RSA has extended its passwordless authentication capabilities to Linux environments to address security gaps in enterprise infrastructure. This update allows Linux servers and workstations to utilize the same phishing-resistant, FIDO-based standards previously available for other operating systems. The expansion aims to eliminate reliance on legacy credential-based access for developers and system administrators working in high-assurance sectors.

Source

Palo Alto Networks has upgraded the severity of a vulnerability in its PAN-OS software following reports of active exploitation in the wild. The flaw, tracked as CVE-2026-0257, allows attackers to bypass security restrictions and establish unauthorized VPN connections to corporate networks. While initially rated as medium severity, the discovery of successful attacks has prompted a reclassification to high urgency.

Source

Microsoft has resolved a service disruption that prevented users from configuring multi-factor authentication or accessing the My Sign-Ins portal. The incident was tracked in the Microsoft 365 admin center under the identifier MO1329260. Affected users encountered 504 Gateway Timeout errors when attempting to manage their security credentials or sign-in preferences.

Source

Microsoft is updating the Self-Service Password Reset process in Entra ID to require explicitly registered authentication methods. Currently, the system can use contact details stored in directory attributes, such as phone numbers or alternative email addresses, even if they were not formally configured for security. This transition is part of the Secure Future Initiative and aims to ensure that identity verification relies solely on trusted, user-validated methods.

Source