Abdur Rahman Tawhid’s Post

Microsoft’s January 2026 Patch Tuesday Delivers Over 100 Fixes, Including Actively Exploited Zero-Day A Heavy Patch Cycle Kicks Off 2026 Microsoft has started 2026 with one of its busiest Patch Tuesday releases in recent memory, pushing security updates that address more than 100 vulnerabilities across Windows and related components. Among them is at least one zero-day already being exploited in the wild, putting immediate pressure on system administrators and security teams worldwide. While only a small portion of the flaws are rated “critical,” several carry long-term implications that go far beyond routine patching....

Windows Forensics Guide: How to Optimize Event Logs for DFIR ⤵ → Log sizes  → Audit settings → PowerShell activity → Command and process line → Microsoft-Windows-TaskScheduler/Operational Full post: https://lnkd.in/gcMwj2fd P.S. Share this post to help other DFIR pros P.P.S. Cyber Triage collects and analyzes your Windows Event logs. Try free for 7 days: https://lnkd.in/gCuMg4Yw

I have had discussions, presentations and talks on Log Optimization more than anything else in my professional life. Logs are the eyes/CCTV of your infrastructure. It’s just right that you fine tune or optimize periodically and particularly before SIEM implementation. It’s crazy how many organizations build SOC or implement SIEM solutions without optimizing log collection. It’s revealing.

Microsoft has released its February 2026 Patch Tuesday updates, addressing 59 vulnerabilities across a wide range of products — including six zero-day vulnerabilities that were actively exploited in the wild prior to the release. Among these are security feature bypass flaws in Windows Shell and MSHTML, and privilege escalation issues in Desktop Window Manager and Remote Desktop Services, as well as other high-risk defects.  👉 Read More: https://lnkd.in/d4tcRphr

Patch Tuesday, January 2026 Edition: Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

Last Saturday, I decided to dive into web security, one of the fundamental pillars of cybersecurity. And where better to start than with HTTP? What is HTTP? HTTP (HyperText Transfer Protocol) is an application-layer protocol—essentially the layer between you and the server—used to access resources on the World Wide Web. The "hypertext" part refers to any text that contains a link to another resource. Some key facts: *  The default port for HTTP is 80. *  The default port for HTTPS is 443. In HTTP communication, the client (the user) makes a request to the server for a specific resource. The server then processes this request and sends back a response with the requested data. Understanding the URL When I was a kid, I used to call it the "Universal Resource Locator" 😅. It's actually Uniform Resource Locator. The "resource" in the name is exactly what the client is asking the server for. A URL contains: 1. User/Client: Who is making the request. 2. Host/Server: Who is receiving the request. 3. Port: Where the website is listening (e.g., port 80). 4. Path: The specific resource the client is requesting. 5. Query String: Anything after the `?` symbol, used to pass parameters. 6. Fragment: A reference to a specific part within the resource. The HTTP Flow I used to think this whole process would be super complicated 😳, but when I actually learned it, I ended up loving its simplicity 😍. So let’s walk through it. Suppose you search for `https://lnkd.in/gE9KB6c3` (yes, that's a bit of shameless self-promotion 😁). Even if the site uses HTTPS, the initial steps on the browser's side are largely the same. Here's what happens: 1. First Stop: DNS Lookup The browser basically goes, “Alright, what is this person trying to reach?” It asks a DNS server for the IP address of the domain you typed. The DNS server replies with the corresponding address—let’s say it returns `8.8.8.8`. Now the browser knows where the website lives. 2. Sending the Request Once it has the IP, the browser sends an HTTP request to the server. If you haven't specified a path (like `/about.html`), it defaults to the root (`/`). 3. The Server Responds The server processes the request, figures out what you're asking for, and sends back a response with the webpage data. And just like that—the basic HTTP flow is complete! A simple round trip between a client and a server. A Fun Little Detail: The Hosts File There's a crucial step that happens before the browser even touches DNS. Your operating system first checks a local file called the hosts file (on Linux and macOS, it's `/etc/hosts`). Think of it as your machine's private cheat sheet. If the domain you typed is listed there with an IP address, your system will completely skip the external DNS lookup and send the request straight to that IP. No questions asked For more such blogs do visit https://lnkd.in/gdNcnTve

A new year begins and the first Patch Tuesday CrowdStrike report has been published containing all the useful analysis of the vulnerabilities you need to focus on. https://lnkd.in/eNd37aJX

I’m sharing this because the first major Patch Tuesday of 2026 delivered a huge security reset with very serious implications for defenders and attackers alike — and it’s already shaping how threat actors and enterprise teams are reacting this month. Microsoft’s January 13, 2026 security update fixed 114 vulnerabilities across Windows, Office, Azure, and more, marking one of the largest January releases in recent years — and included three zero‑day flaws that had been publicly known or actively exploited before the patches dropped. Here’s the threat picture: One of the zero‑days — CVE‑2026‑20805 — was already being actively exploited in the wild before the patch was released. It affects Windows Desktop Window Manager, allowing attackers with local access to leak sensitive memory data that could help them chain into more severe attacks. The other two zero‑day flaws were publicly disclosed before patching: • A Secure Boot security feature bypass vulnerability. • An elevation‑of‑privilege bug in legacy Agere Soft Modem drivers, which Microsoft addressed by removing the obsolete driver. In total, the release included eight Critical flaws, including remote code execution bugs, plus dozens of elevation‑of‑privilege and information disclosure issues that could be leveraged in multi‑stage attacks. This makes timely patching essential, especially for enterprise environments, where attackers often exploit unpatched zero‑days shortly after disclosure.