Security
* Key Takeaways: * Microsoft released out-of-band patches for an actively exploited Microsoft Office zero-day, CVE-2026-21509. * The vulnerability is a security feature bypass and is being actively exploited in the wild. * Microsoft has issued emergency updates; users and IT teams should apply the patch immediately and follow official guidance. What Microsoft announced
Security
* Key Takeaways: * iOS 26.3 introduces a new "limit precise location" setting to reduce location data accessible to mobile networks. * Mobile networks typically infer device location from the cellular towers a device connects to; the setting restricts some of that data. * The change is intended to strengthen user
Security
* Key Takeaways: * Microsoft has opened an investigation after some Windows 11 machines failed to start following January security updates. * Affected devices are reported to be unable to boot; Microsoft is working to identify root cause and provide fixes or rollbacks. * Users should avoid forced reinstalls, try recovery options (Safe Mode,
Security
* Key Takeaways: * CISA has confirmed active exploitation of four separate vulnerabilities affecting enterprise products and developer tooling. * Affected projects include enterprise software from Versa and Zimbra, plus the Vite frontend framework and the Prettier code formatter. * Organizations should immediately consult vendor advisories, apply available patches, update developer dependencies, and monitor
Security
* Auto-forwarding in Gmail can let attackers siphon your email without signs. * Check Gmail Settings > Forwarding and POP/IMAP and remove unknown addresses immediately. * Also review Filters, connected apps, change your password, and enable 2-Step Verification. What to disable — and why it matters Auto-forwarding routes incoming messages to another email
Security
* Five malicious Chrome extensions on the Chrome Web Store targeted enterprise HR and ERP platforms. * Attack methods included __session cookie exfiltration, blocking security admin pages, and bidirectional cookie injection for session hijack. * The campaign hit Workday, NetSuite and SAP SuccessFactors; the extensions had >2,300 installs and were reported
Security
Key Takeaways: * KB5074109 patches 114 security vulnerabilities and improves NPU-related battery life. * New usability features arrive: File Explorer "Recommended" section, expanded QR sharing, and Start menu tweaks. * Critical bugs reported: Azure Virtual Desktop authentication failures (0x8008005), gaming FPS drops on NVIDIA GPUs, and USB FAT32 formatting errors. * If
Security
* Key Takeaway: A vulnerability called WhisperPair affects 17 Bluetooth audio accessories certified with Google Fast Pair. * Key Takeaway: Flaw lets an attacker within Bluetooth range pair to devices, potentially enabling microphone access, audio injection and location tracking. * Key Takeaway: Affected brands include Sony, Jabra, JBL, Marshall, Xiaomi, Nothing, OnePlus, Soundcore,
Security
* Key Takeaways: * WhisperPair is a Fast Pair vulnerability that can let attackers hijack Bluetooth audio devices to play audio, track location, or access microphones. * KU Leuven researchers say more than a dozen models from 10 manufacturers (including Google, Sony, Nothing, JBL, OnePlus) are affected. * The median takeover time is about
Security
* Key Takeaways: * Researchers at KU Leuven found vulnerabilities in 17 Fast Pair-compatible audio models that let attackers silently pair and hijack devices. * Exploits can enable eavesdropping, audio injection, and, for some models, high-resolution tracking via Google’s Find Hub. * Google and several vendors have released firmware updates, but many users
Security
* Key Takeaways: * Microsoft fixed a DWM information-disclosure zero-day (CVE-2026-20805) on Patch Tuesday, Jan. 13, 2026. * The bug allows low-privilege local attackers to leak user-mode memory via remote ALPC ports; MSTIC/MSRC confirmed exploitation in the wild. * CVSS v3.1 score 5.5 (Important); not remotely exploitable, but easy to trigger
Security
• Microsoft released its January 2026 Patch Tuesday fixing 114 Windows vulnerabilities. • One issue, CVE-2026-20805 in Desktop Window Manager (DWM), is confirmed exploited in the wild and added to CISA’s KEV catalog. • The bundle includes eight Critical and 106 Important fixes, with priority items in VBS Enclave and Secure Boot