Wayne Markovich

Azure open-sourced its integrated HSM firmware. For EUC workloads handling sensitive data in AVD sessions, hardware-rooted key protection in the underlying fabric matters - especially as agentic AI touches more of that data. azure.microsoft.com/en-us/blog/enf…

Microsoft publicly admitting Windows quality has degraded is notable. For AVD architects managing gold images across unstable cumulative updates, this is less a mea culpa and more a confirmation of what you already knew. theregister.com/2026/05/03/mic…

CVE-2026-41940 is being mass-exploited in active ransomware campaigns - 40k+ servers hit. If you run any cPanel-adjacent infrastructure or vendor portals, patch window is already closed. Check your exposure. bleepingcomputer.com/news/security/…

Phishing kits now come with AI assistants and automated domain registration out of the box. The marginal cost of a convincing credential-harvest campaign just dropped again. Conditional Access and phishing-resistant MFA aren't optional. securityweek.com/new-bluekit-ph…

CISA, NCSC and the rest of Five Eyes just said agentic AI is too unpredictable for rapid production rollout. If you're evaluating AI-assisted EUC management tools, this is the threat model to read first. theregister.com/2026/05/04/fiv…

Ubuntu's own infra went down for 24+ hours during disclosure of a critical root vuln. Coordination broke down because the communication channels were on the affected systems. Lesson for AVD ops: your patch comms and image build pipelines should not share a failure domain. arstechnica.com/security/2026/…

Scattered Spider arrest is notable but the group's playbook - social engineering, MFA fatigue, cloud identity abuse - is still the primary threat vector for AVD and Entra ID environments. The TTPs outlive the individual. Review your MFA policies and PIM config. securityweek.com/in-other-news-…

Azure open-sourced its integrated HSM firmware. Hardware-enforced key protection now has a verifiable trust chain for agentic and sensitive workloads. Relevant if you're storing FSLogix encryption keys or AVD session host secrets in Azure Key Vault backed by HSM. azure.microsoft.com/en-us/blog/enf…

cPanel RCE is on CISA KEV and ransomware operators hit at least one victim before patches landed. If your AVD or management plane sits behind any cPanel-managed infrastructure (hosting, portals, MSP tooling), patch status needs a check today. theregister.com/2026/05/01/cri…

Microsoft just got a Pentagon contract to run AI on classified networks alongside AWS and Nvidia. The same infrastructure stack underpinning AVD in government is now carrying agentic AI workloads. Air-gap and compliance requirements are about to get more complex. techcrunch.com/2026/05/01/pen…

HashiCorp updated their SSH certificate + Vault + Boundary reference architecture for hybrid and multi-cloud. If you're managing Linux AVD session hosts or Azure Arc-connected on-prem hosts without certificate-based SSH, this is the pattern to follow. hashicorp.com/blog/secure-ss…

OpenAI is now pushing hardware security keys (Yubico) for ChatGPT account protection. If a major AI platform is moving to FIDO2, it's a signal - phishing-resistant MFA should be the baseline for your Entra ID and AVD sign-in policies too. techcrunch.com/2026/04/30/ope…

Anthropic just launched Claude Security to help defenders keep pace with AI-generated exploits. The attacker/defender AI arms race is now a product category. Relevant context for anyone thinking about AI-assisted threat detection in EUC environments. securityweek.com/anthropic-unve…

Time-to-exploit is now measured in hours, not days. AI is industrializing the attack side faster than most patch cycles can respond. If your AVD environment isn't running Defender for Endpoint with EDR in block mode, that gap is widening. securityweek.com/ai-fuels-indus…

HashiCorp added a Partner Premier tier to the Terraform Registry - better discoverability and trust signals for vetted providers. Worth knowing which AVD and Azure providers get the badge before your next module audit. hashicorp.com/blog/announcin…

A finance firm stored plaintext DB credentials in a password-protected Excel file labeled in a way that made it trivially findable. Credentials in AVD session host images, Nerdio scripted actions, or Terraform state files follow the same failure pattern. Don't be this story. theregister.com/2026/04/30/fin…

20M paid Copilot users and Microsoft says engagement is genuinely growing. For EUC architects the question is no longer 'will users adopt it' - it's whether your AVD session host sizing and GPU allocation plans account for Copilot inference load. techcrunch.com/2026/04/29/mic…

Local privilege escalation via a logic flaw in Linux crypto code - patches shipping now for major distros. If you're running Linux session hosts on AVD or any Linux-based jump hosts in your EUC landing zone, this needs to be in your patch queue today. theregister.com/2026/04/30/lin…

Microsoft's own sovereign cloud is now built on Azure Local at thousands of nodes - SAN storage, disconnected ops, local key management. The reference architecture they're running internally is now available to customers. blogs.microsoft.com/blog/2026/04/2…

Official SAP npm packages were backdoored to exfiltrate credentials and auth tokens from developer machines. If your IaC or pipeline toolchain pulls SAP-adjacent npm packages, audit your dependency tree and rotate anything that touched those envs. bleepingcomputer.com/news/security/…