identity security

Microsoft’s latest Secure Future Initiative (SFI) update moves beyond high-level commitments and delivers a practical, practitioner-focused set of patterns and practices aimed at turning Zero Trust theory into repeatable operational reality for networks, tenants, engineering systems, and...

Permiso’s new open-source tool P0LR Espresso is aimed squarely at the weakest link in cloud defense that most SOCs quietly tolerate: inconsistent, provider-specific log formats that slow investigations and obscure identity-based signals at the moment they matter most. The SiliconANGLE report...

Microsoft has quietly formalized what many IT teams have feared and many employees have quietly hoped for: the ability to run a consumer Microsoft 365 Copilot subscription inside work applications, enabling personal Copilot access to corporate documents when a user signs into an app with both a...

Ontinue’s announcement that its Posture Advisor Agent Core will be available through Microsoft’s new Security Store marks another tangible step in the rapid commercialization of security AI agents—promising easier deployment of identity-hardening tooling for Microsoft Entra ID tenants while...

Microsoft’s move away from a traditional VPN toward an identity-first Security Service Edge—branded internally as Global Secure Access (GSA) and externally as Microsoft Entra Internet Access and Microsoft Entra Private Access—represents a major operational and architectural shift for large...

A newly disclosed flaw in Microsoft Entra ID — tracked as CVE-2025-55241 — exposed a fragile seam in cloud identity where undocumented internal tokens and a legacy API’s weak validation combined to create a near‑universal tenant takeover vector; Microsoft has patched the defect, but the incident...

Security researcher Dirk‑jan Mollema’s discovery of two linked vulnerabilities in Microsoft’s Entra ID architecture exposed a failure mode that, by design, could have allowed an attacker with limited on‑premises access to gain near‑complete control over hybrid Microsoft environments — a chain...

Mark Zuckerberg’s decision to sue Meta is true — but not for the reason most people will assume: the plaintiff is Mark S. Zuckerberg, a veteran bankruptcy lawyer in Indianapolis whose legal complaint accuses Meta of repeatedly disabling his Facebook accounts, accepting advertising payments while...

Microsoft's decision to remove the registration fee for individual developers publishing to the Microsoft Store is more than a pricing change — it's a clear signal that the company intends to make the Store a lower-friction, broader distribution channel for independent Windows software creators...

Microsoft has published advisory guidance tied to CVE‑2025‑55234 that focuses less on a new exploitable bug and more on enabling administrators to find and measure exposure to SMB relay‑style elevation‑of‑privilege attacks before they flip stronger hardening controls. The short form: the SMB...

Microsoft’s security advisory for CVE-2025-53809 warns that improper input validation in the Windows Local Security Authority Subsystem Service (LSASS) can be abused by an authorized attacker to cause a denial of service (DoS) over a network, putting authentication services and domain...

With the clock counting down to October 14, 2025, millions of PCs face a stark choice: upgrade to Windows 11, pay for a short-term safety net, or keep running an increasingly risky, unsupported Windows 10—while the debate over hardware compatibility, drivers and sustainability suddenly looks...

Microsoft Active Directory remains the single most critical identity service in most enterprises—and in 2025 the vendor landscape for Active Directory backup and forest recovery has crystallised around a small set of purpose‑built products that go well beyond system‑state snapshots. The...

Microsoft’s April 2025 Kerberos protections — delivered to close CVE‑2025‑26647 — introduced a new operational knob, AllowNtAuthPolicyBypass, that was intended to let administrators audit then enforce stricter certificate-based authentication behavior on domain controllers; the rollout fixed a...

Microsoft's Xbox division has quietly begun nudging UK players to prove they are adults — and made clear that failure to do so will blunt the console's social engines beginning in early 2026, a direct consequence of the UK's Online Safety Act and the regulator's demand for "highly effective" age...

Storm-0501’s latest operation — a hybrid assault that began on-premises, pivoted into Azure, exfiltrated and destroyed cloud data, and culminated in a ransom demand delivered through a compromised Microsoft Teams account — marks a stark turning point in how ransomware actors pursue profit and...

Headline: Zoom’s Enterprise Engine: AI, Churn, and the Long Game There’s a difference between a rebound and a turnaround. Rebounds are optical: the chart zigs up after it zagged down. Turnarounds are operational: the culture, product velocity, sales motions, and economics shift in ways that...

Microsoft Edge’s Canary channel has begun surfacing experimental controls that explicitly treat passkeys as first‑class syncable credentials in the browser, adding new flags labeled Passkey roaming and Passkey roaming management and settings, and exposing a combined “Passwords and passkeys” sync...

Windows 11 ships with a far stronger security baseline than its predecessors, but real-world attackers and configuration gaps still find workarounds—meaning Defender and Windows Security are necessary, not sufficient, for modern threat defense. Background Windows 11’s built-in...

Microsoft’s August Patch Tuesday landed as a heavy, cross‑cutting security package that mixes high‑severity remote code execution (RCE) flaws, a publicly disclosed Kerberos elevation‑of‑privilege issue, and several cloud‑centric patches that were already mitigated on the service side—creating a...