Microsoft Calls It Information Disclosure. The Rest of Us Call It MFA Bypass.
Microsoft calls CVE-2026-41615 information disclosure. It is an MFA bypass. The Authenticator app leaks work account tokens after one user tap.
Read more →9 articles
Microsoft calls CVE-2026-41615 information disclosure. It is an MFA bypass. The Authenticator app leaks work account tokens after one user tap.
Read more →
The NCSC's Windows guidance has recommended TPM plus PIN for years. Most UK organisations ignored it. YellowKey just changed what that decision costs.
Read more →
43% of UK businesses breached. Revenue impact doubled. Board engagement finally rising. Mauven MacLeod reads between the lines of the DSIT survey.
Read more →
Awareness went up. Risk assessments went down. Continuity plans dropped 9 points. If concern was a control, the survey numbers would look very different.
Read more →
NCSC's SilentGlass is technically sound government kit, now available commercially. But if you're still fighting phishing, it's probably not your next purchase.
Read more →
State-sponsored attackers are reaching small businesses through the systems they already rely on. Here is how to spot it and respond.
Read more →
167 CVEs. Two zero-days. One SharePoint flaw needs no password to exploit. April 2026 Patch Tuesday demands your attention today, not next week.
Read more →
Paste-and-run is now the dominant attack method. Mac is not safe. Vidar is back. Red Canary's March data, translated into steps you can actually take.
Read more →
Article 32 of UK GDPR requires 'appropriate technical measures' to protect personal data. Running unpatched, out-of-support software is very difficult to defend as appropriate.
Read more →