Identity Protection
The latest Identity Protection coverage — news, analysis, and updates from the WindowsNews.AI desk.
Xfinity Breach Payouts: How to Get Up to $10,000 Before the September Deadline
Current and former Xfinity customers whose data was stolen in a massive 2023 cyberattack now have until September 14, 2026, to claim cash payments or reimbursement of up to $10,000 from Comcast’s...
KnowBe4’s Phishing Defense Now Scans Microsoft Teams Chats — Here’s Who Needs It Most
KnowBe4 announced in a July 2026 company blog post that its Defend product can now monitor and automatically remediate phishing threats arriving through external Microsoft Teams chats. The move...
FBI Alert: Kali365 Phishing Kit Bypasses MFA via Device Code Phishing on Microsoft 365
The FBI issued a warning in May 2026 about a new phishing-as-a-service platform called Kali365 that hijacks Microsoft 365 accounts without a single fake login page. The platform, first spotted in...
Windows 11's 2026 Cyber Resilience: New Defenses That Keep Business Running After Attacks
Microsoft has spent the last decade building walls around Windows enterprises, but in 2026 those walls are no longer enough. The company now openly frames cyber resilience—not just prevention—as...
Microsoft Security Chief: AI Adoption Without Identity Protection Is 'Reckless'
Canadian organizations racing to adopt artificial intelligence are ignoring a fundamental security principle at their own peril, Microsoft Canada’s top security official warned today. John...
EvilTokens Phishing Kit Bypasses MFA: How Device Code Phishing Targets Microsoft 365 in 2026
A phishing kit named EvilTokens is behind a fresh wave of attacks targeting Microsoft 365 accounts in 2026. Offered as phishing-as-a-service, the tool exploits a legitimate OAuth 2.0 mechanism—the...
FBI Warns Kali365 Phishing Kit Exploits Microsoft Device Code Flow to Slip Past MFA
The FBI’s Internet Crime Complaint Center (IC3) issued an urgent alert in May 2026 about Kali365, a newly identified phishing‑as‑a‑service platform that is systematically hijacking Microsoft...
CVE-2026-32079: Microsoft's Web Account Manager Vulnerability Leaves Defenders With Limited Guidance
Microsoft has published CVE-2026-32079, documenting an information disclosure vulnerability in the Web Account Manager component, but the security advisory contains minimal actionable information for...
CVE-2026-20849: Critical Kerberos Privilege Escalation Threatens Windows Active Directory Security
Microsoft has issued an urgent security advisory for a critical elevation-of-privilege vulnerability in the Windows Kerberos authentication protocol, tracked as CVE-2026-20849, that poses significant...