TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Microsoft's March 2026 Patch Tuesday addresses 83 CVEs, including a critical Excel vulnerability (CVE-2026-26144) that weaponizes Copilot Agent for zero-click data exfiltration. The XSS flaw requires no user interaction and can silently steal financial and corporate data via unintended network egress. Mitigations include patching promptly, restricting outbound Office network traffic, and disabling Copilot Agent until fixed. Two other critical Office RCE bugs (CVE-2026-26110 and CVE-2026-26113) can be triggered via the Preview Pane without opening a file. Two publicly known but unexploited CVEs cover .NET denial-of-service and SQL Server privilege escalation.

Critical Microsoft Excel bug weaponizes Copilot Agent