Live
New SharePoint Analytics Will Reveal What Copilot Cites—Rollout Set for August 2026·MSFT +0.1%Government Cloud Users Can Now Import PST Files Directly into New Outlook Mailboxes·NVDA +3.0%New Outlook now imports calendars and contacts from PST files—but Microsoft's documentation leaves users guessing·GOOGL +1.2%Microsoft Teams to Roll Out Private Message Reminders in September 2026·AMZN +2.9%New Outlook for Government Gets Long-Awaited PST Import—But You’ll Wait Until 2026·MSFT +0.1%Government Cloud Users Finally Get PST Contacts Access in New Outlook·NVDA +3.0%Microsoft Will Let Employees Request Blocked AI Agents in Microsoft 365 Starting July 2026·GOOGL +1.2%Microsoft Purview to Get AI-Powered Policy Tuning in August 2026·AMZN +2.9%New SharePoint Analytics Will Reveal What Copilot Cites—Rollout Set for August 2026·MSFT +0.1%Government Cloud Users Can Now Import PST Files Directly into New Outlook Mailboxes·NVDA +3.0%New Outlook now imports calendars and contacts from PST files—but Microsoft's documentation leaves users guessing·GOOGL +1.2%Microsoft Teams to Roll Out Private Message Reminders in September 2026·AMZN +2.9%New Outlook for Government Gets Long-Awaited PST Import—But You’ll Wait Until 2026·MSFT +0.1%Government Cloud Users Finally Get PST Contacts Access in New Outlook·NVDA +3.0%Microsoft Will Let Employees Request Blocked AI Agents in Microsoft 365 Starting July 2026·GOOGL +1.2%Microsoft Purview to Get AI-Powered Policy Tuning in August 2026·AMZN +2.9%

Passkey Security

The latest Passkey Security coverage — news, analysis, and updates from the WindowsNews.AI desk.

13 stories in view AI assisted desk updated 11:39 PM
Latest Most Read Breaking
Sort
Microsoft Security · Phishing Resistant Mfa

Microsoft’s Internal Security Overhaul Achieves 99.97% Phishing-Proof Logins, Sets 2029 Quantum-Safe Deadline

Microsoft’s July 2026 Secure Future Initiative report shows the company reached 99.97% phishing-resistant MFA coverage internally and plans to complete a post-quantum cryptography transition by 2029. The milestone offers a practical blueprint for IT admins to harden their own environments using available Windows and Entra ID tools.

Security

Corporate Microsoft 365 Users Hit by Vishing Scam That Weaponizes Passkey Enrollment

A threat actor tracked as O-UNC-066 has been targeting corporate Microsoft 365 users since April 2024 with phone-based phishing attacks that trick employees into enrolling a passkey on attacker-controlled devices, leading to account takeover. Okta disclosed the campaign, urging organizations to restrict passkey enrollment to managed devices, enable attestation, and train users on vishing scams.

Security Desk·2h ago ·5 min
Security

Microsoft Tells Admins to Speed Up Emergency Patching with Risk-Based Deployment Rings

Microsoft's new guidance introduces risk-based deployment rings for out-of-band patches, using threat intelligence to dynamically accelerate updates to high-risk devices. This could cut emergency patch deployment from days to hours, but IT admins need to set up guardrails and trust the risk scoring.

Security Desk·3h ago ·5 min
Security

Two Joomla Extensions Under Active Attack: CISA Orders Agencies to Patch File-Upload Flaws

CISA has added two actively exploited file-upload vulnerabilities in Joomla extensions—CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms)—to its Known Exploited Vulnerabilities Catalog. Both flaws allow attackers to upload malicious files and execute remote code, requiring immediate patching for all affected sites. Federal agencies have until April 16, 2025, to remediate, but private organizations should act now to prevent compromise.

Security Desk·4h ago ·5 min
Advertisement
Global Device Identifier · Microsoft Telemetry

Hidden Windows Identifier Exposes VPN User in Federal Case — What Users Need to Know

A newly unsealed federal complaint reveals that law enforcement used Microsoft's persistent Windows Global Device Identifier to link a suspect's online activity across multiple countries and VPN connections to a single device. The case exposes how Windows telemetry can defeat VPN privacy, raising urgent questions for users who assume VPNs provide comprehensive anonymity.

SE Security Desk·7h ago
Device-code Phishing · Microsoft 365 Security

Telegram Phishing Service ‘Forg365’ Exploits Microsoft’s Device Code Flow to Steal Sessions

A new phishing-as-a-service kit called Forg365 is using Microsoft’s own device code authentication to hijack Microsoft 365 sessions, even bypassing multi-factor authentication. The service, distributed via Telegram, automates the attack and makes it accessible to low-skill criminals, putting organizations at risk of full account takeover.

SE Security Desk·10h ago
CVE-2026-47281 · Visual Studio Code

VS Code Flaw CVE-2026-47281 Bypasses Workspace Trust—Update to 1.123.2 Immediately

Microsoft released Visual Studio Code 1.123.2 to patch a critical vulnerability, CVE-2026-47281, that bypasses workspace trust and could allow remote code execution. All users and organizations must update immediately and inventory installations to prevent exploitation.

SE Security Desk·10h ago
CVE-2026-46215 · Linux Kernel

A Linux Graphics Bug Can Give Attackers Root — and Your Windows Machine Isn’t Immune

A newly disclosed Linux kernel privilege escalation bug (CVE-2026-46215) in the DRM render nodes can give unprivileged attackers root access. While directly a Linux issue, it impacts Windows users who run WSL, dual-boot, or VMs. The article explains the risk and provides practical steps to secure systems until patches are released.

SE Security Desk·17h ago ·2 views
CVE-2026-43499 · GhostLock

Critical Linux Kernel Bug Exposes WSL2 and Container Hosts — Patch Now

A critical Linux kernel vulnerability, CVE-2026-43499 (GhostLock), allows container escapes and privilege escalation on systems with futex PI enabled. Windows users running WSL2, Docker Desktop, or Azure Linux VMs are directly affected. Patches are available from Microsoft, Docker, and major Linux distributions, and users are urged to update immediately.

SE Security Desk·18h ago ·3 views
Secure Boot · Windows 11

Microsoft Pauses Critical Secure Boot 2023 Certificate Update for Some Windows 11 PCs

Microsoft has paused the Secure Boot 2023 certificate update for some Windows 11 PCs after discovering firmware conflicts that could block installation or cause boot failures. The halt is temporary; users should avoid forcing the update and instead check for OEM firmware updates before resuming. The update is critical for blocking bootkits like BlackLotus, and Microsoft aims to resolve the issues in the coming weeks.

SE Security Desk·22h ago
Insider Risk Management · Microsoft Defender

Microsoft Defender Will Surface Purview IRM Triage Summaries in August 2026 Preview

In August 2026, a public preview will bring Purview Insider Risk Management's Data Security Triage Agent summaries into the Microsoft Defender alert queue. Security teams will get AI-driven incident narratives directly where they manage other threats, streamlining triage. Organizations should prepare now by tuning Purview policies and enabling preview features.

SE Security Desk·23h ago
Outlook For IOS · Microsoft Information Protection

Outlook for iOS Will Finally Preview Protected PDFs — Here’s What Changes in 2026

Microsoft plans to add native preview support for MIP-protected PDFs in Outlook for iOS by July 2026, eliminating the need to open sensitive attachments in a separate app. The roadmap update promises a seamless, secure experience for enterprise users on iPhones and iPads.

SE Security Desk·23h ago
Dlp Alerts · Graph Api

Microsoft Purview 558681 Pours DLP Context Into Graph API Alerts

Microsoft is enriching Graph API security alerts with DLP rule-match details through Purview roadmap ID 558681. The change lets SIEM and SOAR tools consume sensitive information type, policy name, and other context directly, eliminating the need to manually correlate with the Purview activity explorer. Administrators should prepare parsers and update playbooks to take advantage of the new data stream.

SE Security Desk·23h ago