#net-ntlmv1

#net-ntlmv1

Microsoft is removing trust for kernel drivers that haven't been through the Windows Hardware Compatibility Program, targeting those signed by the long-deprecated cross-signed root program. This change will take effect with the April 2026 Windows Update.

The issue focuses on how Windows handles these directories for specific user sessions. Because the kernel creates a DOS device object directory on demand, rather than at login, it cannot check whether the user is an admin during the creation process. Unlike UAC, Administrator Protection uses a hidden shadow admin account whose token handle can be returned by the system when calling the NtQueryInformationToken API function.

Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it's continuing to investigate if other products, including FortiWeb and FortiSwitch Manager, are impacted by the flaw.

Both the Home and Pro versions of Windows support disk encryption, but only the Pro versions give users full control over the process. The Home version of Windows only supports disk encryption when logged in with a Microsoft account and will only offer to store your encryption key on Microsoft's servers. To access the full version of BitLocker and back up your own recovery key, you'll need to upgrade to the Pro version of Windows.

Vulnerabilities discovered by researchers in Dormakaba physical access control systems could have allowed hackers to remotely open doors at major organizations. The security holes were discovered by experts at SEC Consult, a cybersecurity consulting firm under Atos-owned Eviden, in Dormakaba's Exos central management software, a hardware access manager, and registration units that enable entry via a keypad, fingerprint reader, or chip card.

Those hoping for a reprieve following last week's patch pantomime are out of luck. After users reported successful compromises of FortiCloud SSO accounts, despite being patched against an earlier flaw, the vendor confirmed there was an alternate attack path. According to a security advisory published Tuesday, that alternate path was assigned a separate vulnerability identifier (CVE-2026-24858, CVSS 9.4), and the company disabled FortiCloud SSO connections made from vulnerable versions.

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

CVE-2026-21510: a Windows SmartScreen and Windows Shell security prompts bypass that can be exploited by convincing the targeted user to open a malicious link or shortcut file. CVE-2026-21514: a vulnerability that allows an attacker to bypass OLE mitigations in Microsoft 365 and Office by tricking the target into opening a malicious Office file. CVE-2026-21513: an Internet Explorer issue that allows an attacker to bypass security controls and potentially execute code by convincing the victim to open a malicious HTML or LNK file.