Microsoft announced Copilot Cowork as a new Copilot capability for Microsoft 365 that moves beyond single-response assistance to plan-and-execute workflows across Microsoft 365 apps and files. Cowork converts a user’s intent into a structured plan, runs the plan across supported apps and data sources, and surfaces checkpoints that require user confirmation before applying changes. The feature is positioned to operate
Introducing the Azure Skills Plugin: Practical Azure Workflows for Coding Agents
The Azure Skills Plugin brings curated Azure expertise and an execution layer together so coding agents can do more than offer generic guidance. Rather than just suggesting commands or linking to documentation, the plugin packages decision logic (skills) and structured tools (MCP servers) so agents can reason about workflows and, when appropriate, run actions against real Azure resources. What the
Title: Zero-Day on the Market: $220K Exploit Targets Windows Remote Desktop Services (CVE-2026-21533)
Remote Desktop Services (RDS) has come under renewed scrutiny after reports that a working exploit for CVE-2026-21533 — an elevation-of-privilege vulnerability in Windows Remote Desktop Services — was listed for sale on a dark web forum for $220,000. The listing and surrounding reporting are factual and straightforward: a recently created account advertised a claimed zero-day exploit, observers recorded the posting,
Cognizant’s TriZetto Subsidiary Reports Data Breach Affecting 3.4 Million Patients
TriZetto Provider Solutions, a healthcare-technology subsidiary of Cognizant, has disclosed a large data breach that exposed the protected health information of 3,433,965 patients. The company classified the incident as an external system hacking event after threat actors gained unauthorized access to TriZetto’s external infrastructure. Timeline and discovery Initial unauthorized access occurred on November 19, 2024. TriZetto did not detect the
Clipboard Trap: ClickFix Now Abuses Windows Terminal to Deliver Lumma Stealer
A newly observed wave of ClickFix social-engineering attacks has shifted tactics, hijacking Windows Terminal as its execution environment to deliver credential-stealing malware. Security researchers from Microsoft and other vendors tracked this campaign in early 2026 and reported a reliable pattern: victims are manipulated into pasting an obfuscated command from their clipboard into a legitimate-looking terminal window, which then decodes and
When Claude Became a Bug Hunter: How an AI Found 22 Firefox Vulnerabilities in Two Weeks
In February 2026, a focused collaboration between Anthropic and Mozilla demonstrated a new phase in vulnerability research: large language models (LLMs) moving beyond assistance into active, high-throughput discovery. Over a two-week engagement, Claude Opus 4.6 performed deep analysis of the Firefox codebase and surfaced 22 distinct security flaws. The scope and speed of these findings — especially the 14 issues