Idle Security
The latest Idle Security coverage — news, analysis, and updates from the WindowsNews.AI desk.
Why Windows 11 Keeps the Screen Saver—and What That Reveals About Its Wobbly Idle Experience
Windows 11 still includes screen savers even though CRT burn-in is a distant memory, revealing lingering gaps in Windows’ idle handling. The feature persists as a legacy lock mechanism, but its awkward coexistence with Modern Standby and display timeout settings confuses users and leaves OLED panels poorly protected. Microsoft’s reluctance to modernize or remove screen savers highlights deeper challenges in unifying power, security, and display management.
Windows 11 KB5094126 Breaks OLE/COM Automation, Crippling Office-Linked Business Apps
The June 9, 2026 Windows 11 update KB5094126 breaks OLE/COM automation, causing third-party business applications that control Microsoft Office to fail with errors. Organizations relying on automated Office document generation or manipulation are significantly disrupted, with no official fix yet from Microsoft.
iOS 26.6 Beta 2 Debuts New Blocked Contact Controls and iPhone Anti-Theft Intelligence
iOS 26.6 beta 2, released to developers on June 15 and public beta testers on June 16, introduces a unified blocked contacts manager and the first visible components of an on-device anti-theft engine code-named Sentinel. The update signals Apple’s intent to deliver meaningful security enhancements outside the annual release cycle, with significant implications for enterprise device management and ongoing convergence with Windows security philosophies.
Font-Based Zero-Days Under Active Attack: Microsoft Warns of Preview Pane RCE Risk
In late March 2020, Microsoft disclosed two actively exploited zero-day vulnerabilities in the Adobe Type Manager Library that could allow remote code execution simply by previewing a malicious font file. The company issued workarounds as a stopgap until the April Patch Tuesday fixes arrived, highlighting the persistent danger of font parsing flaws.
Windows 11 June 2026 Updates Block Office OLE Automation for Third-Party Apps, Microsoft Confirms
Microsoft confirmed on June 16, 2026, that Windows 11 updates KB5094126 and KB5093998, released June 9, break OLE Automation for third-party apps trying to launch Microsoft Office. This regression halts enterprise workflows that rely on programmatic Office control, with no official fix yet available beyond uninstalling the updates.
Android 17 Arrives With Floating Bubbles, Foldable Gaming Mode, and Deeper Windows Integration
Android 17, rolled out on June 16, 2026, introduces floating app bubbles, a foldable gaming mode that splits the screen, and robust new security rules. The update features deep Windows integration, including support for native Android windows on Windows 11/12, cross-device clipboard sync, and enhanced phone-to-PC gaming, making it a significant release for Windows enthusiasts.
Android 17 Hits Pixel with Floating Bubbles, Anti-Theft Shields, and Foldable Gaming Upgrades
Android 17 began rolling out to Pixel devices on June 16, 2026, with standout features including floating app bubbles, screen-reaction recording, hardened theft protections, enhanced privacy controls, and foldable gaming optimizations. The update also deepens on-device Gemini AI integration and sets the stage for tighter cross-device experiences with Windows.
FBI Warns of Kali365 Phishing Platform Stealing Microsoft 365 Credentials via Device Code Trick
The FBI warns of Kali365, a phishing-as-a-service platform that abuses Microsoft 365 OAuth device-code authentication to steal session tokens and bypass MFA. This article explains how the attack works, details the FBI's recommendations, and provides actionable defense steps for administrators and users.
GhostTree Attack Exploits NTFS Junctions to Blind EDR: Why Patching Windows and Enabling RedirectionGuard Are Non-Negotiable
The GhostTree attack technique exploits how NTFS junction points are resolved to bypass EDR systems, even with recursive scanning enabled. Microsoft recommends patching Windows, enabling the RedirectionGuard feature, and verifying that your EDR properly handles reparse points. This article explains the mechanics, provides actionable mitigation steps, and clarifies why EDR alone is insufficient.
Microsoft and Oracle Abandon Cloud Infrastructure Talks in June 2026 Over Unresolvable Security Hurdles
Microsoft and Oracle have reportedly abandoned negotiations over a cloud infrastructure leasing deal in June 2026, sources say. The proposed arrangement was halted due to irreconcilable security and compliance conflicts, ranging from hypervisor trust to data sovereignty. The breakdown preserves the existing Oracle Database@Azure service but dashes hopes for deeper integration, forcing enterprises to continue managing separate cloud environments.
CISA Orders Federal Agencies to Patch Actively Exploited Joomla JCE Vulnerability by July 7
CISA has added CVE-2026-48907, an actively exploited improper access control vulnerability in the Joomla JCE Widget Factory, to its Known Exploited Vulnerabilities catalog. Federal agencies must patch by July 7, 2026, and all Joomla site owners—especially those on Windows—should update immediately to prevent unauthorized access and potential server compromise.
Microsoft's Defender Hit by 'RoguePlanet' Zero-Day: Privilege Escalation Risk Before Patch
Microsoft published CVE-2026-50656, dubbed 'RoguePlanet,' an Important elevation-of-privilege vulnerability in the Microsoft Malware Protection Engine used by Defender. The zero-day allows local attackers to gain SYSTEM privileges, with no patch yet available. Organizations should enable cloud-delivered protection, enforce attack surface reduction rules, and monitor for anomalous engine behavior while awaiting Microsoft's fix.
Microsoft Unleashes Low Latency Mode on Windows 11 with June 2026 Patch Tuesday Update
Microsoft’s June 2026 cumulative update KB5094126 extends the Low Latency Profile power scheme to all Windows 11 editions, boosting build numbers to 26100.8655 (24H2) and 26200.8655 (25H2). The feature reduces input lag by keeping the CPU more alert, benefiting gamers, creators, and everyday users, though at the cost of higher power consumption.