Cve 2026 52910
The latest Cve 2026 52910 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Adds a Surprise Year to Windows 10 Security Updates, but Home Users Face a Catch
Microsoft has extended Windows 10 consumer Extended Security Updates through October 2027, adding a second $30 year for Home and Pro users. The move grants millions of PCs continued critical patches but raises concerns over patch quality, mandatory Microsoft Account sign-in, and Microsoft's Windows 11 migration push. Enterprises face a separate, pricier ESU scheme, while all users must weigh short-term cost savings against the eventual forced hardware refresh.
Critical Request Smuggling Flaw in nghttpx Proxy Enables HTTP Desync Attacks
A medium-severity vulnerability (CVE-2026-58055) in the nghttpx proxy allows HTTP request smuggling via Upgrade and Content-Length desync, potentially enabling cache poisoning, ACL bypass, and session hijacking. The flaw affects versions through 1.69.0 and was patched in version 1.69.1 on June 27, 2026. All users should update immediately or apply header-stripping workarounds while hardening backend servers against traffic parsing abuse.
Linux Kernel’s CVE-2026-52910 Patches Dangerous Race Condition in BPF Reuseport Cleanup
CVE-2026-52910 is a race condition in the Linux kernel’s cBPF reuseport cleanup that could allow use-after-free exploits. The fix implements safe RCU-based freeing to protect against concurrent readers. Administrators should apply updates immediately, especially on systems using SO_REUSEPORT with custom BPF programs.
Microsoft Flags Recycle Bin Bug in June 2026 Update: $Rxxxxx File Names Exposed in Delete Dialog
Microsoft has confirmed that June 2026 security updates cause the Recycle Bin permanent-delete prompt to show internal $Rxxxxx file names instead of the original names. The display bug affects Windows 11 and Windows 10 and can be mitigated with several workarounds. An official fix is expected in late July 2026 and will be broadly deployed in August Patch Tuesday updates.
Windows 10's Final Reprieve: Microsoft Extends Consumer Security Updates to October 2027
Microsoft has quietly extended the Windows 10 consumer Extended Security Updates program to October 12, 2027, adding a second year of critical security patches for enrolled users. The move offers a lifeline for those unable or unwilling to upgrade to Windows 11, though pricing for the second year remains unannounced. It reflects both the slow adoption of Windows 11 and the large Windows 10 install base still in active use.
Hy-Vee Shuts India Engineering Hub, 150 Laid Off via 9 P.M. Microsoft Teams Call
About 150 Hy-Vee engineers in India were laid off during a 9 p.m. Microsoft Teams call and the company's India engineering center was reportedly shut down. The news, shared on a Windows forum, highlights the cold efficiency of digital layoffs and adds to growing concerns about job security in global capability centers.
Windows 11 KB5095093 Preview Puts Shared Audio on Pilot, but Universal Rollout Remains Distant
KB5095093, a June 2026 preview update for Windows 11, moves Bluetooth LE Audio from experimental to pilot, but Shared Audio isn't universally enabled yet. It includes stability fixes and backend improvements for multi-device streaming. A full Patch Tuesday rollout may still be months away as Microsoft gathers telemetry.
FBI Warns of Kali365 Phishing Kit That Steals Tokens by Abusing Microsoft’s Own Device-Code Flow
The FBI warns that the Kali365 phishing-as-a-service platform is bypassing MFA by tricking users into completing the Microsoft device-code authentication flow, granting attackers durable OAuth tokens that can access email, files, and the broader Microsoft 365 environment. The attack succeeds because it uses only legitimate Microsoft pages, making it invisible to many traditional phishing defenses.
Cordyceps CI/CD Attacks Exploit Workflow Trust to Threaten Hundreds of Open Source Repos
Novee Security’s scan of 30,000 open source repositories found hundreds susceptible to Cordyceps, a CI/CD attack pattern that exploits GitHub Actions workflow misconfigurations. The technique allows attackers to inject malicious code through trusted automation, threatening the software supply chain across multiple ecosystems, including Windows. Defenders can mitigate the risk by pinning actions, restricting triggers, and reducing token permissions.
The TikTok Brain Drain: How Endless Scrolling Breeds Cyber Vulnerabilities—and the ‘Security Pause’ That Stops Attacks
This article examines how the rapid-fire content consumption habits bred by platforms like TikTok are undermining cybersecurity by conditioning users to react impulsively. It introduces the concept of the “security pause” — a deliberate moment of reflection before clicking or approving — as a crucial countermeasure, supported by microlearning, technical friction, and real-world success stories. The piece provides actionable steps for organizations and individuals to reclaim their attention and build a cognitive defense against modern phishing and MFA fatigue attacks.
Microsoft Extends Consumer Windows 10 Security Updates to 2027, Delaying Windows 11 Upgrades
Microsoft has quietly extended its consumer Windows 10 Extended Security Updates program until October 2027, giving home users extra time to receive critical patches. The move eases pressure to upgrade to Windows 11 but raises questions about long-term security and hardware compatibility. Enrollment fees apply, but the extension provides a crucial bridge for those reluctant or unable to switch.
Apple Supply Chain Breach: 200,000 Files Stolen in Tata Cyberattack
Hackers published 200,000 files (630GB) stolen from Tata Electronics, exposing confidential Apple manufacturing data. The breach, caused by an unpatched VPN, highlights severe supply chain security gaps. Both companies are investigating, while experts call for zero-trust architectures and stronger vendor oversight.
Kali365 Phishing-as-a-Service Exploits OAuth Device Code Flow to Steal Microsoft 365 Tokens, FBI Cautions
The FBI has issued a warning about Kali365, a phishing-as-a-service platform that abuses Microsoft's device code authentication to steal OAuth tokens, bypassing passwords and MFA. Organizations should educate users, monitor for suspicious logins, and consider disabling device code flow where not needed.