Security

Microsoft has released the first Windows 10 update of 2026 in the form of the KB5073724 update. The update is available for Windows 10 21H2 and 22H2 users signed up to the ESU (Extended Security Update) program.

With Windows 10 no longer receiving mainstream support, this update is nothing more than a security update – although it is no less important because of that. The list of fixes is not huge, but Windows 10 hangers on should install it nonetheless.

Google has started the process of rolling out the first update of 2026 for its range of Pixel devices. There are a large number of bug fixes within this update as well as the usual raft of monthly security patches.

The rollout is taking place on a global scale over the course of the coming weeks. Among the problems this update addresses is an issue that causes battery drain, and another related to flickering AOD.

If you were concerned about your Instagram account over the weekend, you were certainly not alone. Many Instagram users received an email telling them that they needed to reset their account password, and this was quickly linked to a data breach from 2024 affecting 17.5 million accounts.

While the emails about resetting passwords really did come from Instagram, there was in fact no danger, and no need to boost account security. So far, so unclear. So, what is going on?

A hacking group claiming to have breached the defenses of Resecurity and gained access to internal data was actually fooled by a honeypot stuffed with synthetic data, says the security firm at the center of the story.

Dating back a few weeks, the data breach was originally thought to have been the work of the notorious ShinyHunters group. It is now clear that this group was not involved, and that no real data was accessed.

If you have use BitLocker to secure files within Windows 11, you will almost certainly have noticed something of a performance hit. Microsoft is not unaware of this, and is taking steps to help improve things.

The company is rolling out hardware-accelerated BitLocker, which should help to provide a speed boost on systems with NVMe drives. The new approach helps to avoid bottlenecks which can massively impact on performance.

Back in September, US software firm Red Hat suffered a security breach. The incident was not acknowledged until October, but even now the full impact of the breach is unfolding.

Japanese car maker Nissan has just confirmed that it was indirectly affected by the Red Hat security breach. As a result of this, detailed contact information for thousands of customers were accessed by hackers.

Ever mindful of security, the US has announced a ban on new foreign-made drones and components key to their manufacture. The Federal Communication Commission’s public notice says that uncrewed aircraft systems (UAS) “pose an unacceptable risk to the national security of the United States or the security and safety of United States persons”.

The ban only applies to new devices and components, so anything which has already made its way into the US is unaffected. In implementing a blanket ban on all foreign-produced drones, there has been no need to publish a list of affected models.

Following a period of instability over the last few days, SoundCloud has confirmed a data breach by “a purported threat actor group”. The streaming service says that it “detected unauthorized activity in an ancillary service dashboard” and that an investigation found that “certain limited data that we hold” had been accessed.

SoundCloud says that while around 20 percent of users’ data was involved, “the data involved consisted only of email addresses and information already visible on public […] profiles”.

Google has suddenly – and quietly – announced that its dark web report is to be discontinued. Designed to scan the dark web for leaked personal data, Google has decided that the tool is no longer needed.

There is not long to go until the tool shut down. In just a month’s time, there will be no more scanning of the dark web for data; one month after this, the dark web report will disappear entirely. Here’s what you need to know.

Microsoft is just one of many technology firms that have a bounty program that offers financial rewards for anyone who discovers security flaws in its products and services. The company has just announced a huge expansion of the scheme so it even covers problems found in third party code.

Vice President of Engineering at Microsoft Security Response Center, Tom Gallagher, announced the broadened scope at Black Hat Europe. He stressed that “keeping our customers secure is our top priority”.

Firewalla has announced Firewalla Orange, a portable multi-gigabit firewall and WiFi 7 router built to bring Zero Trust protection to networks in homes, offices, and travel setups. It’s the latest product in the company’s range of cybersecurity devices that includes Firewalla Purple and Firewalla Gold SE.

The new product delivers an advanced security stack that includes intrusion prevention, VqLAN microsegmentation, device isolation, GEO-IP filtering, VLAN support, and Active Protect rules that shut down threats in real time. It’s rated for more than 2Gbps of packet processing, so can support cloud services, smart home devices, and remote work activity.

Microsoft has addressed a security flaw in Windows that has been exploited since at least 2017. The company has not made an official announcement about the fix, but it was spotted by 0patch.

The flaw is known as the Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability and has been tracked as CVE-2025-9491. The fix was included in the November batch of updates for Windows.

Tor (The Onion Router) is switching its encryption algorithm to help boost security and privacy. The change is being introduced to protect users against certain types of attack, and sees the browser adopting a new “research-backed new design” called Counter Galois Onion.

The algorithm that is being updated is the one used to encrypt user data as it travel across a circuit via multiple relays. In making the switch, Tor concedes that its previous encryption design “looks funny”, hence the need to replace it.

Wyze has announced the Wyze Window Cam, a compact camera designed to give users exterior-style security from inside their homes. The camera mounts directly to a window and uses a wide aperture lens and sensors to deliver clear, bright color footage even in low light.

The Window Cam can be used to monitor driveways, gardens or front or back-facing areas. It attaches to the interior side of a window using nylon fastener strips, avoiding the need for tools or permanent fixtures. Wyze bundles a long power cable and clips for any necessary routing.

Windows 11 power users will be pleased to learn that Microsoft is planning to bring the Sysmon (System Monitor) tool to Windows as a native utility. Usually part of the Sysinternals suite of utilities, Sysmon will be integrated into not only Windows 11, but also Windows Server 2025 starting next year.

The announcement was made not by Microsoft, but by Sysinternals creator Mark Russinovich. He says that by integrating the Sysmon utility into Windows, administrators will simplify deployment and bring additional functionality.