Today's Top Windows System Articles for 2026-05-09
Articles for the IT Professional. Each day we look at roughly 100 sites for Windows articles and bring them here.
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and univer...
BleepingComputer
May 7, 2026 - bleepingcomputer.com
Allen Institute for AI launches big computing cluster for $152M project backed by Nvidia and NSF
Ai2 says it has started using a new Nvidia-powered computing system funded through a $152 million NSF and Nvidia project to build open AI models for scientific research. The milestone comes as the Sea...
GeekWire
May 7, 2026 - geekwire.com
Sensitivity labels now in Microsoft 365 web apps
Microsoft is rolling out a long-overdue change to the browser-based versions of Word, Excel, and PowerPoint: you can now apply sensitivity labels with user-defined permissions directly in the web apps...
4sysops
May 7, 2026 - 4sysops.com
Autoruns, ProcDump, ZoomIt, DebugView, NotMyFault, ProcExp, Procmon, and Linux tools
Autoruns v14.2 This update to Autoruns, a utility for monitoring startup items, adds support for Windows packaged apps. ProcDump v12.0 This update to ProcDump, a command-line utility for generating ...
New blog articles in Microsoft Community Hub
May 7, 2026 - techcommunity.microsoft.com
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
The developer of Firefox says it has "completely bought in" on AI-assisted bug discovery.
Ars Technica - All content
May 7, 2026 - arstechnica.com
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
The developer of Firefox says it has "completely bought in" on AI-assisted bug discovery.
Ars Technica
May 7, 2026 - arstechnica.com
Firm AI for professional services: governed, agentic workflows built on Microsoft Azure
In this installment of our Partner Spotlight series, we’re highlighting partners building industry-focused AI solutions and bringing them to customers through Microsoft Marketplace. I connected with R...
New blog articles in Microsoft Community Hub
May 7, 2026 - techcommunity.microsoft.com
Canvas (Instructure) LMS seems to have been hit by ransomware
$1 submitted by /u/meatwad75892
Reddit : Sysadmin
May 7, 2026 - reddit.com
When prompts become shells: RCE vulnerabilities in AI agent frameworks
New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these vulnerabilities work, what’s impacted, and how to secure your agents. The post When ...
Microsoft Security Blog
May 7, 2026 - microsoft.com
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection ...
Apple vs. social engineering: Terminal paste trap blocked – Computerworld
May 7, 2026 - computerworld.com
Use of commands for system configuration CONSIDERED HARMFUL.
$1 submitted by /u/thomasafine
Reddit : Sysadmin
May 7, 2026 - reddit.com
Security Dashboard for AI: 3 Ways CISOs Drive Impact Today
AI is reshaping the enterprise and, with it, the threat landscape. Today's organizations face new threats with AI agents that modify configurations, execute workflows, and access data without direct h...
New blog articles in Microsoft Community Hub
May 7, 2026 - techcommunity.microsoft.com
Logitech announces two new keyboard cases for iPad
Logitech today iPad (10th generation): the Rugged Combo 4c and Rugged Combo 4c Touch. In a press release, Logitech touts that these new cases offer a “fully sealed keyboard and a versatile USB-C por...
9to5Mac
May 7, 2026 - 9to5mac.com
How Sakana trained a 7B model to orchestrate GPT, Claude and Gemini LLMs
Every LangChain pipeline your team hardcodes starts breaking the moment the query distribution shifts — and it always shifts. That bottleneck is what Sakana AI set out to eliminate.Researchers at Saka...
VentureBeat
May 7, 2026 - venturebeat.com
Public Preview: Migrate your regional virtual machines to availability zones
This new capability enables you to move your existing regional (nonzonal) VMs and VMSS Flex deployments into specific availability zones while preserving the VM names, data disks, and other stateful p...
New blog articles in Microsoft Community Hub
May 7, 2026 - techcommunity.microsoft.com
Dirty Frag - New root exploit targeting newest Linux kernel
$1 submitted by /u/Khyta
Reddit : Sysadmin
May 7, 2026 - reddit.com
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
Security biz Adversa AI argues users of AI tools need clearer warnings
www.theregister.com - Articles
May 7, 2026 - theregister.com
Samsung's Galaxy Watches Could Alert Users Before They Faint
A clinical study from Korea shows that health monitoring on the Galaxy 6 watch can effectively address problems like vasovagal syncope.
CNET
May 7, 2026 - cnet.com
Partner Blog | Unlock the cloud benefits in your partner benefits package with a streamlined activation experience
Your Microsoft partner benefits are not just resources. They are the tools that let you build capability inside your own organization first. When you use Azure credits, Copilot seats, security suites,...
New blog articles in Microsoft Community Hub
May 8, 2026 - techcommunity.microsoft.com
CVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-31717 ksmbd: validate owner of durable handle on reconnect
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
TikTok's AI Overviews Probably Thinks This Story Is a Blueberry
TikTok pulls back on its AI-generated summaries feature after it posted wildly inaccurate video descriptions.
CNET
May 8, 2026 - cnet.com
Do SOX auditors not have anyone that understands code development?
$1 submitted by /u/Ok-Raspberry4320
Reddit : Sysadmin
May 8, 2026 - reddit.com
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43195 drm/amdgpu: validate user queue size constraints
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43083 net: ioam6: fix OOB and missing lock
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-37457
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43245 ntfs: ->d_compare() must not block
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrack
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files
Information published.
MSRC Security Update Guide
May 8, 2026 - msrc.microsoft.com
Microsoft Secure Score! Ho Ho Ho!
$1 submitted by /u/Practical-Alarm1763
Reddit : Sysadmin
May 8, 2026 - reddit.com
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, af...
Krebs on Security
May 8, 2026 - krebsonsecurity.com
New Linux 'Dirty Frag' zero-day gives root on all major distros
A new Linux zero-day exploit, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. [...]
BleepingComputer
May 8, 2026 - bleepingcomputer.com
HPE drops first Juniper x Aruba collab – self-driving Wi-Fi
NetAdmins can stay in the loop while they learn to trust AI to tackle some scutwork
www.theregister.com - Articles
May 8, 2026 - theregister.com
PowerSchool Student Email
$1 submitted by /u/Imhereforthechips
Reddit : K-12 Systems Administrators
May 8, 2026 - reddit.com
AWS warns of EC2 'impairment' as power loss hits notorious US-EAST-1 region
Extra aircon found to cool overheating datacenter as users complain their resources are... nowhere
www.theregister.com - Articles
May 8, 2026 - theregister.com
The Canvas Hack Is a New Kind of Ransomware Debacle
Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters...
WIRED
May 8, 2026 - wired.com
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared ...
SecurityWeek
May 8, 2026 - securityweek.com
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to ...
SecurityWeek
May 8, 2026 - securityweek.com
Governance, not gatekeeping: How SAP brings enterprise‑grade safety to AI connectivity
Presented by SAPThe enterprise software industry has undergone a fundamental shift, and vendors are adapting their approaches to better protect the customers who rely on them. For years, every global ...
VentureBeat
May 8, 2026 - venturebeat.com
Using the Microsoft Graph PowerShell SDK to Update User Profiles
Now rolling out to Microsoft 365 tenants is the ability to update user profile cards with details of awards and certifications held by users. Usually this would be done through a Copilot connector, bu...
Office 365 for IT Pros
May 8, 2026 - office365itpros.com
Announcing Microsoft Host Integration Server 2028: Modern connectivity for IBM Mainframes Midranges
Many organizations continue to rely on IBM mainframe and midrange platforms for high-value, mission-critical workloads. At the same time, application modernization, security requirements, and hybrid c...
New blog articles in Microsoft Community Hub
May 8, 2026 - techcommunity.microsoft.com
Ransomware Group Takes Credit for Trellix Hack
RansomHouse has published several screenshots to demonstrate access to internal Trellix services. The post Ransomware Group Takes Credit for Trellix Hack appeared first on SecurityWeek.
SecurityWeek
May 8, 2026 - securityweek.com
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]
BleepingComputer
May 8, 2026 - bleepingcomputer.com
Microsoft Reports 95% Passkey Sign-In Success and 14× Faster Authentication
Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. Subscribe to YouTube Channel https://www.youtube.com/c/AnoopCNairSCCM?sub_confirmation=1 and LinkedIn page for latest updates htt...
HTMD Community Intune Windows Modern Workplace Device Management
May 8, 2026 - anoopcnair.com
If you’re looking for a modern BlackBerry-style phone, this is the one to beat
BlackBerry revivalist phones have been appearing in various forms over the last few years, but the Unihertz Titan 2 Elite is the most credible option yet. The small-scale Chinese boutique-of-sorts Uni...
Fast Company - technology
May 8, 2026 - fastcompany.com
Custom PC worked in the lab, failed on site – and so did the angry client
It's amazing what happens when you plug everything in
www.theregister.com - Articles
May 8, 2026 - theregister.com
Windows 11 could soon be faster as Microsoft tests new CPU burst feature
There can be few people who would not like their computer to run faster, and Microsoft is looking at ways to help boost the performance of Windows 11 to meet these desires. The company is working on a...
BetaNews
May 8, 2026 - betanews.com
Windows 11 can block Google Chrome's 4GB AI model from reinstalling itself on your PC — A simple Registry tweak for "Pro" users
Windows 11 now gives you the power to block Google Chrome and Microsoft Edge from automatically downloading local AI models for on-device generative AI features without explicit user consent.
Latest from Windows Central
May 8, 2026 - windowscentral.com
Global data leaks up 22% in early 2026, 259.4k Irish accounts exposed
Surfshark’s quarterly analysis of global data breaches shows that Ireland ranks as the 39th most breached country in Q1 2026, with 260 thousand leaked accounts. Globally, a total of 210.3 million acco...
Irish Tech News
May 8, 2026 - irishtechnews.ie
How to Configure App Inventory for Windows Devices in Microsoft Intune
Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. Subscribe to YouTube Channel https://www.youtube.com/c/AnoopCNairSCCM?sub_confirmation=1 and LinkedIn page for latest updates htt...
HTMD Community Intune Windows Modern Workplace Device Management
May 8, 2026 - anoopcnair.com
The ESP8266 Gets An OS, and it’s familiar
A couple weeks back we brought you news of KernelUNO, a command line shell and very simple operating system for the Arduino Uno. It’s a neat idea, so it’s hardly …read more
Blog – Hackaday
May 8, 2026 - hackaday.com
Rocket Report: Alpha Block 2 coming this summer; Falcon sets booster landing mark
"The deciding factor was what we felt like was the team’s impact to humanity."
Ars Technica - All content
May 8, 2026 - arstechnica.com
Canvas Breach: The Dangers of Over-Reliance on SaaS and the Fragility of Educational Infrastructure
Canvas Breach: The Dangers of Over-Reliance on SaaS and the Fragility of Educational Infrastructure In May 2026, the learning management platform Canvas, owned by Instructure, experienced a massive da...
TechPlanet
May 8, 2026 - techplanet.today
EntraOps v0.7.0 Released with Improved Microsoft Entra Tenant Governance and Role Visibility
Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. Subscribe to YouTube Channel https://www.youtube.com/c/AnoopCNairSCCM?sub_confirmation=1 and LinkedIn page for latest updates htt...
HTMD Community Intune Windows Modern Workplace Device Management
May 8, 2026 - anoopcnair.com
BOFH: Nothing says 'business continuity' like a dry wooden broom
No sparks, no glory
www.theregister.com - Articles
May 8, 2026 - theregister.com
Residential proxy networks are a key part of malware infrastructure
Residential proxy networks are one of the most widely used tools in the cybercriminal arsenal, but new research from Bitsight's TRACE team suggests the security community has been underestimating just...
BetaNews
May 8, 2026 - betanews.com
Hackers ate my homework: Educational SaaS Canvas down after cyberattack
ShinyHunters takes the credit and gives developer an F for security
www.theregister.com - Articles
May 8, 2026 - theregister.com
5% GPU utilization: The $401 billion AI infrastructure problem enterprises can't keep ignoring
For the last 24 months, one narrative justified every over-provisioned data center and bloated IT budget: the GPU scramble. Silicon was the new oil, and H100s traded like contraband. Reserve capacity ...
VentureBeat
May 8, 2026 - venturebeat.com
European Tech Leaders Gather in Dublin to Chart Course for Irish Presidency of the EU Council
Technology Ireland, the Ibec group representing the Irish technology sector, is hosting over 35 European Tech Trade Associations CEOs from across Europe for the DIGITALEUROPE National Trade Associatio...
Irish Tech News
May 8, 2026 - irishtechnews.ie
New Selective Response Actions Improve Safer Device Onboarding in Microsoft Defender for Endpoint
Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. Subscribe to YouTube Channel https://www.youtube.com/c/AnoopCNairSCCM?sub_confirmation=1 and LinkedIn page for latest updates htt...
HTMD Community Intune Windows Modern Workplace Device Management
May 8, 2026 - anoopcnair.com
Podman rootless containers and the Copy Fail exploit
Comments
Hacker News
May 8, 2026 - garrido.io
Apple vs. social engineering: Terminal paste trap blocked
Echoing concerns from other security experts, Orange Cyberdefense (OC) recently warned that employees have become the biggest security threat faced by business. Now, in the latest illustration of i...
Apple vs. social engineering: Terminal paste trap blocked – Computerworld
May 8, 2026 - computerworld.com
A New Chapter for Realtime AI: Reasoning, Translation, and Real-Time Transcription
Voice can be one of the most direct and productive interfaces for AI — enabling customer support agents that may resolve issues without a single keystroke, live multilingual communication that can tak...
New blog articles in Microsoft Community Hub
May 8, 2026 - techcommunity.microsoft.com
Microsoft Security Without a Rulebook: The Problem with “Require Compliant Device”
Microsoft is increasingly making security‑critical decisions on behalf of organizations and not through policy, but through defaults. The “Require compliant device or hybrid-joined device” Conditional...
Petri IT Knowledgebase
May 8, 2026 - petri.com
Slash SOC 2 Audit Prep with Azure Policy Automation
Learn how to automate SOC 2 Type II compliance on Azure using Azure Policy, Defender for Cloud, Entra PIM, and EPAC to continuously generate audit evidence.
ATA Learning
May 8, 2026 - adamtheautomator.com
This Week in Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, and Backdoored Tools
After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and a …read m...
Blog – Hackaday
May 8, 2026 - hackaday.com
Pre-Provisioning YubiKeys (Is it possible to fully automate the process?)
$1 submitted by /u/Here4TekSupport
Reddit : Sysadmin
May 8, 2026 - reddit.com
Microsoft Teams on Android to Support Third-Party Meetings with SIP Integration
Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. Subscribe to YouTube Channel https://www.youtube.com/c/AnoopCNairSCCM?sub_confirmation=1 and LinkedIn page for latest updates htt...
HTMD Community Intune Windows Modern Workplace Device Management
May 8, 2026 - anoopcnair.com
General Availability of Mailbox Import and Export Microsoft Graph APIs
As a part of our continuing march to Exchange Web Service (EWS) deprecation in Exchange Online (see Exchange Online EWS, Your Time is Almost Up | Microsoft Community Hub) - the Microsoft Graph Team an...
New blog articles in Microsoft Community Hub
May 8, 2026 - techcommunity.microsoft.com
From Observability to Action: Building an AI-Powered AIOps Agent for Customer-Specific Operations
Modern cloud operations are no longer just about collecting metrics and reacting to alerts. Customers are running increasingly complex, business-critical workloads where every environment has its own ...
New blog articles in Microsoft Community Hub
May 8, 2026 - techcommunity.microsoft.com
Meta U-turns on encryption push for Instagram as DMs go plaintext
After years of insisting end-to-end encryption was the future of online comms, Zuckcorp has handed itself full visibility into user chats once again
www.theregister.com - Articles
May 8, 2026 - theregister.com
Secure Medallion Architecture Pattern on Azure Databricks (Part II)
Disclaimer: The views in this article are my own and do not represent Microsoft or Databricks. This article is part of a series focused on deploying a secure Medallion Architecture. The series follow...
New blog articles in Microsoft Community Hub
May 8, 2026 - techcommunity.microsoft.com
Microsoft's obsessive need for feedback
$1 submitted by /u/Apprehensive-Loss316
Reddit : Sysadmin
May 8, 2026 - reddit.com
Broadcasting GPS on the Local Network to Help Geoclue Find You
Rather than having users go through the inconvenience of having to punch in their current location, an increasing number of applications and websites use location services that can pin-point the …read...
Blog – Hackaday
May 8, 2026 - hackaday.com
'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit
Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE