News

December 1st, 2025

❓What:

• Windows 11 version 24H2 (after applying cumulative update KB5062553 released July 2025) is causing critical shell-level failures.

• Affected components include the Start Menu, Taskbar, File Explorer (explorer.exe), System Settings, and more. On login — especially first-time logons or in non-persistent Virtual Desktop Infrastructure (VDI) environments - users may get empty taskbars, unresponsive Start buttons, crashes of explorer.exe or ShellHost.exe, or even a black screen / unusable desktop UI.

• The root cause: a race condition with XAML-based UI dependency packages. After the update, required packages sometimes don’t register in time before the shell attempts to load UI components — resulting in shell startup failures.

  
  

November 18th, 2025

❓What:

• On October 25, 2025, delivery service DoorDash identified that an unauthorized third-party gained access to some internal systems after one of its employees fell victim to a social-engineering attack.

• The adversary accessed various records containing personally identifiable information (PII) of users (consumers), delivery workers (Dashers), and merchants across several countries. Data exposed includes first & last names, email addresses, phone numbers, and physical addresses.

• DoorDash states that no payment card information, banking details, Social Security numbers or other highly sensitive identity documents were accessed.

October 7th, 2025

❓What:

One week from today on October 14th, Microsoft will end free support for all Windows 10 editions (Home, Pro, Enterprise). This includes all security updates, bug fixes, and technical assistance. If organizations using a Windows environment fail to migrate any existing Windows 10 systems to Windows 11 (or an alternative OS), they're leaving the door open to hackers and adversaries, and make themselves increasingly susceptible to operational failures.

⚠️So What?

So what's the risk? Why would this impact my organization?

August 21st, 2025

🔍 What:

• On Friday August 15th, Human Resources giant Workday disclosed a data breach targeting their third-party Customer Relationship Management (CRM) platform.

• Attackers gained access using social engineering techniques, most prominently impersonation via. vishing and smishing. Most likely, attackers impersonated HR or IT and tricked users into linking a malicious OAuth application to their CRM instance.

• Workday is just the latest company to have their CRM platform breached in an on-going campaign targeting companies that utilize Salesforce as their CRM platform. The group behind the attack, ShinyHunters, has conducted several successful attacks targeting major companies like Adidas, Qantas, Allianz Life, and Louis Vuitton, to name a few.