Security Alerts
The latest Security Alerts coverage — news, analysis, and updates from the WindowsNews.AI desk.
KMSPico After Windows 10 End of Life: Why Offline Activation in 2026 Is a Security Disaster
After Windows 10 reaches end of support on October 14, 2025, using KMSPico for offline activation will expose users to severe security risks, including malware, lack of updates, and legal consequences. The tool, often bundled with trojans and backdoors, becomes especially dangerous when combined with an unpatched OS. Legitimate alternatives include paid extended security updates, Windows 11 upgrades, or switching to Linux.
CISA Flags Critical Cisco and PTC Vulnerabilities as Actively Exploited: Immediate Patching Required
CISA has added CVE-2026-20230 (Cisco Unified Communications Manager) and CVE-2026-12569 (PTC Windchill and FlexPLM) to the Known Exploited Vulnerabilities catalog due to active exploitation. All organizations must patch immediately, hunt for signs of compromise, and adopt risk-based vulnerability management to defend against these targeted threats.
Microsoft Pushes Windows 10 ESU to October 2027, Giving Home Users Two Extra Years
Microsoft has extended Windows 10’s Extended Security Updates for consumers by an additional year, moving the cutoff from October 2026 to October 12, 2027. The extension gives home users and IT departments more time to plan hardware upgrades or Windows 11 migrations while ensuring another year of critical security patches for a one-time fee likely matching the original $30 price. However, it’s a final reprieve—no new features, and a hard end date that lines up with enterprise ESU timelines.
Windows 10 Extended Security Updates Enrollment Window Expands to October 2027
Microsoft has extended the Windows 10 Extended Security Updates enrollment window through October 12, 2027, giving businesses and individuals more time to purchase security patches after the operating system’s 2025 end of support. The quiet policy change removes immediate upgrade pressure, allows late entry into the ESU program, and signals a revenue-driven strategy to capitalize on the slow Windows 11 transition.
Microsoft Extends Windows 10 Security Patches for Home Users to October 2027
Microsoft has extended its Windows 10 Extended Security Updates program for consumers to October 12, 2027, adding a second year of critical security patches for a $30 one-time fee. The extension gives home users more time to plan upgrades or keep existing PCs secure before final end-of-support. Enrollment details remain sparse, but the move acknowledges the large number of PCs unable to officially upgrade to Windows 11.
CISA Urges Healthcare Providers to Patch Critical File Write Flaw in pynetdicom Library
CISA's ICS Medical Advisory warns of an unauthenticated path traversal vulnerability in pynetdicom versions before 3.0.4, allowing arbitrary file writes on Windows and Linux systems. Healthcare organizations using DICOM imaging software should immediately upgrade to patched version 3.0.4 and implement network segmentation to prevent remote exploitation.
CISA Flags High-Severity OHIF Token Leak—Immediate Patch Required to Protect Patient Data
CISA issued a high-severity medical advisory for CVE-2026-12473, a token leak flaw in OHIF Viewer's DICOM framework that exposes authenticated OIDC bearer tokens. The vulnerability affects versions 3.12.0 and earlier, and could allow attackers to impersonate clinicians and access medical images. OHIF v3.12.2 fixes the issue, and organizations are urged to patch immediately and rotate tokens.
Azure Administration Skills in 2026: Security, Cost Control, and Identity Mastery Are Non-Negotiable
Azure administration skills are critical in 2026 as enterprises accelerate cloud migrations, face escalating security threats, and demand rigorous cost control. Mastery of Microsoft Entra ID, cost management, security frameworks, and automation is no longer optional—it’s essential for secure, cost-effective cloud operations and career resilience.
CISA Flags EVoke Systems Flaw: Unauthenticated OCPP WebSockets Expose Chargers to Spoofing Attacks
CISA's June 25, 2026 advisory reveals that EVoke Systems' Charging Station Management System accepts WebSocket connections without proper authentication, allowing attackers to spoof EV chargers. This flaw could enable billing fraud, charging disruptions, and grid instability. Operators are urged to implement mutual TLS, network segmentation, and monitoring while awaiting a vendor patch.
Schneider PowerLogic P7 Patch Forces Reboot, Exposes OT to Real-World Risks
Schneider Electric’s firmware update for PowerLogic P7 relays fixes three critical vulnerabilities but demands a reboot that could disrupt critical infrastructure operations. The patch highlights the clash between IT security timelines and OT uptime requirements, with Windows management consoles playing a pivotal role in the update process.
CISA Flags Horner Cscape Flaw Allowing Local Code Execution via Malicious CSP Files
CISA published an advisory on June 25, 2026, for CVE-2026-12897, a local code execution flaw in Horner Automation Cscape versions before 10.2 SP3. The vulnerability allows attackers to craft malicious CSP project files that, when opened, can execute arbitrary code on Windows workstations. Horner has released a patch, and organizations are urged to upgrade immediately to prevent exploitation in industrial control system environments.
CISA Reissues Urgent Alert on Yokogawa FAST/TOOLS Information Disclosure Flaw
CISA has reissued Yokogawa's advisory for CVE-2026-11833, a high-severity information disclosure vulnerability in FAST/TOOLS and Collaborative Information Server. The flaw could allow unauthenticated attackers to retrieve sensitive engineering data from process automation systems. Affected versions R9.01 through R10.04 and R1.01 through R1.04 require immediate patching or network isolation.
Medical Imaging Networks at Risk: CISA Warns of Unauthenticated Access via pynetdicom Flaw
CISA published a medical advisory on June 25, 2026, warning that pynetdicom versions 1.0.0 through 3.0.3 contain a path traversal flaw allowing unauthenticated access to medical imaging files. Healthcare organizations must immediately upgrade to pynetdicom 3.0.4 and implement network defenses to prevent data breaches and operational disruption.