windows security

CVE-2026-7360 is a high-severity Chromium compositing flaw fixed in Google Chrome 147.0.7727.137/138 on April 28, 2026, affecting desktop Chrome before 147.0.7727.138 and allowing an attacker who already compromised the renderer process to bypass site isolation using a crafted HTML page. The...

Microsoft confirmed in late April 2026 that new Windows security warnings for Remote Desktop .rdp files can render incorrectly on supported Windows 11, Windows 10, and Windows Server systems when multi-monitor setups use different display scaling values. The bug is narrow, almost comically...

CVE-2026-34591 is a reminder that the most dangerous software supply chain bugs are not always found in operating systems, browsers, or cloud control planes. This newly disclosed Poetry wheel path traversal vulnerability affects a widely used Python dependency and packaging tool, allowing a...

CVE-2026-23360 is not the sort of Linux kernel flaw that produces dramatic headlines, but it is exactly the kind of storage-layer regression that enterprise administrators ignore at their peril. The issue, now tracked through Microsoft’s security update ecosystem as well as Linux vulnerability...

CVE-2026-31622 is not a noisy internet-facing vulnerability, but it is exactly the kind of low-level kernel flaw that deserves attention from Windows, Linux, and mixed-fleet administrators alike. The issue sits in the Linux kernel NFC digital stack, where a malicious NFC peer can reportedly...

Windows RPC has long been one of the most security-sensitive subsystems in the operating system, but the newly disclosed PhantomRPC research suggests that the real risk is not just in individual bugs, but in the way Windows lets unrelated processes reach for the same privileged RPC endpoints. In...

Windows 11 users are getting a clearer warning system for one of the platform’s most important security foundations, and that matters far beyond a simple UI tweak. Microsoft is now surfacing Secure Boot certificate status directly in the Windows Security app, giving people a fast answer to a...

Microsoft’s latest guidance on Windows 11 security settles a question that has lingered for years: for most people, Microsoft Defender is enough. In a new Microsoft Windows article published in April 2026, the company says Windows 11 includes built-in antivirus protection that is active by...

Microsoft’s latest Windows 11 security guidance settles a question that has lingered for years: for many users, Microsoft Defender Antivirus is enough. In a new Microsoft article, the company says Windows 11 includes built-in antivirus protection that is active by default, continuously updated...

The latest Windows 11 April update is doing something quietly important: it now tells you whether your PC has received Microsoft’s newer Secure Boot 2023 certificates. That matters because the older certificates issued in 2011 begin expiring in June 2026, and Microsoft has been working to move...

Microsoft’s latest guidance on Windows 11 security is simple, but it lands in a noisy market: for most people, Microsoft Defender Antivirus is enough, and third-party antivirus is no longer a default necessity. That does not mean every PC owner should uninstall their security suite tomorrow, but...

Microsoft’s latest Windows 11 security guidance makes a long-running debate much simpler: for most people, a third-party antivirus is no longer necessary. The company now says the built-in protection stack in Windows 11 is designed to run by default, update automatically, and handle the everyday...

Starting in April 2026, Microsoft is doing something Windows users have not seen before: surfacing Secure Boot certificate status directly inside the Windows Security app. That matters because the company’s original Secure Boot certificates, issued in 2011, are now approaching expiration in June...

Microsoft’s latest Windows security rollout marks a notable shift not because Windows Update is new, but because the company is changing how it manages one of the platform’s most sensitive trust layers: Secure Boot. Beginning in April 2026, Microsoft started surfacing certificate status in the...

Choosing the right antivirus for a Windows PC in 2026 is less about chasing the loudest brand and more about matching the protection model to how you actually use your machine. Microsoft Defender has become a serious baseline option for many users, with real-time protection built into Windows...

Microsoft is quietly making one of the most consequential Windows security shifts in years, and the timing could hardly be more important. As April 2026 Patch Tuesday lands with multiple critical fixes and at least one actively exploited zero-day, Microsoft is also beginning the long-awaited...

Microsoft’s CVE-2026-32073 is the kind of Windows security advisory that makes defenders stop and re-evaluate their patch queue: it is a local elevation-of-privilege flaw in the Windows Ancillary Function Driver for WinSock, better known as AFD.sys, and it is already being tracked as a...

A successful attack against CVE-2026-40385 is not described by Microsoft as something an attacker can just fire off at will; instead, it depends on conditions outside the attacker’s control, such as knowledge of the environment, preparation to improve reliability, or, in some cases, positioning...

CVE-2026-31789 is the kind of Microsoft vulnerability that immediately grabs attention because it combines two words security teams hate seeing together: heap buffer overflow. The flaw sits in hexadecimal conversion, a routine that sounds mundane but often lives close to parsing, formatting, and...

Microsoft’s April Windows update does more than patch vulnerabilities: it now gives users a clearer readout on whether Secure Boot is actually protected by the newer certificate set that Microsoft is rolling out ahead of the June 2026 expiration deadline. That matters because Secure Boot is one...