Unwitting employees register a hacker’s device to their account; the crook then uses the resulting OAuth tokens to maintain persistent access.

Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the "internal API" security model obsolete.The "Confused Deputy" Risk: ...

Leaked documents show that ICE more than tripled its Azure data storage in six months, even as Microsoft denied “mass surveillance” and urged lawmakers to set limits.

Copilot caught peeking? A bug reportedly let the AI read confidential enterprise emails it was never meant to see. A complete fix is still not available.

A new proposal calls on social media and AI companies to adopt strict verification, but the company hasn’t committed to ...

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate ...

CRN’s Security 100 list of the coolest web, email and application security companies includes AI-powered vendors protecting email inboxes and web browsers along with providers of modern code security.

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.

IT admins will be busy this month patching Microsoft software and apps, but not nearly as busy as they were in January.

Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real ...

A Microsoft Outlook add-in was abandoned and taken over by hackers, who used it to collect email accounts and banking data.