Nonprofit Security
The latest Nonprofit Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Account Hacks Bypass 2FA: The Datacenter IP Mystery Explained
A surge of reports reveals Microsoft accounts with 2FA are being accessed from IPs inside Microsoft’s data centers. Technical analysis points to legitimate cloud routing, non-interactive legacy auth, and OAuth token theft as key mechanisms. Microsoft’s mid-2025 security defaults help, but users and admins must take immediate action to secure accounts.
Windows 10's KB5065429 Update Seals ESU Bridge and Patches 80+ Vulnerabilities Before October 14 Shutdown
Microsoft’s KB5065429 update for Windows 10 arrives with fixes for over 80 vulnerabilities and restores the in-product ESU enrollment mechanism, just weeks before the October 14, 2025 end-of-support deadline. The update is essential for users planning to use the one-year consumer ESU bridge, which offers a $30 paid option or free routes via Microsoft Rewards or Windows Backup. IT teams should pilot the patch and plan migration to Windows 11 or ESU enrollment immediately.
Microsoft Defender Antivirus Now Matches Paid Suites in Protection, Lab Tests Confirm
Independent tests from AV‑TEST and AV‑Comparatives confirm that Microsoft’s free Windows antivirus now rivals or exceeds many paid products in protection and performance. Deep OS integration, cloud intelligence, and ransomware shields make it ideal for most home users, though specialist needs may still justify third‑party suites. Configuring a few key settings transforms the built‑in tool into a comprehensive, low‑maintenance security stack.
Microsoft Tests Full-Screen Windows 11 Boot Prompt to Push Microsoft 365 Renewals, Sparking Backlash
Microsoft is testing a full-screen, boot-time subscription renewal prompt in Windows 11 Insider builds using the SCOOBE framework. The experiment has triggered sharp criticism from users and IT administrators over productivity disruptions, phishing risks, and platform trust erosion. While official Insider notes frame it as a helpful reminder, community testers describe it as a blocking modal that could set a dangerous precedent for in-OS advertising.
Microsoft Trials Full-Screen Renewal Alerts for Microsoft 365 in Windows 11 Previews
Microsoft is testing a full-screen billing reminder in Windows 11 Insider builds that repurposes the SCOOBE interface to warn Microsoft 365 subscribers about subscription issues. The intrusive design has sparked backlash over coercion, phishing risks, and user experience, though users can disable it via Settings or registry tweaks.
Why IT Teams Are Racing to Learn These Windows 11 Shortcuts Before October 2025
As Windows 10’s end-of-support approaches, mastering a handful of Windows 11 keyboard shortcuts can dramatically speed up workflows, reduce distractions, and bolster security. Starting with a core set of 10 essential shortcuts—from basic clipboard commands to Snap layouts and virtual desktops—users can reclaim hours of productivity. PowerToys extends customization for power users, while training programs ensure teams adopt these habits at scale.
Unlocking Windows 11's Hidden Superpowers: Snap Layouts, Focus Sessions, and Beyond
Windows 11 includes overlooked features like Snap Layouts, Focus Sessions, Clipboard History, and passkeys that can save hours per week. This guide covers how to enable them, their real-world benefits, and the privacy trade-offs to consider.
Firefox’s Enterprise-Only AI Kill Switch Betrays Consumer Trust, Sparks Privacy Backlash
Mozilla has introduced an enterprise policy to disable all generative AI features in Firefox, giving IT admins a one-click kill switch through Group Policy or Intune. However, the company has not provided a similar toggle for regular users, who must resort to hidden about:config preferences to opt out. The decision has sparked backlash among privacy-conscious consumers and highlights a growing divide between enterprise governance and individual control in the browser.
CVE-2025-53136: Windows 11 Update Leaks Kernel Pointers, Defeating KASLR
A security update for Windows 11 24H2 and Windows Server 2022 inadvertently introduced CVE-2025-53136, a kernel info-leak that exposes memory addresses and undermines KASLR, enabling local privilege escalation when chained with other bugs. Patches are available; organizations should deploy them immediately and implement detection measures.
1,224 Vulnerabilities, 129+ PoCs: Inside the Patch Tuesday Deluge Threatening Enterprise and ICS Systems
A massive Patch Tuesday cycle saw 1,224 vulnerabilities disclosed in a week, with over 129 already having public proof-of-concept exploits. The surge includes critical flaws in SAP, Sophos, Android, Adobe Commerce, Fortinet, and Honeywell ICS systems, narrowing the window for defenders. Immediate patch triage based on exposure, impact, and exploitability is essential to mitigate risks.
Konica Minolta Brings CAC/PIV Secure Print to Microsoft 365 GCC High with PKI Cloud Suite
Konica Minolta launched the PKI Cloud Suite for Microsoft 365 GCC High, enabling CAC/PIV authenticated printing and scanning on bizhub MFPs with zero on-premises servers. The solution integrates natively with Entra ID and Universal Print, closing a critical zero-trust gap for defense and civilian agencies. It is available immediately through federal partners, with tiered licensing and a free upgrade path for existing customers.
FBI Alerts to Kali365 Phishing-as-a-Service Hijacking Microsoft 365 Accounts Using Device Codes
The FBI warns that the Kali365 phishing-as-a-service platform is exploiting Microsoft’s device-code flow to hijack Microsoft 365 accounts, bypassing MFA and conventional defenses. This in-depth article explains how the attack works, why it’s so effective against Windows-centric organizations, and what administrators and users can do to stop token theft before it happens.
Intel Ships Wi-Fi and Bluetooth Drivers 24.50.0 with Major 6GHz Boosts for Windows 11
Intel's new Wi-Fi 24.50.0 and Bluetooth 24.50.0 drivers for Windows 11 and 10 deliver faster 6GHz performance, improved roaming, and critical security fixes. The update boosts throughput, reduces latency, and resolves Bluetooth audio stuttering, making it a essential upgrade for Intel wireless adapter users.