enterprise security

Microsoft’s security tracker lists CVE-2025-54898 as an out-of-bounds read vulnerability in Microsoft Excel that can be triggered by a crafted spreadsheet and may allow an attacker to achieve local code execution when a user opens a malicious file. Background Microsoft Excel remains one of the...

Microsoft has added a near‑real‑time enforcement layer to Copilot Studio that lets organizations route an AI agent’s planned actions through external monitors — including Microsoft Defender, third‑party XDR vendors, or custom in‑tenant policy engines — and receive an approve-or-block verdict...

Microsoft has quietly pushed a significant control point into the live execution path of enterprise AI agents: Copilot Studio can now route an agent’s planned actions to external monitors (Microsoft Defender, third‑party XDR vendors, or customer endpoints) and receive an approve/block verdict in...

Microsoft is planning to pull the plug on Outlook Lite’s distribution this October, with multiple technology outlets reporting that new installations will be blocked beginning October 6, 2025, and users being nudged to move to the full Outlook mobile experience. Background / Overview Outlook...

Microsoft’s Copilot Studio has added a near‑real‑time security control that routes an agent’s planned actions through external monitors—allowing organizations to approve or block tool calls and actions while an AI agent runs—and the capability is now available in public preview for Power...

Microsoft’s Copilot Studio has added a near‑real‑time monitoring and control layer for AI agents, letting enterprises intercept, evaluate and — when necessary — block agent actions as they execute, and giving security teams a new way to enforce policies at runtime without sacrificing agent...

Microsoft’s Copilot Studio has moved from built‑in guardrails to active, near‑real‑time intervention: organizations can now route an agent’s planned actions to external monitors that approve or block those actions while the agent is executing, enabling step‑level enforcement that ties existing...

Microsoft’s latest Canary‑channel experiment pushes intelligence deeper into the Windows shell: a new AI actions submenu in File Explorer lets you right‑click images to run Bing Visual Search, blur or remove backgrounds, and erase objects — all without opening a full editor. This context‑aware...

Zenity’s expanded partnership with Microsoft plugs real-time, inline security directly into Microsoft Copilot Studio agents — a move that promises to make agentic AI safer for widespread enterprise use while raising new operational and architectural questions for security teams. The...

Microsoft has quietly but meaningfully shifted the balance of power between autonomous AI agents and enterprise defenders: Copilot Studio now supports near‑real‑time runtime security controls that let organizations route an agent’s planned actions through external monitors (Microsoft Defender...

Microsoft Defender SmartScreen in Microsoft Edge acts as a live reputation and content filter that warns users about phishing pages, malicious downloads, and suspicious sites before they can do harm. (support.microsoft.com, learn.microsoft.com) Background Microsoft Defender SmartScreen began as...

Title: CVE-2025-53791 — What Windows admins need to know about the Microsoft Edge (Chromium) “security feature bypass” (as of September 5, 2025) Summary (short) CVE-2025-53791 is tracked by Microsoft as a “Security Feature Bypass” in Microsoft Edge (Chromium‑based). Microsoft’s advisory...

Google's Chromium project has logged a serious security issue — tracked as CVE-2025-9866 — describing an inappropriate implementation in Extensions that can be weaponized to bypass Content Security Policy (CSP) via a crafted HTML page; Google has issued a Chrome stable update to remediate the...

Two German researchers demonstrated at Black Hat that an attacker with local administrative access can inject a malicious biometric template into Windows Hello for Business and sign in as another user with nothing more than their own face — a practical, low-noise bypass that undermines one of...

CISA’s latest update to the Known Exploited Vulnerabilities (KEV) Catalog adds three actively exploited flaws — a Linux kernel TOCTOU race condition, an Android Runtime issue, and a high‑impact Sitecore deserialization vulnerability — forcing organizations that track KEV and federal agencies...

Microsoft’s recent push to harden Azure Linux with a new “OS Guard” capability marks a notable shift in how cloud providers are thinking about host-level protections for container workloads, combining run‑time immutability, code integrity checks, and mandatory access control into an opinionated...

Microsoft quietly added a native option in Windows 11 to push your PC clipboard to Android — and in early hands‑on testing it appears to land inside any Android keyboard that reads the system clipboard, including Gboard. Overview Windows 11’s clipboard has long been more than a lone Ctrl+C...

Microsoft appears to be testing a native way for Windows 11 to push whatever you copy on a PC straight into a linked Android phone’s clipboard — a near‑instant, keyboard‑friendly transfer surfaced in Insider preview builds as an “Access PC’s clipboard” toggle that leverages the Link to Windows...

Microsoft’s iOS Microsoft 365 Copilot app is being stripped of advanced OneDrive file-management capabilities, redirecting users to the OneDrive app for folder browsing, permission changes, and downloads — a move that finalizes the app’s transition from an all-in-one Office hub into a focused AI...

As the calendar races toward October 14, 2025, a striking and inconvenient truth has emerged: a very large portion of the global PC installed base is still running Windows 10, even as Microsoft prepares to stop issuing free security updates and feature patches for that OS. PC makers, market...