Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft Entra passkeys on Windows add phishing-resistant sign-in in public preview

Security Tool/Service
First reported
Last updated
Happening score
H score 26
1 unique sources, 2 articles

Summary

Hide ▲

Microsoft Entra is adding passkey support on Windows devices, bringing phishing-resistant passwordless authentication via Windows Hello. The rollout reaches public preview for worldwide tenants from mid-March through late April 2026, with GCC/GCC High/DoD environments following in mid-April through mid-May. The change extends passwordless sign-in to unmanaged Windows devices, reducing reliance on passwords and limiting phishing and malware-based credential theft.

Related Happenings

Microsoft extends Windows 10 ESU consumer coverage through October 2027

Security Tool/Service
H score11 First: 25.06.2026 21:29 Last: 25.06.2026 21:29 Sources 1

About this happening: **Microsoft** quietly extended the **Windows 10 Extended Security Updates (ESU)** program for **personal devices** by **one additional year**, keeping critical security update cov...

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
H score28 First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
H score10 First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
H score7 First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that affects the **Windows Recovery Environment (WinRE)** path and can expose **BitL...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Microsoft May 2026 Patch Tuesday release

Security Patch Release
H score44 First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Latest development: 01.06.2026 15:30

Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.

Timeline

  1. 10.03.2026 17:27 3 articles · 4mo ago

    Microsoft announces Entra passkeys for Windows public preview

    Initial Disclosure

    Microsoft announced passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless sign-in via Windows Hello. The opt-in update will enter public preview for worldwide tenants from mid-March through late April 2026, with GCC, GCC High, and DoD environments following from mid-April through mid-May 2026. The feature extends passwordless authentication to unmanaged Windows devices and uses device-bound passkeys stored in the Windows Hello container with face, fingerprint, or PIN sign-in methods.

    Show sources