targeted a major U.S. services company, evading detection by blending malicious communications with legitimate Teams media traffic. Windows administrators can mitigate such threats through Zero Trust, advanced endpoint detection, network inspection, and identity hardening.
FBI Flags Kali365: New Phishing-as-a-Service Hijacks Microsoft 365 via OAuth Device Codes
The FBI warns that Kali365, a phishing-as-a-service platform exploiting OAuth device code flow, is actively hijacking Microsoft 365 accounts. The attack bypasses MFA by tricking users into authorizing rogue apps. Organizations should immediately block device code authentication if not needed and strengthen conditional access policies.
Fake Free Software Scams on TikTok Exploiting PowerShell Drop Vidar Infostealer on Windows Systems
A new scam campaign on TikTok and Instagram Reels is tricking Windows users into executing PowerShell commands that install the Vidar infostealer, stealing credentials, crypto wallets, and sensitive files. Security researchers reported the activity on June 11, 2026, warning that the short-form video lures promise free Microsoft Office, Windows activation, and other premium software.
Samsung Abandons Max VPN and Data Saver for Galaxy Phones: What Comes Next After June 2026 Shutdown
Samsung will discontinue its Max VPN and Data Saver app for Galaxy devices on June 15, 2026, concluding a nearly decade-long partnership with Opera Software. The shutdown forces millions of users to find alternatives for data compression and privacy protection, prompting a migration to third-party VPNs and ad blockers. Samsung is pivoting to baked-in One UI security features but offers no direct replacement for the all-in-one tool.
UCC Coffee Goes Hybrid: How a Zero-Downtime Azure Migration Cut Costs and Hardened Security
UCC Coffee partnered with Interactive to migrate front‑end workloads to Microsoft Azure, keeping heavy back‑end systems on‑premises in a hybrid architecture. The zero‑downtime project reduced operational costs through reserved instances and automation, while Azure’s native security tools replaced a fragile legacy posture with proactive, cloud‑grade defences. The case study shows how mid‑market enterprises can achieve cloud benefits without disrupting business‑critical processes.
Edge Password Manager Shake-Up: Custom Primary Password Retires in 2026, Forcing Move to Device Sign-in
Microsoft Edge is retiring the Custom Primary Password feature, with a complete removal planned for June 4, 2026. Existing users are now receiving warnings to migrate to device sign-in using Windows Hello or a PIN, while new users have been unable to enable it since March 5, 2026. The change improves security by leveraging TPM-backed hardware authentication and aligns Edge with Microsoft's passwordless strategy, but requires users and IT administrators to adjust before the deadline.
Google Fixes High-Severity Chrome Flaw That Could Allow Mac Sandbox Escape
Google released Chrome 149.0.7827.103 on June 8, 2026, to fix CVE-2026-11655, a high-severity integer overflow in the Media component on macOS. The vulnerability could let an attacker who had already compromised the renderer escape the sandbox and gain full access. All Mac users should update immediately.
CVE-2026-11647: High-Severity Chrome Android Flaw Enables Sandbox Escape via Printing
Google has patched a high-severity use-after-free vulnerability (CVE-2026-11647) in Chrome for Android's Printing component that could allow sandbox escape. The flaw affects versions before 149.0.7827.103 and was disclosed on June 8, 2026. Users are urged to update immediately to mitigate potential remote code execution risks.