Microsoft's Notepad introduced new AI and Markdown features that created a critical security vulnerability (CVE-2026-20841). This flaw allows remote code execution through malicious Markdown files, affecting users of the modern Notepad app on Windows 10 and 11. Immediate updates and precautions are necessary to mitigate risks.

Researchers from Varonis discovered a flaw in Microsoft’s Copilot AI that allowed attackers to steal sensitive user data with a single click. By embedding malicious instructions in a legitimate URL, they extracted information like user names and locations without needing further user interaction. The exploit bypassed standard security measures.

The article reveals a vulnerability in Microsoft's Update Health Tools that allowed remote code execution through abandoned Azure storage blobs. Researchers exploited this flaw by monitoring HTTP requests and discovered that many devices were at risk due to misconfigurations. Microsoft has since addressed the issue after responsible disclosure.

Microsoft released its first security update of 2026, fixing 112 vulnerabilities, including a zero-day in Desktop Window Manager that can leak sensitive information. While this zero-day is actively exploited, attackers need local access to the system to exploit it. Eight vulnerabilities were flagged as likely to be targeted this month.

A new tool called 'Defendnot' tricks Windows into disabling Microsoft Defender by registering a fake antivirus product using an undocumented Windows Security Center API. Created by researcher es3n1n, it bypasses security features by injecting a dummy antivirus DLL into a trusted system process, effectively leaving devices without active protection. Microsoft Defender has flagged Defendnot as a threat, highlighting vulnerabilities in trusted system features.

Microsoft’s Copilot for M365 has a significant vulnerability that allows users to access files without leaving an audit log entry, posing serious security and compliance risks. Despite fixing the issue, Microsoft has chosen not to inform customers or disclose the vulnerability publicly, raising concerns about their transparency and responsibility regarding security practices. The article details the author’s frustrating experience reporting the vulnerability and highlights the implications for organizations relying on accurate audit logs.

A critical flaw in Microsoft Entra ID, involving undocumented actor tokens and a vulnerability in the Azure AD Graph API, allowed potential global access to any organization's tenant without leaving logs of the actions taken. Security researcher Dirk-jan Mollema discovered that these actor tokens could be exploited to impersonate users, including Global Administrators, leading to severe security risks. Microsoft has since patched the vulnerability and is in the process of deprecating the affected API service.

A flaw in Microsoft OneDrive's file picker has been discovered, which could potentially allow attackers to exploit the feature for unauthorized access to files. This vulnerability highlights the need for improved security measures within cloud storage services to protect user data from malicious activities.

A critical flaw in Microsoft's Windows Server Update Services (WSUS) has been exploited in the wild, with reports indicating that the vulnerability allows attackers to bypass security measures and execute arbitrary code. Despite the availability of patches, many systems remain unprotected due to insufficient updates, highlighting the urgency for organizations to address this issue promptly.

Microsoft identified a macOS vulnerability, CVE-2025-31191, allowing attackers to escape the App Sandbox using security-scoped bookmarks without user interaction. The flaw could lead to unrestricted code execution on affected devices, enabling further malicious actions. A fix was provided by Apple in March 2025, and users are advised to apply security updates promptly.

Microsoft has discovered a vulnerability in macOS that allows attackers to bypass TCC protections, potentially exposing sensitive user data. This flaw could enable unauthorized access to applications that are typically restricted by macOS security measures. Users are advised to update their systems to mitigate the risk associated with this vulnerability.

Microsoft has confirmed that its Remote Desktop Protocol (RDP) allows users to log in with revoked passwords, a design choice intended to prevent user lockouts. This controversial decision means that even after changing a password, access can still be granted, leaving millions of users vulnerable without clear guidance or detection methods from Microsoft.

A newly discovered vulnerability in the Cursors component of Microsoft Windows allows hackers to execute arbitrary code on affected systems. This flaw, identified as CVE-2023-38831, can be exploited through specially crafted files, prompting urgent updates from Microsoft to mitigate potential attacks. Users are advised to patch their systems to safeguard against this security threat.