2026 has started with a bang. Several critical updates have been released to address zero-day exploits in Microsoft Windows and Apple IOS and computer products. We also learned of supply chain attack on Notepad++, a popular text and source code editor. Lastly, computer prices are on the ride due to supply shortages of RAM and SSD storage.

As always prompt action and user education remain essential to safeguarding your organization

Apple Patches:

Apple has released critical updates for its IOS devices (iPhone, iPad, Watch, etc.) and computers to address a highly sophisticated zero-day vulnerability. The vulnerability would allow an attacker to read data, execute code and monitor internet traffic.

Microsoft Windows:

Microsoft has released patches as part of its regular patch cycle to address six actively exploited zero day vulnerabilities. The vulnerabilities could allow an attacker to escalate privileges and take administrative control of a system. Failure to patch these vulnerabilities represents a significant risk to your users and organization.

Notepad++:

Notepad++, a popular open-source text and source code editor, had its built-in updater compromised. This led to incidences when a user chose to check for updates, it resulted in a malicious file being downloading instead of the expected legitimate updates. This risk is mitigated by up-to-date antivirus or EDR software, which should detect and mitigate the malicious files.

Rising Computer Prices:

Computer prices are rising and are set to rise throughout 2026 by as much as 20%. The reason is a shortage of RAM and storage chips due to intense demand from data centers tied to AI development demands.

Expiring Secure Boot Certificates:

Secure Boot certificates are digital, cryptographic keys stored in a Windows computer’s firmware that verify the authenticity of OS components during startup. On many older systems, these certificates expire in June 2026. Microsoft and hardware manufacturers have been proactively rotating these certificates in advance of this deadline, but some older systems may need manual intervention or replacement. In some cases, failure to update these keys could expose the computer to security risks and potentially prevent the computer from booting up.

What do I need to do?

• Apple: For our clients who subscribe to our security and management tools, your Apple computers should start receiving updates starting this week. Users should complete the installation of patches when prompted and not delay or defer them. Updates can be manually installed following the directions below:
  • Apple MacOS: https://support.apple.com/en-us/HT201541
  • Apple IOS: https://support.apple.com/guide/iphone/update-ios-iph3e504502/ios
• Microsoft Windows: For our clients who subscribe to our security and management tools, your Windows computers should start receiving updates starting this week. Users should complete the installation of patches when prompted and not delay or defer them. Updates can be manually installed following the directions below:
  • Microsoft Windows: https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a
• Notepad++: For our clients who subscribe to our security and management tools, no action is required. Updates are secure and managed automatically. However, the following considerations should be made:
  • If you’re not using Notepad++ but it is installed on your system, you should consider removing the software to limit your exposure and attack surface
  • If you or anyone accesses or stores sensitive info in Notepad++ files (passwords, API keys, config secrets), users should consider proactively rotating those credentials.
• Computer Prices: Computer prices are likely to continue to rise throughout 2026 by as much as 20%. If you need to buy computers in 2026, it may be worthwhile to plan replacement sooner than later and to lock in the lower prices. This will be especially impactful on larger orders.
• Expiring Secure Boot Certificates: In most cases, Windows 11 systems will receive updates to the boot certificates through the normal Windows Update process. Windows 10 systems without Extended Security Updates (ESU) are at particular risk. For clients who subscribe to our security and management tools, we will be evaluating and flagging out any systems that have not been updated automatically for manual remediation. The certificates can be manually checked using the method linked below.
  • Check Boot Certificates: https://www.dell.com/support/kbdoc/en-us/000385747/how-to-check-secure-boot-certificates

QuickTip: Have you ever received a communication with a shortened URL and  wonder how to safely evaluate where it goes and if it’s safe?  Use ExpandURL (https://www.expandurl.net/). This is a simple tool to help you evaluate these links without having to put them directly in your browser or clicking on them.

Additional Resource and Details:

• Apple:https://www.securityweek.com/apple-patches-ios-zero-day-exploited-in-extremely-sophisticated-attack/
• Microsoft: https://www.securityweek.com/6-actively-exploited-zero-days-patched-by-microsoft-with-february-2026-updates/
• Boot Certificates: https://www.securityweek.com/microsoft-to-refresh-windows-secure-boot-certificates-in-june-2026/
• Boot Certificates: https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/
• Notepad++: https://notepad-plus-plus.org/news/hijacked-incident-info-update/
• Notepad++: https://arstechnica.com/security/2026/02/notepad-updater-was-compromised-for-6-months-in-supply-chain-attack/
• Computer Prices: https://www.pcmag.com/explainers/inside-ram-crunch-why-laptop-prices-will-continue-to-surge-in-2026?test_uuid=04IpBmWGZleS0I0J3epvMrC&test_variant=A
• Computer Prices: https://en.wikipedia.org/wiki/2024%E2%80%93present_global_memory_supply_shortage

As always if you have any questions or concerns about this latest security disclosure, please feel free to reach out.