identity security

October’s vulnerability headlines weren’t just noise — they forced emergency patching, accelerated government remediation orders, and exposed two persistent truths for Windows shops: trusted infrastructure is a prime target, and identity and container isolation are no longer “nice to have”...

Microsoft’s cloud suffered a high‑visibility disruption on Wednesday afternoon UTC when an apparent configuration error in Azure Front Door — Microsoft’s global edge and content delivery fabric — knocked a broad swath of Azure‑fronted services offline, producing real‑world outages for airlines...

Microsoft’s cloud went dark for a chunk of the global workday on October 29, 2025, when a configuration error in Azure Front Door (AFD) cascaded through the company’s edge and identity fabric, knocking Microsoft Azure, Microsoft 365, Xbox services and thousands of customer sites into partial or...

Microsoft engineers reported that they had begun restoring service after a global Azure outage triggered by an inadvertent configuration change in Azure Front Door (AFD), an incident that knocked Microsoft 365, the Azure Portal, Xbox/Minecraft sign‑ins and thousands of customer sites offline...

Microsoft’s cloud backbone faltered in mid‑afternoon UTC on October 29, 2025, producing a broad global outage that left Microsoft 365 portals, Xbox and Minecraft sign‑ins, and a raft of third‑party websites intermittently unreachable — a failure Microsoft attributed to problems in Azure Front...

A Microsoft cloud outage knocked large swathes of Microsoft 365, Azure management consoles and even gaming services offline for hours, with users worldwide reporting failed sign‑ins, blank admin portal blades, intermittent 502/504 gateway errors and disrupted Minecraft and Xbox authentication —...

Microsoft Copilot Studio agents can be weaponized to deliver highly convincing OAuth consent phishing that results in stolen tokens and persistent account access — a technique researchers have labelled “CoPhish” that leverages legitimate Microsoft-hosted agent pages to evade traditional...

When an industry veteran says “identity is the new perimeter,” they mean more than a slogan — they mean a strategic pivot that should already be reshaping every security program, architecture review, and boardroom risk discussion. In a recent interview reported by IT Brief New Zealand, James...

Keeper Security’s new native integration with Microsoft Sentinel promises to turn privileged credential telemetry into a real‑time detection stream for SOC teams — delivering prebuilt dashboards, analytics rules and a push connector that ingests Keeper event data into Sentinel workspaces in both...

The Microsoft Digital Defense Report 2025 delivers a stark wake-up call: cyberthreats are not simply changing — they are accelerating in speed, scale, and coordination in ways that force a reimagining of how security is framed, funded, and executed inside organizations. The most consequential...

Cayosoft’s new Guardian Protector is a free, always-on identity threat detection tool designed to provide continuous, real-time monitoring and alerts across hybrid Microsoft identity environments including Active Directory (AD) and Entra ID (formerly Azure AD), giving organizations a...

Windows administrators and identity teams should treat a newly disclosed Active Directory Federation Services (AD FS) vulnerability — tracked as CVE‑2025‑59258 — as a high‑priority operational item: Microsoft’s advisory describes an insertion of sensitive information into AD FS log files that...

Microsoft has quietly formalized what many IT teams have feared and many employees have quietly hoped for: the ability to run a consumer Microsoft 365 Copilot subscription inside work applications, enabling personal Copilot access to corporate documents when a user signs into an app with both a...

Ontinue’s announcement that its Posture Advisor Agent Core will be available through Microsoft’s new Security Store marks another tangible step in the rapid commercialization of security AI agents—promising easier deployment of identity-hardening tooling for Microsoft Entra ID tenants while...

A newly disclosed flaw in Microsoft Entra ID — tracked as CVE-2025-55241 — exposed a fragile seam in cloud identity where undocumented internal tokens and a legacy API’s weak validation combined to create a near‑universal tenant takeover vector; Microsoft has patched the defect, but the incident...

Security researcher Dirk‑jan Mollema’s discovery of two linked vulnerabilities in Microsoft’s Entra ID architecture exposed a failure mode that, by design, could have allowed an attacker with limited on‑premises access to gain near‑complete control over hybrid Microsoft environments — a chain...

Microsoft has published advisory guidance tied to CVE‑2025‑55234 that focuses less on a new exploitable bug and more on enabling administrators to find and measure exposure to SMB relay‑style elevation‑of‑privilege attacks before they flip stronger hardening controls. The short form: the SMB...

Microsoft’s security advisory for CVE-2025-53809 warns that improper input validation in the Windows Local Security Authority Subsystem Service (LSASS) can be abused by an authorized attacker to cause a denial of service (DoS) over a network, putting authentication services and domain...

With the clock counting down to October 14, 2025, millions of PCs face a stark choice: upgrade to Windows 11, pay for a short-term safety net, or keep running an increasingly risky, unsupported Windows 10—while the debate over hardware compatibility, drivers and sustainability suddenly looks...

Microsoft's recent servicing cycle for Windows Server 2022 ties together two urgent security themes: Microsoft has pushed a cumulative update (KB5063880) that carries fixes and quality improvements while reiterating critical remediation guidance for a Netlogon Remote Protocol hardening released...