Insights

6/5/2026

Attackers are abusing Microsoft Phone Link on compromised Windows PCs to access synced SMS messages, including one-time codes used for MFA. The risk is not Phone Link itself, but that it can give attackers another path to sensitive phone data once a device is breached. Organisations should review whether Phone Link is needed on work devices, disable it where it is not required, and move away from SMS-based MFA where possible.

1/5/2026

Windows Central reports that Windows K2 is Microsoft’s internal initiative to rebuild trust in Windows 11 by focusing on performance, reliability, UI quality, and community feedback. It is not a single Windows release, but an ongoing effort to fix common complaints such as bloat, slower performance, inconsistent UI, ads, and over-pushed AI features. Key changes include faster File Explorer and Start menu performance, fewer default distractions, better update reliability, and a stronger focus on quality before shipping new features.

1/5/2026

Microsoft has launched Microsoft 365 E7 and Agent 365, bringing together productivity, Copilot, security, identity, governance, and AI agent management into one enterprise suite. The goal is to help organisations move from testing AI to scaling it securely across the business. For IT Partners, this creates a strong opportunity to support clients with AI readiness, governance, security, licensing, and practical rollout planning.

25/3/2026

Microsoft Entra Backup and Recovery is a new built-in, tamper-protected recovery capability designed to improve identity resilience by giving organisations a practical way to roll back damaging tenant changes such as broken Conditional Access policies, compromised group memberships, or bad HR sync updates; in public preview as of March 2026, it automatically takes daily backups with five-day retention, provides Difference Reports to show exactly what changed between snapshots, and allows targeted recovery of specific objects or attributes, with the main takeaway being that this is less about service uptime and more about quickly restoring a known-good identity configuration after mistakes or attacks.

23/3/2026

NIST has updated its DNS security guidance for the first time since 2013, with a strong focus on using DNS as an active security control through protective DNS, encrypted DNS, modern DNSSEC practices, and better DNS infrastructure design; in practical terms, the update pushes organisations to treat DNS as a key enforcement and monitoring layer by blocking malicious domains, integrating DNS logs with SIEM, controlling unauthorised DoH/DoT traffic, preferring newer DNSSEC algorithms, and tightening server hygiene and architecture to reduce hijacking and resilience risks.

18/3/2026

This article warns that “shadow AI” in SaaS apps is increasing breach risk because AI features are often enabled without proper oversight, while still holding deep access to other business systems through integrations and OAuth tokens, meaning one compromised app can lead to a much wider data breach; its main message is that organisations need better visibility and stronger governance over AI-enabled SaaS tools.

27/2/2025

Researchers have disclosed AirSnitch, a new Wi-Fi attack that can bypass the protection people expect from WPA2/WPA3 and client isolation. It does not crack Wi-Fi encryption directly; instead, it abuses weaknesses in how Wi-Fi networks handle clients at lower network layers, which can let an attacker on the same network carry out machine-in-the-middle attacks, intercept traffic, and potentially tamper with unencrypted data. The risk applies across home, office, and enterprise environments, especially where defenders assume client isolation is enough on its own.

25/2/2026

Researchers found multiple Claude Code flaws that could let attackers run commands on a developer’s machine or steal Anthropic API keys simply by getting them to open a malicious repository. The issues involved unsafe handling of project hooks, MCP server settings, and environment variables, and Anthropic has already released fixes across affected versions. The broader takeaway is that with AI coding tools, even opening an untrusted project can now create real security risk.

9/2/2026

Microsoft is investigating an Exchange Online issue that is wrongly marking some legitimate emails as phishing and sending them to quarantine. The problem started on 5 February 2026 and was linked to a new URL detection rule that incorrectly classified some safe links as malicious. Microsoft has been working to release affected emails and unblock legitimate URLs.