Identity Security
The latest Identity Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Attackers Are Tricking Microsoft Users Into Adding Rogue Passkeys—Here’s the Fix
A vishing campaign that preys on Microsoft 365 users—persuading them by phone to enroll attacker-controlled passkeys—has been active since early 2025, security firm Okta warned on Wednesday. The...
FedRAMP High Stamp Clears Quest Entra ID Tools for Federal Government Use
Quest Software announced on July 8 that its Identity Defense and Identity Recovery for Microsoft Entra ID products have achieved FedRAMP High authorization, making them available as a fully vetted...
Microsoft Silently Patches Entra Provisioning Elevation‑of‑Privilege Flaw – No KB Required
Microsoft this week listed CVE‑2026‑57100, an elevation‑of‑privilege vulnerability in the Microsoft Entra Provisioning Service, marking one of the first cloud‑centric patches of the year to...
Stop ConsentFix Phishing: Lock Down OAuth App Consent in Microsoft Entra ID Now
A new breed of phishing attack is automating the theft of Microsoft 365 access tokens—and it works by exploiting a single, often-overlooked setting in every Entra ID tenant. Security researchers...
Microsoft 365 Password-Spraying Surge and Teams Bot Flaw Highlight Identity Security Crisis
A cascade of security failures erupted across the tech landscape this week, exposing how fragile the boundaries of identity, privacy, and artificial intelligence have become. Apple’s vaunted Hide...
Copilot Studio Will Soon Block Agent Sharing That Leaks Maker Credentials
Microsoft is turning Copilot Studio’s warnings into hard blocks. Starting with a public preview in July 2026, the low-code agent-building platform will enforce safe sharing policies—preventing...
Microsoft’s Sachin Gandhi: Enterprise AI Agents Need Immutable Audit Trails and Ironclad Governance
SAN FRANCISCO — At the Cloud Wars keynote on June 29, 2026, Microsoft Principal R&D Solution Architect Sachin Gandhi delivered a blunt message to enterprises deploying AI agents: without robust...
AI-Driven Threats Reshape Identity Security: Microsoft Entra Recovery, Biometrics, and Bot Defenses Take Center Stage
The week of June 26, 2026, marked a pivotal moment for identity security as a wave of announcements from Microsoft and leading vendors tackled the escalating risks posed by artificial intelligence....
AI-Driven Bots Now Dominate Web Traffic, Scanning Tens of Thousands of Vulnerabilities Per Second
Automated bots, increasingly accelerated by artificial intelligence, have surpassed human traffic as the dominant force on the web in 2025, and security researchers are sounding the alarm: these...
Netwrix 1Secure launches instant Copilot risk scans as AI governance pressures mount
Netwrix, a Frisco, Texas-based cybersecurity vendor specializing in data security and identity governance, today announced a significant expansion of its 1Secure SaaS platform aimed at addressing the...
Machine-Speed AI Agents Storm Identiverse 2026: Can Identity Security Keep Up?
The enterprise identity world converged on Las Vegas last week for Identiverse 2026, and one theme dominated every keynote, every hallway conversation, and every vendor demo: AI agents. Not the...
Ransomware Gangs Exploit Edge Device Flaws to Breach Enterprise Defenses
Enterprise networks are now more likely to be compromised through a neglected firewall or VPN appliance than a phishing email. Security Affairs Round 582, the latest cybersecurity intelligence digest...