Microsoft finally kills off RC4 encryption cipher blamed for multiple cyberattacks

By mid-2026, Windows domain controllers will default to allowing only AES-SHA1, with RC4 disabled unless administrators explicitly re-enable it. Microsoft says eliminating RC4 proved complicated due ...
Ars Technica

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form ...