VulnHub

The Eclipse Foundation has decided to implement mandatory security checks for extensions intended for the Open VSX Registry, which is used with Microsoft Visual Studio Code (VS Code). This initiative aims to prevent malicious extensions from being published, marking a proactive shift in how the foundation addresses security risks related to supply chain attacks. By requiring these checks before publication, the foundation hopes to enhance the safety of the open-source ecosystem and protect developers and users from potentially harmful software. This change is significant as it reflects a growing awareness of the vulnerabilities associated with software supply chains, especially in widely used development tools like VS Code.

A recent investigation by Forbes has revealed that Microsoft is potentially turning over Bitlocker encryption recovery keys to law enforcement when presented with legal warrants. The company reportedly receives around 20 such requests each year. While this may seem like standard legal compliance, it raises significant concerns about user data privacy and control. Essentially, if users do not have full control over their encryption keys, they may not fully control their own data. This situation prompts users to reconsider how they manage their encryption keys and the implications of relying on third-party services for data protection.

Microsoft is looking into issues with some Windows 11 devices that are failing to boot after users installed the January 2026 Patch Tuesday security updates. Affected users are encountering 'UNMOUNTABLE_BOOT_VOLUME' errors, which prevent their systems from starting up properly. This situation could disrupt the workflow of many individuals and organizations that rely on Windows 11 for daily operations. Microsoft has not yet provided a specific fix or workaround for the problem, leaving users uncertain about how to resolve the issue. The investigation is ongoing as the company seeks to identify the root cause of the boot failures and implement a solution.

In a recent incident, the FBI accessed the BitLocker recovery keys of Windows laptops after Microsoft shared these keys as part of a legal request. This situation raises significant concerns about user privacy and data security, as it reveals how easily law enforcement can obtain sensitive information stored on personal devices. Affected users include anyone using Windows laptops that utilize BitLocker encryption for data protection. The implications are serious; users may feel their encrypted data is not as secure as previously thought, prompting a reevaluation of reliance on built-in security features. This incident serves as a reminder that while encryption is a valuable tool, it does not guarantee absolute privacy when legal authorities are involved.

Microsoft has issued a temporary workaround for users experiencing freezes in Outlook after applying the latest Windows security updates. This issue has affected many customers who rely on Outlook for their email and daily tasks, causing disruptions and frustration. The freezes appear to be linked to the recent updates, prompting Microsoft to step in with a solution while they work on a permanent fix. Users are advised to implement the provided workaround to mitigate the impact on their productivity. This situation serves as a reminder of how software updates, while important for security, can sometimes lead to unexpected problems.

Microsoft has rolled out emergency updates for Windows 10, Windows 11, and Windows Server to address issues that arose from the January Patch Tuesday updates. These out-of-band updates specifically target problems related to system shutdowns and Cloud PC functionality. Users of these operating systems may experience disruptions due to these bugs, which could impact productivity and system reliability. It's crucial for users to apply these updates promptly to ensure their systems operate smoothly and to mitigate any potential security risks that may arise from unresolved bugs.

The January Patch Tuesday updates for Windows include important changes to Secure Boot, which safeguards computers against bootkit malware. Secure Boot is a security feature that ensures only trusted software is loaded during the startup process. The updates address expiring certificates that could compromise this protection if not renewed. Users and IT administrators are urged to install these patches promptly to mitigate the risk of bootkit attacks, which can allow malicious software to take control of a system before the operating system loads. Keeping Secure Boot updated is crucial for maintaining the integrity and security of Windows PCs.

Microsoft has successfully disrupted RedVDS, a significant cybercrime platform that has been linked to approximately $40 million in losses reported in the U.S. since March 2025. The platform was known for offering a virtual desktop service that criminals used to conduct various illegal activities. This disruption is a major step in combating cybercrime, as it not only targets the infrastructure used by attackers but also aims to deter future criminal operations. The impact of RedVDS has been felt widely, affecting numerous victims who have suffered financial losses due to the platform's activities. By taking action against RedVDS, Microsoft is contributing to a broader effort to enhance cybersecurity and protect individuals and businesses from ongoing threats.