windows security

CVE-2026-29518 is a high-severity rsync vulnerability disclosed on May 20, 2026, affecting versions before 3.4.3, in which a daemon running without chroot protection can be raced into following attacker-controlled symlinks and writing files outside the intended module path. It is not the sort of...

Microsoft disclosed on May 26, 2026, that Defender researchers are tracking an active cryptojacking campaign using poisoned search results, AI chatbot-recommended malicious links, fake Windows utility downloads, abused ScreenConnect remote access, and Microsoft-signed .NET utilities to mine...

Microsoft is replacing the original 2011 Secure Boot certificate chain across Windows PCs and servers before certificates begin expiring in June 2026 and continue expiring into October, affecting supported Windows 10, Windows 11, and Windows Server systems that still trust those aging boot...

On 7 May 2026, the UK Information Commissioner’s Office fined South Staffordshire Plc and South Staffordshire Water Plc £963,900 after a cyber-attack exposed personal data belonging to roughly 633,887 people, including customers, employees, and some vulnerable service users. The headline number...

Microsoft has issued manual mitigation guidance for YellowKey, a publicly disclosed BitLocker bypass tracked as CVE-2026-45585, after proof-of-concept exploit code appeared online in May 2026 and before the company has shipped a full security update for affected Windows systems. The...

CISA added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 20, 2026, including five legacy Microsoft and Adobe flaws from 2008 through 2010 and two 2026 Microsoft Defender vulnerabilities, after determining that all seven have evidence of active exploitation. The...

Microsoft has published CVE-2026-45585 as a Windows BitLocker security feature bypass vulnerability, with mitigation guidance that tells administrators to mount each device’s Windows Recovery Environment image, remove an autofstx.exe entry from WinRE’s BootExecute registry value, commit the...

A Burger King order-status screen in Sheffield’s Centertainment leisure complex was photographed displaying a Windows Defender Firewall prompt on May 19, 2026, after a foreground application attempted network communication that Windows did not already trust. The gag writes itself, and The...

Microsoft’s Core isolation, introduced with the Windows 10 April 2018 Update and built into Windows 11 from launch, is the security feature many users overlook despite its role in isolating sensitive kernel-level protections through virtualization-based security on compatible PCs. That makes it...

Use Windows Defender Periodic Scanning with a Third-Party Antivirus Difficulty: Beginner | Time Required: 10 minutes Windows includes Microsoft Defender Antivirus, but many users prefer to run a third-party antivirus such as Norton, Bitdefender, Malwarebytes Premium, ESET, Avast, AVG, McAfee, or...

Windows 11 contains dozens of underused tools for customization, multitasking, security, backup, accessibility, gaming, phone integration, file management, and AI-assisted work, and a recent PCMag Australia roundup highlights 32 features that many everyday users and IT pros still overlook. The...

Enterprises are moving AI agents from pilots into production in 2026, with Databricks reporting a 327 percent surge in multi-agent systems in under four months and VentureBeat’s February tracker showing Microsoft leading orchestration-platform adoption among surveyed enterprise decision makers...

Siemens Solid Edge SE2026 versions before V226.0 Update 5 are affected by two newly disclosed PAR file parsing vulnerabilities, published by Siemens ProductCERT on May 12, corrected in title metadata on May 13, and republished by CISA on May 14, 2026. The fix is straightforward: install Update 5...

Siemens Simcenter Femap versions before V2512.0003 are affected by CVE-2025-12659, a high-severity heap-based buffer overflow in the Datakit library that can be triggered when a user opens a malicious Autodesk Inventor IPT file, according to Siemens and CISA advisories published in May 2026. The...

Microsoft released its May 2026 Patch Tuesday updates on May 12 for Windows 11, Windows Server, Microsoft Office, Azure, Dynamics 365, Edge, and related products, fixing roughly 138 reported vulnerabilities, including about 30 rated critical and no flaws Microsoft listed as publicly known or...

Microsoft’s May 2026 Patch Tuesday, released on May 12, delivered fixes for at least 118 documented vulnerabilities across Windows, Office, Azure, Dynamics, SQL Server, Edge, Teams, SharePoint, and related products, while major vendors including Apple, Google, Mozilla, and Oracle also pushed...

Microsoft disclosed CVE-2026-35436 on May 12, 2026, as an Important elevation-of-privilege vulnerability in Microsoft Office Click-to-Run that can let a low-privileged local attacker escape a contained execution environment and gain SYSTEM privileges on affected Office installations. That is the...

Microsoft disclosed CVE-2026-40403 on May 12, 2026, as a critical Windows Graphics Component remote code execution vulnerability in Win32K-GRFX, caused by a heap-based buffer overflow that could let a low-privileged authenticated attacker escape a contained local environment such as a guest...

Microsoft published CVE-2026-40369 on May 12, 2026 as part of its May Patch Tuesday release, identifying it as a Windows kernel-mode driver vulnerability rated Important with a CVSS base score of 7.8. The flaw is not, on the public evidence available today, a panic-grade Windows emergency. But...

Microsoft disclosed CVE-2026-34341 on May 12, 2026, as an Important Windows Link-Layer Discovery Protocol elevation-of-privilege flaw in which a low-privileged local attacker could exploit a double-free condition, win a race condition, and gain SYSTEM privileges on affected Windows clients and...