OpenClaw, previously known as Clawdbot and briefly as Moltbot, is a free, open‑source personal AI agent that runs locally on your computer, enabling you to automate any task a human can perform on a computer. It gained rapid popularity, accumulating 100,000 GitHub stars in record time, along with tens of thousands of forks as it went viral. OpenClaw skills pose severe security risks because they are unvetted modules that may contain hidden, malicious instructions for the agent's model. These harmful instructions could result in API key leaks, data theft, credential compromise, and system breaches due to malicious code execution. This guide covers OpenClaw skill structure, known security incidents, and step-by-step instructions for scanning agent skills with the Cisco AI Skill Scanner. The Cisco AI Skill Scanner provides comprehensive security analysis of OpenClaw agent skills before installation, detecting malware, data exfiltration, and prompt-injection vulnerabilities.

Source

Microsoft Intune's January 2026 updates deliver enhancements to endpoint management, including PowerShell script installers for Win32 apps, improved Endpoint Privilege Management, unified admin task workflows, enhanced Apple device enrollment with ACME protocol support, and critical updates to the mobile application management service. These updates streamline application deployment, strengthen security controls, and improve administrative efficiency across Windows, macOS, iOS, and Android platforms.

Source

Microsoft has introduced the Microsoft Graph User Configuration API that enables you to manage custom settings and configuration data for user mailboxes in Exchange Online. This preview API provides full CRUD (create, read, update, delete) operations for user configuration objects, allowing you to store application state, settings, and metadata associated with specific mail folders. This guide shows you how to access and use this API with PowerShell.

Source

The new admin tasks feature in Microsoft Intune aggregates high-impact IT actions, approvals, and remediation workflows into a single, prioritized queue in the Microsoft Intune admin center. This centralized feature helps you act quickly on critical decisions without navigating through multiple console areas, reducing response times while maintaining security oversight across endpoint management operations.

Source

Microsoft Purview Data Security Investigations became generally available in January, providing data security teams with AI-powered tools to identify, investigate, and mitigate sensitive data risks across Microsoft 365 environments. The solution addresses the challenge of managing 220 zettabytes of organizational data while facing over 12,000 confirmed breaches annually by streamlining investigations that previously took weeks or months into hours.

Source

Google Project Zero researcher James Forshaw discovered nine critical vulnerabilities in Windows 11's Administrator Protection feature during its preview phase in late 2025. The feature was disabled after its initial preview release in October 2025, but before the planned general availability rollout.

Source

Microsoft released Windows 11 Insider Preview Build 26300.7733 (KB5074178) and Build 26220.7752 (KB5074177), to the Dev and Beta Channels, respectively. These updates introduce native System Monitor (Sysmon) functionality, expand Voice Access support, and include several fixes for File Explorer and cloud storage integration. The releases represent cumulative quality updates for Windows 11 version 25H2 through enablement packages.

Source

Microsoft announced the general availability (GA) of centralized RDP Shortpath configuration using Intune and Group Policy (GPO). RDP Shortpath is a UDP-based direct transport protocol that establishes connections between Remote Desktop clients and session hosts, reducing latency and improving reliability for Azure Virtual Desktop and Windows 365 Cloud PCs. You can now centrally configure this feature using Group Policy and Microsoft Intune, eliminating the need for manual per-host configuration.

Source

Microsoft announced a comprehensive roadmap to phase out the legacy NTLM (New Technology LAN Manager) authentication protocol in favor of more secure Kerberos-based alternatives. The company plans to disable NTLM by default in the next major Windows Server release and associated Windows client versions, marking a significant step toward enhancing Windows security after more than three decades of NTLM usage.

Source

Microsoft will improve how Conditional Access policies are enforced in Microsoft Entra ID starting March 27, 2026. This change addresses a security loophole in which policies targeting all resources with specific exclusions could be bypassed in certain authentication scenarios. The rollout continues through June 2026 and forms part of Microsoft's Secure Future Initiative. Because these sign-ins will no longer bypass Conditional Access, users may now be required to complete MFA, meet device compliance requirements, or satisfy other configured Conditional Access controls, such as approved apps, app protection policies, or authentication strength, before accessing the resource.

Source

Microsoft announced significant changes to its Teams licensing structure, effective April 1, 2026. The updates move several advanced capabilities from Teams Premium into core Teams Enterprise licenses, expand access to Microsoft Places features, and introduce new attendee capacity options for large-scale events. These changes aim to simplify licensing and provide broader access to powerful collaboration tools across organizations.

Source

Specops Secure Access is a multi-factor authentication solution that adds a second authentication layer to Windows logon, Remote Desktop Protocol (RDP), and VPN connections in Active Directory environments. It is designed for on-premises or hybrid Active Directory environments and extends MFA to critical Windows access points without replacing Active Directory as the identity store. The solution addresses the growing vulnerability of password-based authentication and helps organizations fulfill compliance requirements for modern cybersecurity standards. It can also help organizations meet cybersecurity insurance requirements by strengthening access controls.

Source

Starting March 2026, Microsoft Entra ID will introduce passkey profiles and synced passkeys to general availability, enabling group-based authentication configurations with granular control over device-bound and synced passkeys. Microsoft will automatically enable passkey profiles for tenants that don't opt in during the initial rollout, with existing settings preserved to maintain their current security posture.

Source

Microsoft has introduced trust-based enhancements to the Teams Admin Center (TAC), designed to simplify app security and compliance management for IT administrators. These updates, known as Trust Through Certification, enable you to quickly identify trusted applications, enforce organizational standards, and streamline governance workflows through features such as "apps to consider allowing," security compliance filters, and Microsoft-certified app collections. The enhancements build on existing foundational features while adding dedicated trust indicators that consolidate security signals in a centralized dashboard. You can now evaluate apps based on industry-standard certifications without leaving the Teams Admin Center, reducing the time spent on manual reviews and cross-checking vendor documentation.

Source

Microsoft Entra Connect will enforce new security hardening measures starting March 2026 to prevent SyncJacking, a sophisticated attack technique that exploits synchronization mechanisms to hijack privileged accounts in hybrid identity environments.

Source

Microsoft is disabling hands-free WDS deployments that use unattend.xml answer files due to security concerns (CVE-2026-0386), with the feature first warning after January 2026 updates and then being turned off by default from April 2026. However, it can still be re‑enabled via a registry key, and alternative WinPE-based methods remain supported for Windows 11 deployments.

Source

Microsoft just announced the Security Baseline for Microsoft 365 Apps for enterprise version 2512 ( (v2512, December 2025) as part of the Microsoft Security Compliance Toolkit. This security configuration package aligns with Administrative Templates released in version 5516 and introduces updated policies designed to strengthen protections in Excel, PowerPoint, and core Microsoft 365 Apps components. You can deploy these Microsoft-recommended security configurations through multiple methods including Office cloud policies, Microsoft Intune, or Group Policy to reduce configuration drift and ensure consistent protection across enterprise environments.

Source

Windows 11 26H1 is a platform update designed primarily for next-generation ARM processors rather than a traditional feature-rich release. This guide briefly outlines what version 26H1 offers, how to download it, and who should install it.

Source

Microsoft released version 1.2.0 of the Microsoft Entra PowerShell module, introducing production-ready support for Agent Identity Blueprints, enhanced application configuration parameters, and modernized invitation APIs. This update consolidates Agent Identity functionality into the main module and delivers new cmdlets for automated identity management across Microsoft Entra ID environments.

Source