Vardesyn — News & TIL

TIL — Today I Learned

running notes worth remembering

28 Mar 2026

Entra ID cross-tenant token protection is now GA in Conditional Access — always validate requirementProvider claims in staging before broad rollout.

entra identity

source

15 Mar 2026

Azure Policy audit effect flags non-compliance but never blocks — swap to deny on critical controls inside landing zone scaffolding.

azure governance

02 Mar 2026

Defender XDR now correlates MCAS signals with Defender for Endpoint telemetry — noticeable drop in alert fatigue for tenants over 5 k seats.

defender m365

Platform Updates

new features & previews per M365 service

Feed unavailable — check back shortly.

Ranked Watch Sources

web-only favourites sorted by trust and popularity signals

Microsoft Change Watch

100 M365 Roadmap Official Microsoft 365 roadmap for upcoming and rolling-out changes. 99 Entra Release Notes Official Entra ID release notes and identity platform changes. 98 Intune What's New Monthly Microsoft Intune service changes. 97 Defender XDR What's New Microsoft Defender XDR feature and service updates. 95 Sentinel What's New Microsoft Sentinel release notes and feature changes. 94 Azure Architecture Changelog Architecture Center content changes worth tracking.

Community & Aggregators

94 M365 Message Center Archive Public Microsoft 365 message center archive by Merill Fernando. 92 Entra Change Tracker Community tracker for Entra ID changes. 90 Microsoft DocsTracker Track Microsoft Learn page changes by service. 88 Docs Update Tracker Searchable Microsoft documentation change tracking. 86 Azure Weekly Long-running Azure community newsletter. 84 Entra.News Identity-focused community news source.

Threat Intel Watch

99 CISA KEV Catalog Known exploited vulnerabilities, best first stop for patch priority. 98 MSRC Update Guide Authoritative Microsoft CVE and Patch Tuesday tracker. 92 Zero Day Initiative Upcoming vulnerability disclosures and exploit pressure. 90 GreyNoise Visualizer Separate internet background noise from targeted traffic. 86 Ransomware.live Ransomware victim and leak-site monitoring. 84 Have I Been Pwned Sites Known breach corpus and affected sites.

Security & Tech Blogs

live feed — updated every 12 hours

3 things leaders need to know from Microsoft Build 2026 At Microsoft Build 2026, AI moved from experimentation to execution—shifting from isolated tools to connected systems grounded in … Azure Blog rank 100 5d ago Claude Fable 5 available today in Microsoft Foundry: Powering the next era of autonomous agents Claude Fable 5, Anthropic’s latest Frontier model, available today in Microsoft Foundry, powering agents in GitHub Copilot and Fou… Azure Blog rank 100 09 Jun AI alone won’t change your business. The system running it will. We are building a comprehensive agent platform: one that supports many models, is open, and gives you flexibility at every layer o… Azure Blog rank 100 02 Jun Announcing Microsoft Discovery general availability and Microsoft Discovery app preview At Microsoft Build, we are announcing that Microsoft Discovery is now generally available for all organizations, providing a compr… Azure Blog rank 100 02 Jun Microsoft Build 2026: Building agentic apps with Microsoft Fabric and Microsoft Databases Microsoft Build 2026 highlights advancements in app development with Microsoft Fabric and Microsoft Databases, emphasizing a unifi… Azure Blog rank 100 02 Jun New Azure Cobalt 200 VMs deliver 50% performance improvement, fully optimized for modern agentic AI workloads We are announcing the early access preview for Azure Cobalt 200 Arm-based Virtual Machines (VMs), designed for Linux-based agentic… Azure Blog rank 100 02 Jun

Microsoft Defender email security benchmarking: Key insights from one year of data See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post … MS Security rank 100 1d ago Turn specs into evals for any agent with ASSERT Adaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT) is an open-source framework for converting natural lan… MS Security rank 100 6d ago Reconstructing AI activity in investigations Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach.… MS Security rank 100 09 Jun AI brands as bait: How threat actors are using the AI hype in social engineering As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a… MS Security rank 100 08 Jun Securing CI/CD in an agentic world: Claude Code Github action case Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow s… MS Security rank 100 05 Jun Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, … MS Security rank 100 04 Jun

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages Information published. MSRC rank 98 12h ago CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext. Information published. MSRC rank 98 14h ago Chromium: CVE-2026-12012 Use after free Network This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see … MSRC rank 98 1d ago Chromium: CVE-2026-12008 Use after free DigitalCredentials This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see … MSRC rank 98 1d ago Chromium: CVE-2026-12019 Out of bounds write Codecs This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see … MSRC rank 98 1d ago Chromium: CVE-2026-12016 Insufficient validation of untrusted input DevTools This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see … MSRC rank 98 1d ago

Who Runs the Ransomware Group ‘The Gentlemen?’ A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attractin… Krebs on Security rank 94 6d ago A Record-Breaking Patch Tuesday for June 2026 Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported sof… Krebs on Security rank 94 6d ago Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with p… Krebs on Security rank 94 01 Jun Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructu… Krebs on Security rank 94 25 May Lawmakers Demand Answers as CISA Tries to Contain Data Leak Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA… Krebs on Security rank 94 22 May Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreadi… Krebs on Security rank 94 21 May

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reput… The Hacker News rank 92 10h ago Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defuse… The Hacker News rank 92 11h ago China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdo… The Hacker News rank 92 12h ago Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impe… The Hacker News rank 92 13h ago Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active expl… The Hacker News rank 92 15h ago CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to it… The Hacker News rank 92 16h ago

Malicious JetBrains Marketplace plugins steal AI API keys from developers At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...] BleepingComputer rank 91 7m ago New Rokarolla Android malware targets 217 banking, crypto apps A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 13… BleepingComputer rank 91 1h ago Steam Workshop abused to spread malware via Wallpaper Engine app Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidd… BleepingComputer rank 91 3h ago UK to require ID or face scan before you can make social media accounts Opening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a… BleepingComputer rank 91 7h ago GhostTree Attack Abused Recursive Windows Junctions to Hide Malware GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique c… BleepingComputer rank 91 7h ago FTC warns of record $3.5 billion losses to imposter scams in 2025 The U.S. Federal Trade Commission (FTC) warned that Americans lost $3.5 billion to imposter scams in 2025, with reported losses ne… BleepingComputer rank 91 8h ago

From a VHDX File to a Remcos RAT, (Tue, Jun 16th) Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c0… SANS ISC rank 90 14h ago ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. SANS ISC rank 90 20h ago Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th) I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: "The Evil MSI Backgro… SANS ISC rank 90 1d ago ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. SANS ISC rank 90 1d ago ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. SANS ISC rank 90 4d ago ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. SANS ISC rank 90 5d ago

A tale of two eras In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digit… Cisco Talos rank 89 5d ago Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities Microsoft Patch Tuesday details for June 2026. Cisco Talos rank 89 09 Jun Reporting from Vegas: Networking, AI, and good boys Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overst… Cisco Talos rank 89 04 Jun Winning the cyber marathon with Tony Giandomenico Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited a… Cisco Talos rank 89 04 Jun Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threat… Cisco Talos rank 89 04 Jun Less panic patching, more precision In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patchi… Cisco Talos rank 89 28 May

Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploi… The DFIR Report rank 88 11 May Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and c… The DFIR Report rank 88 22 Apr Apache ActiveMQ Exploit Leads to LockBit Ransomware Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Ama… The DFIR Report rank 88 23 Feb Cat’s Got Your Files: Lynx Ransomware Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! The intrusion began in early March 2025 with a sing… The DFIR Report rank 88 17 Dec From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first re… The DFIR Report rank 88 04 Nov From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion Key Takeaways Private Threat Briefs: 20+ private DFIR reports annually.   Contact us today for pricing or a demo!   Tabl… The DFIR Report rank 88 29 Sep

CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitat… CISA Advisories rank 87 1d ago CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitatio… CISA Advisories rank 87 4d ago Yarbo Android/iOS Mobile Application and Cloud Infrastructure View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain … CISA Advisories rank 87 5d ago Naxclow IoT Platform View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or ma… CISA Advisories rank 87 5d ago Brickcom Cameras View CSAF Summary Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthori… CISA Advisories rank 87 5d ago CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitatio… CISA Advisories rank 87 5d ago

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article f… Unit 42 rank 87 12h ago Inside the Modern SOC: The 72-Minute Race Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-dri… Unit 42 rank 87 23h ago Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn … Unit 42 rank 87 4d ago Trust No Skill: Integrity Verification for AI Agent Supply Chains Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage att… Unit 42 rank 87 5d ago Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defe… Unit 42 rank 87 09 Jun Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitati… Unit 42 rank 87 09 Jun

4 Ways GreyNoise Improves SOC Outcomes Learn four practical ways GreyNoise improves SOC outcomes—from reducing alert volume and surfacing targeted threats to identifying… GreyNoise rank 86 04 Jun The Coverage Gap: Why Your Blocklist Is Missing 119,000 Malicious IPs Today GreyNoise compared 119,842 malicious IPs against 11 major threat feeds. The average coverage: just 2%, exposing the limits of stat… GreyNoise rank 86 22 May A New SonicWall Scanning Spike Echoes the Pattern That Preceded CVE-2026-0400 A new SonicWall scanning surge mirrors the pattern that preceded CVE-2026-0400. GreyNoise details the activity and what defenders … GreyNoise rank 86 21 May Project Swarm: Join the Collective. Defend the Edge Today, we're launching Project Swarm — a research initiative that opens the GreyNoise deception platform to the global security co… GreyNoise rank 86 29 Apr The Internet Changes Before the Advisory Drops Before Cisco disclosed a CVSS 10.0 zero-day, GreyNoise sensors had already observed eight surges of targeting activity compressing… GreyNoise rank 86 20 Apr Just 21 IP Addresses Are Now Behind Nearly Half of All RDP Scanning on the Internet GreyNoise uncovers a concentrated RDP scanning campaign, revealing infrastructure patterns, rapid traffic shifts that impact detec… GreyNoise rank 86 10 Apr

ZDI-CAN-30962: Foxit A CVSS score 4.7 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N severity vulnerability discovered by 'kai63001' was reported to the affected … ZDI Upcoming rank 86 1d ago ZDI-CAN-31752: Adobe A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Brandon Evans of TrendAI Zero Day Initi… ZDI Upcoming rank 86 1d ago ZDI-CAN-30735: Progress Software A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Xander Mackenzie | @thetrueartist.co.uk… ZDI Upcoming rank 86 1d ago ZDI-CAN-31158: Foxit A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected… ZDI Upcoming rank 86 1d ago ZDI-CAN-30563: OpenPrinting A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Sajeeb Lohani' was reported to the affe… ZDI Upcoming rank 86 5d ago ZDI-CAN-29948: Winmate A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Adonis Ramos' was reported to the affec… ZDI Upcoming rank 86 5d ago

Fileless Phantom Stealer Targets Browser Credentials In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to… Dark Reading rank 84 just now Security Community Slams US Ban on Exporting Mythos, Fable An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fabl… Dark Reading rank 84 2m ago SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in H… Dark Reading rank 84 1h ago Rokarolla Android Trojan Levels Up to Full Device Control, Persistence The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with exten… Dark Reading rank 84 4h ago 'Lorem Ipsum' Malware Pivots to ClickFix Delivery New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group … Dark Reading rank 84 6h ago HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not po… Dark Reading rank 84 1d ago

? shortcuts