windows security

CVE-2026-12008 is a critical Google Chrome vulnerability disclosed on June 11, 2026, fixed in Chrome 149.0.7827.114/.115 for desktop, and described as a DigitalCredentials use-after-free bug that could let an attacker escape the browser sandbox after compromising the renderer. That phrasing is...

Microsoft has spent the past 90 days patching a Surface firmware flaw that reportedly allowed some unprotected devices to be rendered unbootable by a single malformed command packet, after an Australian security researcher and The Register coordinated disclosure with Microsoft in March 2026. The...

A researcher using the name Nightmare Eclipse publicly disclosed two Windows zero-day proof-of-concept exploits in June 2026: RoguePlanet, a Microsoft Defender local privilege-escalation technique, and GreatXML, a claimed BitLocker bypass involving the Windows Recovery Environment on patched...

On June 9, 2026, Microsoft’s Patch Tuesday fixed two BitLocker security-feature bypass flaws, including the publicly disclosed “YellowKey” vulnerability, after weeks of mitigation-only guidance for Windows systems that relied on TPM-only disk encryption. The headline number was enormous, but the...

Visa announced on June 10, 2026, at its Visa Payments Forum in San Francisco that it is partnering with OpenAI to embed Visa payment infrastructure into OpenAI experiences, letting AI agents initiate purchases on users’ cards under defined permissions and security controls. The pitch is not...

Cox Business and The Advocate used National Internet Safety Month in June 2026 to promote AI literacy for older adults, citing Cox Mobile survey findings about seniors using generative AI, encountering misinformation, and worrying about online shopping scams in everyday digital life. The framing...

CVE-2026-34182 is an OpenSSL vulnerability published on June 9, 2026, in which CMS AuthEnvelopedData handling may accept forged messages because OpenSSL does not sufficiently validate cipher choices and authentication tag lengths. The MSRC link circulating with the CVE currently resolves to a...

Microsoft’s June 2026 Patch Tuesday, released on June 9, delivers 206 security updates across Windows, Office, Exchange Server, and developer tools, including three publicly disclosed Windows flaws in CTF, HTTP.sys, and BitLocker that Microsoft says are not yet known to be actively exploited...

Microsoft’s June 2026 Patch Tuesday update, released on June 9 for supported Windows PCs and Microsoft software, fixes a record-size batch of roughly 200 security vulnerabilities, including dozens rated critical and several publicly disclosed zero-day flaws that administrators should patch...

Microsoft’s June 9, 2026 Windows security updates, including KB5094126 for Windows 11 24H2 and 25H2 and KB5093998 for Windows 11 23H2, changed how File Explorer handles desktop.ini folder customizations from sources Windows does not trust. The result is not data loss, and it is not a broken...

Microsoft’s June 9, 2026 Patch Tuesday delivered fixes for more than 200 vulnerabilities across Windows, Office, Exchange, Defender, Hyper-V, and server components, led by a wormable Windows kernel TCP/IP flaw that can be exploited remotely without credentials or user interaction. The raw number...

The best antivirus software for 2026 is not a single universal product, but for most Windows users the shortlist begins with Norton, Bitdefender, Avast, ESET, McAfee, and Microsoft Defender, depending on whether the priority is paid suite features, free protection, lab scores, or...

A security researcher using the name Nightmare Eclipse released a new Windows zero-day called RoguePlanet on June 10, 2026, hours after Microsoft’s June Patch Tuesday, claiming it can make Microsoft Defender spawn a SYSTEM-level command prompt on patched Windows 10 and Windows 11 machines. The...

Microsoft says Windows security updates released on or after June 9, 2026, may stop some custom folder icons and localized folder display names from appearing because Windows now ignores desktop.ini files whose source it cannot verify as trusted. That is not a cosmetic bug in the usual Patch...

Microsoft’s June 9, 2026 Patch Tuesday release delivers cumulative Windows updates for Windows 11 25H2, 24H2, 23H2, and supported Windows 10 ESU/LTSC systems, addressing a record-sized security haul reported at 198 Windows flaws, including three publicly disclosed zero-days. It is the kind of...

Microsoft’s June 2026 Patch Tuesday, released on June 9, delivered roughly 200 fixes across Windows, Office, Visual Studio Code, Exchange, Azure components, and developer tooling, making it the largest monthly Microsoft security update on record. The size is the story, but not the whole story...

Microsoft disclosed CVE-2026-42979 on June 9, 2026, as a high-severity Windows Push Notifications elevation-of-privilege vulnerability affecting Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, and Windows Server 2025. The flaw is described as a local, authenticated attack...

Microsoft disclosed CVE-2026-42977 on June 9, 2026, as a high-severity Windows Push Notifications elevation-of-privilege vulnerability affecting supported Windows 10, Windows 11, and Windows Server releases, with Microsoft’s advisory describing a local race-condition flaw that requires an...

Microsoft disclosed CVE-2026-42978 on June 9, 2026, as an Important-rated Windows Push Notifications elevation-of-privilege vulnerability affecting supported Windows 10, Windows 11, and Windows Server releases, with patches available through the June security updates. The flaw is not a...

Microsoft published CVE-2026-42986 on June 9, 2026, as a high-severity Microsoft Graphics Component elevation-of-privilege vulnerability affecting supported Windows client and server releases, describing it as a local use-after-free flaw that requires an authorized attacker to already have low...