Microsoft has issued an emergency security update to address a newly disclosed vulnerability in the .NET ecosystem that can be triggered remotely and results in denial-of-service (DoS) conditions. The flaw, tracked as CVE-2026-26127, affects multiple .NET runtime and package versions across Windows, macOS, and Linux. Administrators and developers should prioritize applying the available patches to prevent service disruption. What the
Category: Microsoft
Windows, Windows Server, Microsoft 365, Word, Excel, PowerPoint, Outlook, OneNote, Teams, SharePoint, OneDrive, Edge, Bing, SQL Server, Visual Studio, Active Directory, Dynamics 365, Power BI, Power Apps, Xbox, Game Pass, Surface, Intune, Defender, Exchange, Hyper-V, .NET, Dataverse, Microsoft Copilot, Copilot Studio, Microsoft Fabric, Power Platform, Windows 11, Windows 10, WSL, Windows Subsystem for Linux
Microsoft Copilot Cowork: Automating Multi-Step Workflows Inside Microsoft 365
Microsoft announced Copilot Cowork as a new Copilot capability for Microsoft 365 that moves beyond single-response assistance to plan-and-execute workflows across Microsoft 365 apps and files. Cowork converts a user’s intent into a structured plan, runs the plan across supported apps and data sources, and surfaces checkpoints that require user confirmation before applying changes. The feature is positioned to operate
Introducing the Azure Skills Plugin: Practical Azure Workflows for Coding Agents
The Azure Skills Plugin brings curated Azure expertise and an execution layer together so coding agents can do more than offer generic guidance. Rather than just suggesting commands or linking to documentation, the plugin packages decision logic (skills) and structured tools (MCP servers) so agents can reason about workflows and, when appropriate, run actions against real Azure resources. What the
Zero-Day on the Market: $220K Exploit Targets Windows Remote Desktop Services (CVE-2026-21533)
Remote Desktop Services (RDS) has come under renewed scrutiny after reports that a working exploit for CVE-2026-21533 — an elevation-of-privilege vulnerability in Windows Remote Desktop Services — was listed for sale on a dark web forum for $220,000. The listing and surrounding reporting are factual and straightforward: a recently created account advertised a claimed zero-day exploit, observers recorded the posting,
Clipboard Trap: ClickFix Now Abuses Windows Terminal to Deliver Lumma Stealer
A newly observed wave of ClickFix social-engineering attacks has shifted tactics, hijacking Windows Terminal as its execution environment to deliver credential-stealing malware. Security researchers from Microsoft and other vendors tracked this campaign in early 2026 and reported a reliable pattern: victims are manipulated into pasting an obfuscated command from their clipboard into a legitimate-looking terminal window, which then decodes and
Admin Account Backdoor: Critical Privilege-Flaw in WordPress User Registration Plugin (CVE-2026-1492)
A critical security flaw in a widely used WordPress membership plugin has made it trivially simple for unauthenticated attackers to create administrator accounts and seize control of affected sites. The vulnerability, tracked as CVE-2026-1492, exposes a systemic weakness in how the plugin handled role assignment during user registration. This post summarizes what happened, who discovered it, the immediate risks, and