:

MICROSOFT EDGE FIXES PASSWORD SECURITY FLAW

INDUSTRY DESK1 MIN READ
FRI, MAY 15, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

Microsoft is updating Edge to stop loading saved passwords into process memory in clear text at startup, reversing its previous position that the practice was intentional.

The Redmond-based tech giant announced the security fix following criticism over how Edge handled password storage. Previously, Microsoft had defended the behavior as "by design," but the company is now addressing the vulnerability. Loading passwords into memory in plain text creates a security risk, as the data could potentially be accessed by malicious actors or other processes running on a user's system. The update will change how Edge manages credentials during startup, ensuring stored passwords remain encrypted. This reversal highlights ongoing debates within the tech industry about balancing user convenience with security best practices. The fix is expected to roll out in a future Edge update, though Microsoft has not specified an exact timeline. The move comes as browser makers face increasing scrutiny over password management and data protection. Users relying on Edge's password manager will see the security improvement without requiring manual intervention.

■ SOURCES

Bleeping ComputerBleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.

1H AGOSecurity Desk

Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.

1H AGOAI Desk

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

6H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

6H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.