Microsoft’s Secure Boot certificates issued in 2011 are approaching their expiration window in 2026. While affected devices will continue to boot and receive regular Windows updates, they will stop receiving new protections for the pre-boot environment — updates to Windows Boot Manager, Secure Boot DB/DBX revocations, and mitigations for newly discovered boot-level vulnerabilities. Many newer PCs already include the 2023
Category: Microsoft
Windows, Windows Server, Microsoft 365, Word, Excel, PowerPoint, Outlook, OneNote, Teams, SharePoint, OneDrive, Edge, Bing, SQL Server, Visual Studio, Active Directory, Dynamics 365, Power BI, Power Apps, Xbox, Game Pass, Surface, Intune, Defender, Exchange, Hyper-V, .NET, Dataverse, Microsoft Copilot, Copilot Studio, Microsoft Fabric, Power Platform, Windows 11, Windows 10, WSL, Windows Subsystem for Linux
Microsoft Patch Tuesday — April 2026: 168 Vulnerabilities Fixed, Including an Actively Exploited SharePoint Zero-Day
Microsoft’s April 2026 Patch Tuesday delivers a heavy set of fixes: 168 vulnerabilities across Windows, Office, Azure components and developer tools. The release includes one confirmed actively exploited zero-day in SharePoint Server (CVE-2026-32201) and a publicly disclosed elevation-of-privilege flaw in Microsoft Defender (CVE-2026-33825). Beyond those high-visibility issues, eight vulnerabilities are rated Critical — most of them Remote Code Execution (RCE)
Micropatches for Windows Shell Bypass (CVE-2026-21510): What 0patch Fixed and Why It Matters
Microsoft released fixes earlier this year for CVE-2026-21510, a security feature bypass in Windows Explorer that let specially crafted shortcut (LNK) files execute a remotely hosted DLL without the usual security warning. Researchers observed exploitation in the wild and uploaded a sample to malware repositories, enabling vendors and defenders to reproduce the issue and protect legacy systems that no longer
How a Flippa Purchase Turned 30+ “Essential Plugin” WordPress Plugins into Backdoor Bait
Last week I encountered a supply-chain incident that felt eerily familiar but much larger in scale. A client’s dashboard had started showing a warning from the WordPress.org Plugins Team about a plugin serving code that could permit unauthorized access. A deeper dive revealed an attacker had quietly weaponized an entire portfolio of plugins—planting a backdoor that lay dormant for months
Microsoft 365 Network Disruption Hits Exchange Online, Teams, and Core Services
A sudden network-level disruption on April 8, 2026 knocked several core Microsoft 365 services offline or degraded their performance for many users. What began as a spike in telemetry and rapid customer reports at 8:37 PM IST (3:07 PM UTC) quickly became an enterprise-wide concern as Exchange Online, Microsoft Teams, and broader Microsoft 365 functionality showed interruption. Microsoft classified the
Microsoft fixes Classic Outlook bug that blocked some email sends
Microsoft has rolled out a server-side fix for a recent Classic Outlook problem that prevented some users from sending messages through Outlook.com. The issue caused non-delivery warnings and error codes for affected accounts, and the company says the change has been in production as of April 3, 2026. What happened Some Classic Outlook users received non-delivery reports (NDRs) with error