Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the "internal API" security model obsolete.The "Confused Deputy" Risk: ...

This latest security issue highlights the challenges of security in an AI era. This latest security issue highlights the challenges of security in an AI era. is a senior editor and author of Notepad, ...

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.

Update, August 10, 2025: This story, originally published on August 7, has been updated with additional information following a demonstration of the shared service principal exploit at the Black Hat ...

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. When first ...

Update, May 11, 2025: This story, originally published May 9, has been updated with more details on the move towards greater cloud Common Vulnerabilities and Exposures (CVE) transparency by both ...

A critical Microsoft authentication vulnerability could have allowed a threat actor to compromise virtually every Entra ID tenant in the world. The elevation of privilege (EoP) vulnerability, tracked ...

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor ...

Microsoft has announced that Exchange Web Services (EWS) for Exchange Online will be fully shut down on April 1, 2027. The move marks the end of nearly ...

Understanding the New Security Imperative for Generative AI in the Enterprise Introduction: How Microsoft Copilot Is Transforming Enterprise Security Risk Microsoft Copilot is changing the way ...