Articles about Security

Notifications are part and parcel of life, being both useful and interesting. But they can also be problematic. Google is aware that the notifications generated by websites can be “spammy or even deceptive”.

The worst offenders can attempt to trick people into sharing personal information or downloading dangerous software. Google is using machine learning to fight back, launching warnings about warnings of unwanted notifications.

Continue reading →

Artificial intelligence is now all but unavoidable, and Microsoft is taking every opportunity to crowbar more AI features into Windows 11. Copilot+ PCs are a big part of the company’s AI vision and now powerful new AI agents have been unveiled.

Described as being part of a “new generation of Windows experiences”, Microsoft has revealed new agents that use on-device AI to interpret natural language input to help a user find and change system settings. What could possibly go wrong?

Continue reading →

It is a year since Microsoft embraced passkeys for user accounts, and now the company is taking things further. With passkeys having been conceived as a replacement for passwords, any newly created Microsoft account will be passwordless.

This is not just a change that is about improving security (passwords having been shown time and time again to be highly fallible), but also user experience. The passkey-by-default approach now being adopted is part of a streamlining of UX for sign-ins.

Continue reading →

Microsoft has announced the winners of its 2025 Security Excellence Awards. The event, held in San Francisco during the lead-up to the RSA Conference, is like the Oscars, but for infosec, and celebrates partner organizations and individuals for their contributions to cybersecurity.

The awards panel considered partner nominations across eight main categories, selecting five finalists in each based on technical execution and impact. Winners were picked through a combined voting process involving Microsoft and its Intelligent Security Association (MISA) members.

Continue reading →

The arrival of hotpatch updates for Windows Server 2025 heralded a new era of keeping systems up-to-date and secure while keeping downtime to an absolute minimum. By eliminating the need for restarts after certain updates, systems can be patched while they are being used.

Hotpatching for Windows Server 2025 has been available in preview for a number of months now. It has been completely free of charge, but this is due to come to an end. Anyone who has fallen in love with the new approach will have to pay if they want to continue using it.

Continue reading →

Showing that it is not just Windows 11 that has issues with updates, Offensive Security has issued a warning that Kali Linux updates are likely to fail “in the coming days”.

The Linux distro has proved an important tool in penetration testing, acting as a valuable security tool for many users. The team behind Kali Linux says that “pretty much every Kali system out there will fail to update”, and it bears full responsibility: “This is not only you, this is for everyone, and this is entirely our fault”. But there is a solution.

Continue reading →

Every organization, sooner or later, writes itself a policy. It gets stapled into onboarding packs and waved about during training, and then quietly forgotten. It’s not that people mean to ignore it. It’s just that rules don’t always make themselves felt when the Wi-Fi’s down or the finance team’s in a rush. But culture -- that’s different. Culture settles into the way people think and work and react. It turns guidelines into instincts. That’s when you know security has taken root.

Understanding this shift often begins with a question: what, exactly, are we securing -- and how do we keep track of it all? Which is where you'll find DSPM explained in any sensible conversation. Data Security Posture Management (DSPM) refers to the ongoing process of identifying, monitoring, and reducing risks across sensitive data. It’s less about locking everything up and more about seeing clearly -- knowing where the data is, who can access it, and what it’s doing. The benefit isn’t just technical; it’s cultural. 

Continue reading →

A vulnerability in the Windows NTLM authentication protocol, which is known to have been actively exploited for at least a month, has been added to the US CISA’s Known Exploited Vulnerabilities Catalog.

While Microsoft deprecated NTLM last year, it remains widely used. Security researchers discovered the hash disclosure spoofing bug, and Microsoft quietly patched it in March. But the creation of a patch is one thing -- having users install it is something else. By adding the vulnerability, tracked as CVE-2025-24054, to its catalog, CISA is raising aware that action needs to be taken.

Continue reading →

For many years, the IT community has consistently emphasized the inherent value and significance of data. Data is one of the greatest resources within a business, even referred to as an organization’s crown jewels, and as a result, has become a vital part of business’ security strategies.

However, as the global interconnectivity of technology continues to grow, securing data and its integrity has become one of the most complex parts of cybersecurity. The driving factor behind this increasing complexity is the broadening use of generative AI (GenAI) and large language models (LLMs), for which training data has largely become the world’s publicly available data.

Continue reading →

Cast your mind back to just last week, and there was the usual chaos of problematic updates from Microsoft. But one of the more peculiar things about one of the updates was the creation an empty folder called inetpub after installing the KB5055523 update for Windows 11.

The appearance of this folder caused confusion, but failed to be explained by Microsoft. Users who were irritated by the folder materializing unbidden simply deleted it without side effects -- but now Microsoft has spoken out. The company says that the folder should not be deleted because it improves system security -- but leaves many questions unanswered.

Continue reading →

When Microsoft first added the AI-powered Recall feature to Windows 11, it could hardly have been expecting the backlash that came from users. Concerns about privacy and security forced the company to delay the rollout of the activity and screen monitoring snapshot tool.

Now Microsoft thinks it has made the improvements required to calm the concerns of those who spoke out very loudly against the tool. A new preview version of Recall is making its way to some users right now.

Continue reading →

There is not long left for Office 2016 in terms of official support from Microsoft, but it felt like adding salt to the wound when a recent update caused Word, Excel and Outlook to stop working.

Microsoft is certainly no stranger to breaking Windows with problematic updates, but with the KB5002700 security update released earlier this week, it was Office 2016 that was affected. So severe were the problems caused, Microsoft has been forced to release an out-of-band fix.

Continue reading →

There can’t be a silver lining without a cloud, and for all of the problems Microsoft managed to fix with the KB5055523 update for Windows 11, there is the small issue of it causing Windows Hello authentication to stop working for some.

While the problem is limited to users who meet fairly narrow criteria, the impact for those affected is significant. If you’re running System Guard Secure Launch or Dynamic Root of Trust for Measurement on Windows 11 and Server 2025, caution is advised.

Continue reading →

The next time you sign into your Microsoft account you may well be greeted by a new look. Microsoft has started the roll out of what it is calling a “new sign in experience” as the company uses its Fluent 2 design language to revamp the UI and UX. For better or worse, this is an attempt to create an “unmistakably Microsoft” look and feel.

The changes affect users of Windows, Xbox, Microsoft 365, and more, and Microsoft predicts that the majority of users will see the new look by the end of April. As part of the redesign, users are being given more choice; there is now a dark mode option.

Continue reading →

Cyber-attacks are becoming increasingly sophisticated and targeted, with the average number of weekly attacks per organization soaring to 1,673 in 2024 -- a 44 percent increase from 2023. In response, researchers and defenders are harnessing AI-powered analytics, anomaly detection and correlation engines to bolster security efforts. It’s an ongoing cat-and-mouse game that makes cyber compromise a question of when rather than if.

Effective defense hinges on resilience and minimizing the attack surface. However, many businesses are finding that traditional point-based solutions are leaving them with gaps in their security posture due to limited tools, skills or resources. There are five key factors that are leading organizations to look for a more sustainable and comprehensive platform-based approach.  

Continue reading →