Security
* Key Takeaways: * Microsoft has opened an investigation after some Windows 11 machines failed to start following January security updates. * Affected devices are reported to be unable to boot; Microsoft is working to identify root cause and provide fixes or rollbacks. * Users should avoid forced reinstalls, try recovery options (Safe Mode,
Security
* Key Takeaways: * CISA has confirmed active exploitation of four separate vulnerabilities affecting enterprise products and developer tooling. * Affected projects include enterprise software from Versa and Zimbra, plus the Vite frontend framework and the Prettier code formatter. * Organizations should immediately consult vendor advisories, apply available patches, update developer dependencies, and monitor
Security
* Auto-forwarding in Gmail can let attackers siphon your email without signs. * Check Gmail Settings > Forwarding and POP/IMAP and remove unknown addresses immediately. * Also review Filters, connected apps, change your password, and enable 2-Step Verification. What to disable — and why it matters Auto-forwarding routes incoming messages to another email
Security
* Five malicious Chrome extensions on the Chrome Web Store targeted enterprise HR and ERP platforms. * Attack methods included __session cookie exfiltration, blocking security admin pages, and bidirectional cookie injection for session hijack. * The campaign hit Workday, NetSuite and SAP SuccessFactors; the extensions had >2,300 installs and were reported
Security
Key Takeaways: * KB5074109 patches 114 security vulnerabilities and improves NPU-related battery life. * New usability features arrive: File Explorer "Recommended" section, expanded QR sharing, and Start menu tweaks. * Critical bugs reported: Azure Virtual Desktop authentication failures (0x8008005), gaming FPS drops on NVIDIA GPUs, and USB FAT32 formatting errors. * If
Security
* Key Takeaway: A vulnerability called WhisperPair affects 17 Bluetooth audio accessories certified with Google Fast Pair. * Key Takeaway: Flaw lets an attacker within Bluetooth range pair to devices, potentially enabling microphone access, audio injection and location tracking. * Key Takeaway: Affected brands include Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore,
Security
* Key Takeaways: * WhisperPair is a Fast Pair vulnerability that can let attackers hijack Bluetooth audio devices to play audio, track location, or access microphones. * KU Leuven researchers say more than a dozen models from 10 manufacturers (including Google, Sony, Nothing, JBL, OnePlus) are affected. * The median takeover time is about
Security
* Key Takeaways: * Researchers at KU Leuven found vulnerabilities in 17 Fast Pair-compatible audio models that let attackers silently pair and hijack devices. * Exploits can enable eavesdropping, audio injection, and, for some models, high-resolution tracking via Google’s Find Hub. * Google and several vendors have released firmware updates, but many users
Security
* Key Takeaways: * Microsoft fixed a DWM information-disclosure zero-day (CVE-2026-20805) on Patch Tuesday, Jan. 13, 2026. * The bug allows low-privilege local attackers to leak user-mode memory via remote ALPC ports; MSTIC/MSRC confirmed exploitation in the wild. * CVSS v3.1 score 5.5 (Important); not remotely exploitable, but easy to trigger
Security
• Microsoft released its January 2026 Patch Tuesday fixing 114 Windows vulnerabilities. • One issue, CVE-2026-20805 in Desktop Window Manager (DWM), is confirmed exploited in the wild and added to CISA’s KEV catalog. • The bundle includes eight Critical and 106 Important fixes, with priority items in VBS Enclave and Secure Boot
Security
* Key takeaways: * Microsoft patched CVE-2026-20805, an ALPC info-disclosure zero-day discovered by its threat-intel team. * CISA added the flaw to its Known Exploited Vulnerabilities catalog; federal agencies must patch by Feb 3. * The flaw leaks a memory address (undermining ASLR) and has been observed in active attacks; patching is the primary
Security
* Key takeaways: * Zoicware released Remove Windows AI, a PowerShell script that removes or disables Windows 11 AI components like Copilot, Recall and Windows Studio Effects. * The script is actively maintained on GitHub; users are encouraged to review code, report missing components, and back up the system before running it. * Running