Cve 2026 10763
The latest Cve 2026 10763 coverage — news, analysis, and updates from the WindowsNews.AI desk.
OpenSSH 10.4 Security Update Patches 8 Vulnerabilities, Adds Post-Quantum Crypto
OpenSSH 10.4, released July 6, 2026, contains fixes for eight security vulnerabilities across its client, server, and file transfer tools, and introduces experimental post-quantum signature algorithms. Windows users running the built-in optional feature or standalone Win32-OpenSSH should update immediately to protect against potential exploits, while the quantum-resistant authentication feature offers a preview of future cryptographic defenses.
Siemens Demands Immediate Patching of RUGGEDCOM Switches as SINEC OS Flaw Gets 9.8 CVSS Score
Siemens has released SINEC OS version 4.0 to fix a critical 9.8 CVSS vulnerability in its RUGGEDCOM RST2428P industrial switches, disclosed June 2, 2026, and republished by CISA on July 7, 2026. The flaw allows remote attackers to compromise unpatched devices, demanding immediate action from OT operators to protect critical infrastructure.
CISA Warns Engineers: Proteus 9.1 SP4 Memory Bugs Expose Windows Workstations—Update Immediately
CISA's July 7, 2026 advisory highlights critical memory-safety flaws in Labcenter's Proteus 9.1 SP4 design software. The vulnerabilities can lead to information disclosure on Windows workstations, risking intellectual property theft. Users must update to version 9.2 SP0 and apply workstation hardening to mitigate attacks.
Critical NGINX Heap Overflow in Hitachi Energy EMS Puts Grid Operators at Risk — What Windows Admins Need to Know
CVE-2026-42945 is a critical heap-based buffer overflow in the NGINX component of Hitachi Energy's e-mesh EMS, affecting versions 4.1.6, 4.4.2, and 4.7.0. Exploitation can crash services and potentially lead to remote code execution, threatening grid monitoring and control. Windows administrators managing OT infrastructure must inventory affected systems, apply vendor patches or mitigations, and harden surrounding defenses to protect critical energy infrastructure.
Energy Sector on Alert: Hitachi Energy’s PROMOD V Exposes Data in Plain Text — Upgrade and Lock Down Now
CISA warned on July 7, 2026, that Hitachi Energy’s PROMOD V asset management software up to version 1.0.10 transmits data over unencrypted HTTP, risking eavesdropping in energy-sector networks. Upgrade to version 1.0.11 and manually enable HTTPS to secure communications.
CISA Issues Urgent Warning on Digi Serial Device Server Authentication Bypass — Patch Now
CISA warns that Digi serial device servers contain a critical authentication bypass allowing unauthenticated administrative access. The flaw affects multiple models running pre-2025 firmware, posing a serious risk to industrial networks. Administrators must immediately check firmware versions and apply updates to prevent potential exploitation.
CISA Flags Critical Flaws in Major EV Charging Network — What Drivers and Operators Must Do Now
CISA issued an advisory on July 7, 2026, warning that vulnerabilities in Hydro-Québec's Le Circuit Électrique EV charging backend could lead to privilege escalation or denial-of-service attacks. The flaws affect the cloud platform managing over 3,500 stations in Quebec, with no known exploits yet. Consumers face minimal immediate risk, but operators should prepare for patches and review network security.
Critical Mendix Studio Pro Vulnerability Allows Code Execution via Malicious Project Files
Siemens and CISA disclosed CVE-2026-48192, a critical remote code execution flaw in Mendix Studio Pro that can be triggered by opening a malicious project file. All users must update to version 11.12 or specific maintenance hotfixes immediately to prevent compromise of Windows development machines.
Microsoft Intune Extends Security Policies to Unenrolled Defender for Endpoint Devices
Microsoft Intune can now enforce endpoint security policies on devices that are onboarded to Defender for Endpoint but not enrolled in Intune, simplifying security for servers, BYOD, and contractor PCs. The change eliminates the need for full MDM enrollment for antivirus, firewall, and attack surface reduction settings. IT admins can assign policies directly from the Intune admin center and should verify licensing and clean up conflicting Group Policy objects.
Microsoft Slips Windows 10 Another Year: Consumer Security Patches Now Until Late 2027
Microsoft has quietly extended the consumer Windows 10 Extended Security Updates (ESU) program through October 12, 2027—one year beyond the original cutoff. The move gives households and small businesses extra time to patch aging hardware before migrating, but it also raises questions about the company's long-term upgrade strategy.
Microsoft Partners Lumen21, L&L, and TechWise Merge Into National IT Powerhouse
Lumen21, L&L Consulting Services, and TechWise Group merged on July 7, 2026, creating a national Microsoft partner that aims to deliver end-to-end IT services for SMB and mid-market businesses. The combined firm brings together cloud migration, cybersecurity, Dynamics 365 ERP, and managed services under one roof, and clients should review their support agreements and explore how the expanded capabilities can simplify their technology stacks.
Windows 10 Home Users Get Security Updates Until October 2027: What the Silent ESU Extension Means for You
Microsoft has extended the Consumer ESU program for Windows 10 until October 12, 2027, giving enrolled users an extra year of security patches. The quiet update means home users can safely delay upgrading for two years total, though they should still plan for eventual migration to a modern OS.
How Windows 11 Passkeys Replace Passwords: Setup, Security, and What It Means for You
Windows 11 now fully supports passkeys via Windows Hello, letting users replace passwords with biometrics or PIN for phishing‑resistant sign‑ins. The feature, widely documented in January 2024, is built into Settings and syncs across Windows devices. Users can create and manage passkeys on supported sites, while admins gain group policies for enterprise control.