The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

UNC6692 relies on email bombing and social engineering to infect victims with Snow malware: Snowbelt, Snowglaze, and ...
Hosted on MSN

Microsoft expands Entra ID passkeys to unmanaged Windows devices

Microsoft is rolling out Entra ID passkey authentication to Windows devices, including unmanaged personal and shared PCs, starting late April 2026 with full availability expected by mid-June. The ...
Windows Report

Entra ID Passkeys Arrive on Windows With Support for Personal and Shared PCs

Microsoft rolls out Entra ID passkeys on Windows, enabling secure passwordless sign-in across managed and unmanaged devices.
Hosted on MSN

Microsoft launches Entra passkeys as US issues BlueHammer patch order

Microsoft will begin rolling out phishing‑resistant Entra passkeys for Windows devices in late April, expanding passwordless authentication to unmanaged systems. The move coincides with a CISA mandate ...
Windows Central

Everything you need to know about Windows 11's new customizable Taskbar — resizable and movable options from Windows 10 coming soon

Microsoft has announced major upgrades coming soon to the Taskbar on Windows 11 that will enable new capabilities that users have been requesting since Windows 11's debut in 2021. With these updates, ...
TechRepublic

Bitwarden Brings Passkey Logins to Windows 11, Expanding Passwordless Sign-Ins

Bitwarden Brings Passkey Logins to Windows 11, Expanding Passwordless Sign-Ins Your email has been sent Password manager Bitwarden has introduced support for passkey-based sign-ins on Windows 11, ...
Dark Reading

How NTLM and Kerberos Are Still Abused in AD Attacks

Authentication sits at the heart of enterprise security, making passwords and the authentication mechanisms that use them, prime targets for cybercriminals. For more than 90% of organizations that use ...
Bleeping Computer

Microsoft to disable NTLM by default in future Windows releases

Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.
Redmond Magazine

Microsoft Releases Emergency Fix for Azure Virtual Desktop, Windows 365 Authentication Failures

Microsoft released KB5077793 to fix Azure Virtual Desktop and Windows 365 authentication failures. January 2026 security update KB5073379 caused credential prompt failures across multiple Windows ...
HHS

Microsoft to Kill RC4 in Kerberos by 2026

Microsoft is officially moving to shut the door on RC4 - a legacy cryptographic cipher that has quietly persisted inside Windows authentication environments for decades - and forcing organizations to ...
Ars Technica

Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and ...