authentication

The emergence of CVE-2025-47981—a critical heap-based buffer overflow in the Windows SPNEGO Extended Negotiation (NEGOEX) security mechanism—has sent shockwaves through both enterprise IT departments and the broader cybersecurity community. This newly revealed flaw, affecting one of the...

Windows Netlogon has long served as a critical backbone for authentication and secure communications within Active Directory environments. However, recent disclosure of CVE-2025-49716 has cast a spotlight on significant and exploitable weaknesses in how Netlogon processes certain types of...

A critical security vulnerability, identified as CVE-2025-47987, has been discovered in the Credential Security Support Provider protocol (CredSSP) within Microsoft Windows. This flaw is a heap-based buffer overflow that allows an authenticated attacker to elevate privileges locally, posing...

In recent years, the landscape of cybersecurity has undergone a seismic shift, primarily due to the rapid advancements in artificial intelligence (AI). Both Google and Microsoft have sounded alarms about the vulnerabilities inherent in traditional password-based authentication systems. They...

Microsoft is taking a significant step towards a passwordless future by eliminating passwords for new accounts and encouraging existing users to transition to more secure authentication methods. This move is driven by the increasing vulnerability of traditional passwords to cyberattacks and the...

Microsoft's drive towards a passwordless future is entering a transformative and controversial new phase, with the tech giant set to delete all saved passwords from its Authenticator platform in August—a move projected to affect roughly 75 million users worldwide. This ambitious overhaul...

Microsoft’s latest moves in credential security are reshaping both the everyday user experience and the broader conversation around passwordless authentication. Nowhere is this transformation more evident than in the deepening integration of 1Password’s passkey capabilities directly within...

The digital security landscape is undergoing a significant transformation as passwords, long regarded as both essential and vulnerable, begin to yield to more advanced forms of authentication. Microsoft has been at the forefront of this evolution, aggressively pursuing a passwordless future...

Few technological changes in the Windows ecosystem have felt as momentous—or overdue—as Microsoft’s bold leap toward a passwordless future. With the introduction of enhanced passkey support in Windows 11, now available in Insider Preview Build 26200.5670 (KB5060838), Microsoft is not just racing...

Microsoft’s push toward a passwordless future took a significant step forward this week, as the company began testing third-party passkey integration in Windows 11 for users enrolled in its Dev and Beta Insider channels. While the concept of “passwordless” authentication isn’t new, the practical...

Microsoft’s Secure Future Initiative continues to reshape cloud security practices, and the decision to block legacy authentication protocols by default in Microsoft 365 is the company’s most aggressive move yet to harden enterprise environments against a wave of increasingly sophisticated...

Microsoft is set to implement significant security enhancements within its Microsoft 365 suite by blocking various legacy authentication protocols starting mid-July 2025. This initiative is part of the company's Secure Future Initiative (SFI) and Secure by Default strategy, aiming to bolster the...

Windows, long known for its vast support of legacy technologies and backward compatibility, is poised at a pivotal turning point. Microsoft has initiated sweeping changes intended to bolster the security and reliability of its platforms, namely Windows and Microsoft 365, by phasing out outdated...

Microsoft is drawing a definitive line under the era of legacy authentication protocols in Microsoft 365, setting the stage for a monumental shift in security posture across its cloud ecosystem. Starting from mid-July 2025, Microsoft will begin enforcing new default settings that block legacy...

Microsoft is set to enhance the security framework of its Microsoft 365 suite by phasing out outdated file access methods starting in mid-July 2025. This initiative will disable legacy authentication protocols such as Relying Party Suite (RPS) and FrontPage Remote Procedure Call (FPRPC) across...

Microsoft's recent announcement of expanded passkey (FIDO2) support in Microsoft Entra ID marks a significant advancement in the realm of passwordless authentication. This development, set to roll out globally from mid-October to mid-November 2025, underscores the company's commitment to...

Here’s a summary of the main points from the Neowin article and Microsoft’s update: What’s Happening? Microsoft 365 will disable legacy authentication protocols (Relying Party Suite [RPS] and FrontPage Remote Procedure Call [FPRPC]) for file access. This affects Microsoft 365 and Office apps...

Veeam Backup & Replication (VBR) has recently been found to contain a critical vulnerability, designated as CVE-2025-23120, which allows authenticated domain users to execute arbitrary code remotely on backup servers. This flaw, identified by security researchers at watchTowr Labs, affects VBR...

Here’s a summary of the Gagadget.com article regarding the Windows Hello change: What’s Happened: Microsoft has released an update for Windows 11 that changes how Windows Hello facial recognition works: it is now disabled in dark or low-light conditions. Why the Change? Previously, Windows...

In April 2025, Microsoft implemented a significant security enhancement to Windows Hello, its biometric authentication system, by requiring color cameras for facial recognition. This change aims to bolster security but also introduces challenges for users in low-light environments. Understanding...