Passkey Security
The latest Passkey Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft’s Internal Security Overhaul Achieves 99.97% Phishing-Proof Logins, Sets 2029 Quantum-Safe Deadline
Microsoft’s July 2026 Secure Future Initiative report shows the company reached 99.97% phishing-resistant MFA coverage internally and plans to complete a post-quantum cryptography transition by 2029. The milestone offers a practical blueprint for IT admins to harden their own environments using available Windows and Entra ID tools.
Corporate Microsoft 365 Users Hit by Vishing Scam That Weaponizes Passkey Enrollment
A threat actor tracked as O-UNC-066 has been targeting corporate Microsoft 365 users since April 2024 with phone-based phishing attacks that trick employees into enrolling a passkey on attacker-controlled devices, leading to account takeover. Okta disclosed the campaign, urging organizations to restrict passkey enrollment to managed devices, enable attestation, and train users on vishing scams.
Microsoft Tells Admins to Speed Up Emergency Patching with Risk-Based Deployment Rings
Microsoft's new guidance introduces risk-based deployment rings for out-of-band patches, using threat intelligence to dynamically accelerate updates to high-risk devices. This could cut emergency patch deployment from days to hours, but IT admins need to set up guardrails and trust the risk scoring.
Two Joomla Extensions Under Active Attack: CISA Orders Agencies to Patch File-Upload Flaws
CISA has added two actively exploited file-upload vulnerabilities in Joomla extensions—CVE-2026-48939 (iCagenda) and CVE-2026-56291 (Balbooa Forms)—to its Known Exploited Vulnerabilities Catalog. Both flaws allow attackers to upload malicious files and execute remote code, requiring immediate patching for all affected sites. Federal agencies have until April 16, 2025, to remediate, but private organizations should act now to prevent compromise.
Hidden Windows Identifier Exposes VPN User in Federal Case — What Users Need to Know
A newly unsealed federal complaint reveals that law enforcement used Microsoft's persistent Windows Global Device Identifier to link a suspect's online activity across multiple countries and VPN connections to a single device. The case exposes how Windows telemetry can defeat VPN privacy, raising urgent questions for users who assume VPNs provide comprehensive anonymity.
Telegram Phishing Service ‘Forg365’ Exploits Microsoft’s Device Code Flow to Steal Sessions
A new phishing-as-a-service kit called Forg365 is using Microsoft’s own device code authentication to hijack Microsoft 365 sessions, even bypassing multi-factor authentication. The service, distributed via Telegram, automates the attack and makes it accessible to low-skill criminals, putting organizations at risk of full account takeover.
VS Code Flaw CVE-2026-47281 Bypasses Workspace Trust—Update to 1.123.2 Immediately
Microsoft released Visual Studio Code 1.123.2 to patch a critical vulnerability, CVE-2026-47281, that bypasses workspace trust and could allow remote code execution. All users and organizations must update immediately and inventory installations to prevent exploitation.
A Linux Graphics Bug Can Give Attackers Root — and Your Windows Machine Isn’t Immune
A newly disclosed Linux kernel privilege escalation bug (CVE-2026-46215) in the DRM render nodes can give unprivileged attackers root access. While directly a Linux issue, it impacts Windows users who run WSL, dual-boot, or VMs. The article explains the risk and provides practical steps to secure systems until patches are released.
Critical Linux Kernel Bug Exposes WSL2 and Container Hosts — Patch Now
A critical Linux kernel vulnerability, CVE-2026-43499 (GhostLock), allows container escapes and privilege escalation on systems with futex PI enabled. Windows users running WSL2, Docker Desktop, or Azure Linux VMs are directly affected. Patches are available from Microsoft, Docker, and major Linux distributions, and users are urged to update immediately.
Microsoft Pauses Critical Secure Boot 2023 Certificate Update for Some Windows 11 PCs
Microsoft has paused the Secure Boot 2023 certificate update for some Windows 11 PCs after discovering firmware conflicts that could block installation or cause boot failures. The halt is temporary; users should avoid forcing the update and instead check for OEM firmware updates before resuming. The update is critical for blocking bootkits like BlackLotus, and Microsoft aims to resolve the issues in the coming weeks.
Microsoft Defender Will Surface Purview IRM Triage Summaries in August 2026 Preview
In August 2026, a public preview will bring Purview Insider Risk Management's Data Security Triage Agent summaries into the Microsoft Defender alert queue. Security teams will get AI-driven incident narratives directly where they manage other threats, streamlining triage. Organizations should prepare now by tuning Purview policies and enabling preview features.
Outlook for iOS Will Finally Preview Protected PDFs — Here’s What Changes in 2026
Microsoft plans to add native preview support for MIP-protected PDFs in Outlook for iOS by July 2026, eliminating the need to open sensitive attachments in a separate app. The roadmap update promises a seamless, secure experience for enterprise users on iPhones and iPads.
Microsoft Purview 558681 Pours DLP Context Into Graph API Alerts
Microsoft is enriching Graph API security alerts with DLP rule-match details through Purview roadmap ID 558681. The change lets SIEM and SOAR tools consume sensitive information type, policy name, and other context directly, eliminating the need to manually correlate with the Purview activity explorer. Administrators should prepare parsers and update playbooks to take advantage of the new data stream.