windows security

Microsoft published CVE-2026-47648, a Windows Storage elevation-of-privilege vulnerability, in its Security Update Guide on June 9, 2026, identifying the issue as a Windows flaw that can allow privilege escalation while assigning high confidence to the existence of the vulnerability and its...

Microsoft disclosed CVE-2026-45588 on June 9, 2026, as an Important-rated Windows Secure Boot security feature bypass affecting supported Windows client and server releases, with official fixes published for Windows 10, Windows 11, Windows Server 2012 through 2025, and related Server Core...

Microsoft disclosed CVE-2026-45634 on June 9, 2026, as an Important-rated Windows DHCP Client information disclosure vulnerability affecting supported Windows client and server releases, with official fixes issued through the June security updates and no public disclosure or exploitation...

Microsoft disclosed CVE-2026-45606 on June 9, 2026, as a denial-of-service vulnerability in the Windows UxTheme Library, uxtheme.dll, caused by an out-of-bounds read that a local authorized attacker could use to disrupt service. The score is not headline-grabbing: CVSS 5.5, “Important,” local...

CVE-2026-45640 is a Microsoft-tracked Windows Bluetooth Port Driver elevation-of-privilege vulnerability disclosed through the Microsoft Security Response Center, affecting the Windows Bluetooth stack and carrying the practical risk that an already positioned attacker could gain higher local...

Microsoft disclosed CVE-2026-45487 on June 9, 2026, as a Windows Program Compatibility Assistant Service elevation-of-privilege vulnerability, a local Windows flaw whose public advisory emphasizes confidence in the bug’s existence while withholding the kind of root-cause detail defenders and...

Anthropic launched Claude Fable 5 on June 9, 2026, making its first Mythos-class model broadly available through the Claude API while routing high-risk cybersecurity, biology, chemistry, and model-distillation requests to the less capable Claude Opus 4.8 model instead. The move is less a normal...

Microsoft disclosed CVE-2026-44821 on June 9, 2026, as an Important-rated Microsoft Office information disclosure vulnerability caused by an out-of-bounds read that can let an unauthorized local attacker expose small portions of heap memory after convincing a user to open a malicious Office...

Microsoft disclosed CVE-2026-33828 on June 9, 2026, as a critical Windows Device Health Attestation elevation-of-privilege vulnerability that can let a locally authorized attacker cross a trust boundary and gain SYSTEM privileges on affected Windows clients and servers. The oddity is not the...

Microsoft disclosed CVE-2026-40404 on June 9, 2026, as a Windows Universal Disk Format File System Driver elevation-of-privilege vulnerability affecting supported Windows systems through the UDFS component that parses and mounts UDF-formatted media and images. The dry title hides the important...

Microsoft disclosed CVE-2026-40409 on June 9, 2026, as an elevation-of-privilege vulnerability in the Windows Universal Disk Format File System Driver, the kernel component that lets Windows mount and interpret UDF-formatted optical and removable media across supported client and server...

Microsoft turned the June 9, 2026 Windows security release for hotpatch-capable Windows 11 Enterprise LTSC 2024 devices into a restart-required baseline update, replacing the expected hotpatch because CVE-2026-45585 was publicly disclosed outside normal coordinated vulnerability disclosure...

Windows 11 Pro security alerts usually come from the Windows Security app, Microsoft Defender Antivirus, SmartScreen, or Smart App Control, and they are meant to push users toward a specific next action: re-enable protection, quarantine a file, review a blocked download, or stop an untrusted app...

Microsoft’s 2011 Secure Boot certificate family begins expiring in June 2026, and the most consequential deadline is the Microsoft Corporation KEK CA 2011, whose replacement determines whether affected Windows devices can keep receiving future Secure Boot database and revocation updates. The...

:)

Gizmodo’s June 2026 “Best VPN for OnlyFans” guide names NordVPN, ExpressVPN, Private Internet Access, Proton VPN, and Surfshark as its top choices for accessing OnlyFans from restricted regions or privacy-sensitive networks. The more important story is not which subscription wins a speed test...

Microsoft’s Build 2026 Windows announcements changed the near-term job for IT and security teams: Windows is being positioned as a place where AI agents run under containment, not just a place where people use apps. The concrete news is that Microsoft introduced the early-preview Microsoft...

UNC3753, a financially motivated extortion cluster also known as Luna Moth, Chatty Spider, and Silent Ransom Group, is actively targeting U.S. legal, financial, and professional-services organizations in a campaign disclosed by Google’s Mandiant team and echoed by a recent FBI warning. The story...

Microsoft has quietly removed an April 2026 Windows Learning Center article that said most Windows 11 users do not need third-party antivirus software, replacing a blunt pro-Defender message with older, more cautious guidance that frames built-in protection as strong but not universal. The...

Ad Age’s June 5, 2026 Agency Brief covers a small but revealing cluster of advertising-industry moves: Fortnight Collective’s creative hiring, The One Club’s student challenge, and OpenAI’s widening work with independent agencies as AI becomes part of the marketing supply chain. The details are...