Security Patch Archives

BetaBeacon

December 3, 2025

Google Pixel Phones Just Got a Game‑Changing Android 16 Update

- Google has introduced new screen customizations for Pixel phones in Android 16 QPR2. - Users can now customize app icons with new shape options on the home screen. - Pixel phone users can place widgets on the lock screen by swiping left, with limited options compared to the home screen. - Other lock screen changes include a new low-light mode for the screen saver and fingerprint scanning on the switched-off display. - Users can now disable or reduce blur effects in background elements, adjust HDR intensity, and schedule expanded dark mode. - The update also adds a more flexible split-screen layout, AI-powered notifications, and strengthened parental controls. - Android 16 QPR2 includes the December security patch to fix vulnerabilities and protect against threats.

Winsage

November 18, 2025

Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors

Microsoft released an emergency out-of-band update, KB5072653, on November 17, 2025, to address installation issues related to the November extended security updates for Windows 10. This update specifically targets the error code 0x800f0922 that prevented users from successfully installing the ESU update. To install this update, devices must be running Windows 10 version 22H2 and have the October 2025 KB5066791 cumulative update installed. Users can check for updates via Windows Update, where KB5072653 will be included. Microsoft plans to release a new Scan Cab with updated metadata to improve compliance update checks for organizations using WSUS and SCCM.

AppWizard

November 12, 2025

Android 16 QPR2 Beta 3.3 fixes annoying Pixel lock-screen freezes

Android 16 QPR2 Beta 3.3 has begun rolling out for Pixel 6 and newer devices, including the Pixel 10 lineup and foldable models. The update addresses a lock-screen freeze bug and carries the build number BP41.250916.015 for the Pixel 6 series and BP41.250916.015.A1 for newer models, while maintaining the October 2025 security patch. The update focuses on stability and does not introduce new features. It is available to those enrolled in the Android Beta Program, with a gradual rollout to all eligible Pixel phones. Users can manually check for the update in Settings > System > Software update. The full release is expected later this year, likely in December.

Winsage

November 11, 2025

Microsoft releases KB5068781 — The first Windows 10 extended security update

Microsoft has released the KB5068781 update, which is the first extended security update for Windows 10 since the operating system reached its end of support last month. This update follows the final cumulative update on October 14, which ended bug fixes and free security updates for Windows 10. Extended security updates (ESU) are available for consumers and business customers for up to three years, depending on the account type. Consumers can enroll in the ESU program through payment, Microsoft reward points, or Windows Backup synchronization. In the European Economic Area, additional options include free access with a Microsoft account or payment for a local account. Business customers can utilize the ESU program for three years at a total cost of 0 per device. A bug has affected some devices' enrollment in the ESU program, prompting Microsoft to issue an emergency fix. Users can install the update via Settings and Windows Update. The update is mandatory and will automatically install, requiring a device restart. After installation, Windows 10 ESU will be upgraded to build 19045.6575, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6575. The update primarily addresses a bug that incorrectly indicated Windows 10 LTSC devices had reached their end of support. It also includes security updates that fix 63 vulnerabilities, including one actively exploited elevation-of-privilege vulnerability, with no known issues reported.

Winsage

November 6, 2025

Microsoft confirms a bug is hitting paid Windows 10 ESU users

Microsoft's extended security updates (ESU) program for Windows 10 is experiencing a display bug that causes some users to receive erroneous "end of support" notifications despite being enrolled in the program. This issue arose after the installation of the KB5066791 update, released on October 14, 2025, which is the final official security patch for Windows 10. The glitch affects various editions, including Windows 10 22H2 Pro, Education, and Enterprise, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. Microsoft has confirmed that this is a visual error, and devices with a legitimate ESU license will continue to receive security updates. A temporary solution has been provided for businesses, while individual users will need to wait for a future Windows update to fix the issue. Users can verify their enrollment in the ESU program by checking the Windows Update settings for a confirmation message.

Winsage

November 1, 2025

New Warning As Microsoft Windows Attacks Confirmed

Microsoft has rolled out an emergency security update for Windows users, but a new vulnerability, CVE-2025-9491, is being exploited by attackers and remains unpatched. This vulnerability is being actively exploited by threat actors associated with China, primarily targeting European diplomatic entities in Hungary, Belgium, and other nations. The attacks involve phishing emails with embedded URLs that deliver malicious LNK files, allowing attackers to execute obfuscated PowerShell commands and deploy a multi-stage malware chain, culminating in the PlugX remote access trojan. Users are advised to block .lnk files from untrusted sources to mitigate risks.

Winsage

October 24, 2025

Microsoft issues emergency Windows server security patch – update now or risk attack

Microsoft has released an emergency patch for a critical vulnerability in its Windows Server Update Service (WSUS), identified as CVE-2025-59287, as part of the Patch Tuesday cumulative release on October 14, 2025. The vulnerability, categorized as a "deserialization of untrusted data" issue, has a severity score of 9.8 out of 10 and allows unauthenticated attackers to execute remote code without user interaction, potentially leading to broader network compromises. The flaw can be exploited with low-complexity attacks, and public exploit code has emerged, prompting the urgent update. Organizations are advised to apply the patch promptly to protect their systems.

Winsage

October 3, 2025

Whoa! Windows 7’s market share surged, tripling in users last month

Windows 7's global market share increased from 3.59 percent in August to 9.61 percent in September 2023. In Asia, its market share surged from 5.64 percent in August to 18.67 percent in September, up from 2.32 percent in July. Windows 11's market share declined from 49.08 percent to 48.94 percent, while Windows 10 fell from 45.53 percent to 40.5 percent. Statcounter has not provided an explanation for the rise in Windows 7 users.

AppWizard

September 29, 2025

Pixel QPR Beta issue breaks key native, default Android app

Google has released Android 16 QPR1 Beta 3.1, concluding the September Quarterly Platform Release (QPR). Pixel users can revert to the stable version without a software wipe, but some did not receive the stable update. Users on Android 16 QPR1 Beta 3.1 are facing issues with Google Wallet and VPN functionalities. Complaints are particularly noted among Pixel 9 series users. QPR updates are quarterly updates for Pixel devices, and the following devices are set to receive Pixel Feature Drops this year: Pixel 10 series, Pixel 9 series, Pixel 8 series, Pixel Fold, Pixel Tablet, and Pixel 7 series. QPR2 is expected in December, and QPR3 in March 2026. Android 16 was introduced in June, with Android 17 expected next June.

AppWizard

September 26, 2025

Flaw in OnePlus phones lets apps read your texts, fix rolling out soon

A significant security vulnerability, designated as CVE-2025-10184, has been identified in OnePlus devices operating on OxygenOS versions 12 through 15. This flaw allows malicious applications to access and transmit text messages without user consent, potentially leading to interception of critical communications like two-factor authentication (2FA) codes or impersonation of the user. The issue stems from inadequately secured new components introduced by OnePlus, which can be exploited through SQL injections or similar methods. Rapid7, the cybersecurity firm that discovered the flaw, reported it in May 2025, but OnePlus only acknowledged the issue after public disclosure. OnePlus plans to roll out a security patch globally in mid-October to address the vulnerability. In the meantime, users are advised to download apps only from reputable sources and consider using more secure methods for two-factor authentication.