Published by Jennifer Hudsen for The IT Guys at the June 25, 2026 5 PM recap window. Today’s roundup focuses on practical technology news for home users, small businesses, and anyone responsible for Windows PCs, browsers, developer platforms, websites, network gear, and cloud accounts.
Listen to the quick recap:
Watch The Video Recap
What Matters Today
June 25 brought a useful mix of relief and warning signs. The most customer-friendly news is that Microsoft has extended free Windows 10 Extended Security Updates for eligible personal devices through October 12, 2027, giving many home users more breathing room before replacing older PCs. The caution side is still heavy: Mandiant detailed Cisco Catalyst SD-WAN exploitation that reached root access, Chrome 149 received another important security update, GitLab patched multiple flaws, curl fixed a long-lived libcurl authentication issue, and CISA’s June exploited-vulnerability warning still matters for small-business network and industrial gear.
The practical theme is not panic. It is timing. A little extra Windows 10 time helps customers plan better hardware purchases, but exposed network equipment, browsers, developer platforms, and libraries still need fast patching because attackers are moving quickly.
1. Microsoft Gives Windows 10 Home Users More Security-Update Time
BleepingComputer reported today that Microsoft quietly extended its free Windows 10 Extended Security Updates program for consumers by another year. Microsoft’s updated guidance now says coverage for eligible personal devices runs through October 12, 2027, instead of ending in October 2026.
This is good news for households and small offices with otherwise useful Windows 10 machines that do not meet Windows 11 requirements. It does not make Windows 10 new again, and it does not bring feature updates back. It means enrolled personal devices can keep receiving critical security updates while owners plan a replacement, hardware upgrade, or migration.
Customer impact: do not use the extension as an excuse to ignore the problem. Use it as a planning window. Check which PCs can upgrade to Windows 11, which ones need replacement, which apps or printers need compatibility testing, and whether backups are current before making changes. Business-managed PCs may have different ESU rules than personal devices, so domain-joined or MDM-managed systems should be reviewed separately.
2. Cisco Catalyst SD-WAN Exploitation Reached Root Access
Google Cloud’s Mandiant team published research on zero-day exploitation of CVE-2026-20245 in Cisco Catalyst SD-WAN Manager. Mandiant says an attacker used the flaw to escalate from compromised administrative access to root-level control by abusing a malicious CSV upload. SecurityWeek and The Hacker News highlighted the same issue today, noting that this is another serious Cisco SD-WAN exploitation story in a busy year for edge-network security.
Most small businesses do not run Cisco Catalyst SD-WAN directly, but the lesson applies broadly. SD-WAN, firewall, VPN, router, voice, and remote-management platforms are high-value targets because they control traffic and often sit at the boundary between the internet and the internal network.
Action item: if your organization uses Cisco SD-WAN, confirm fixed versions, review Mandiant’s indicators, audit admin accounts, and restrict management interfaces. For everyone else, use this as a reminder to inventory edge devices and make sure management consoles are patched, protected with MFA where supported, and not casually exposed to the internet.
3. Chrome 149 Security Updates Reinforce The Browser-Restart Habit
SecurityWeek reported that Google’s latest Chrome 149 update resolves 18 vulnerabilities, including critical and high-severity defects. Several of the bugs are use-after-free issues, the kind of memory-safety problem that can become serious when combined with malicious webpages, compromised ads, or unsafe downloads.
For normal users, the important part is simple: browsers update in the background, but the fix often does not fully apply until the browser restarts. People who keep 40 tabs open for weeks can technically be “updated” but still not running the newly patched process.
Practical advice: save anything important in web forms, then restart Chrome, Edge, Brave, or whichever Chromium-based browser you use. In Chrome, check Settings > About Chrome. In Edge, check Settings > About Microsoft Edge. Avoid fake browser-update pop-ups on random websites; use the browser’s built-in update screen or the official app store.
4. GitLab And curl Patches Matter Beyond Developer Teams
SecurityWeek reported today that GitLab released updates addressing 13 vulnerabilities, including high-severity issues involving code execution and information disclosure. That matters for businesses that self-host GitLab, use GitLab runners, or depend on GitLab for website and software deployment workflows.
curl also had a notable security week. curl maintainer Daniel Stenberg wrote that curl 8.21.0 publishes 18 new vulnerabilities, a project record for one release. One of them, CVE-2026-8932, involves libcurl reusing a connection even after mutual-TLS client certificate or private-key settings changed. SecurityWeek described it as a 25-year-old issue affecting libcurl applications, not the normal curl command-line tool.
Customer impact: this is mostly a server, software, appliance, and developer-platform concern, but it can reach real businesses through websites, backup tools, integrations, security appliances, and embedded products. Self-hosted GitLab should be updated promptly. For curl, vendors and developers should update packages, rebuild affected applications where needed, and watch for appliance firmware updates that include newer libcurl.
5. CISA’s June KEV Alert Still Points At Real Small-Business Gear
CISA’s June 23 alert added four vulnerabilities to the Known Exploited Vulnerabilities catalog. The affected products include Lantronix EDS5000 serial-to-ethernet devices and Ubiquiti UniFi OS. SecurityWeek also noted today that the Lantronix flaw is being exploited after earlier OT threat warnings.
This matters locally because UniFi is common in small offices, restaurants, churches, shops, clinics, home offices, and managed Wi-Fi setups. Lantronix equipment is more specialized, but it may be attached to building systems, industrial gear, serial consoles, or other long-lived infrastructure that nobody checks often.
Action item: update UniFi consoles, gateways, cloud keys, and self-hosted controllers. Check that admin interfaces are not exposed publicly unless there is a documented protected reason. If a business has industrial or serial-to-IP gear, segment it away from normal office devices and restrict access to trusted management machines.
6. Meta Revived Facebook Creator Studio As An AI Companion App
On the product side, The Verge reported today that Meta is bringing Facebook Creator Studio back as a standalone AI companion app for creators. The pitch is that Facebook page operators and creators can get AI-driven help understanding audience growth and managing content.
For small businesses, this is a reminder that AI features are being added directly into the tools people already use. That can be useful for social posting, analytics, and customer engagement, but it also means owners should keep control of accounts, page roles, ad permissions, connected apps, and payment methods.
Small-business takeaway: before letting any AI companion manage business content, review who has access to the page, remove old admins, turn on MFA, check connected apps, and keep a human review step for posts, offers, messages, and ads. AI help is fine; handing over reputation and billing controls without guardrails is not.
Bottom Line For Home Users And Small Businesses
- Windows 10 users have more time, not forever: use the October 12, 2027 consumer ESU extension to plan replacements and backups instead of waiting until the last minute.
- Patch browsers and restart them: Chrome 149 security fixes only help when the updated browser process is actually running.
- Prioritize edge gear: SD-WAN, UniFi, serial-to-IP, firewall, VPN, and remote-management systems are high-value targets.
- Do not ignore developer platforms: GitLab, CI/CD runners, curl/libcurl, and deployment automation can affect websites and business systems even when the owner is not a software company.
- Treat AI tools like account access: social-media AI assistants and creator tools should have reviewed permissions, MFA, and human approval on anything public-facing.
If you need help checking Windows 10 upgrade options, enrolling eligible PCs in ESU, updating UniFi equipment, reviewing browser-update settings, or auditing website/developer tools, The IT Guys can help turn today’s headlines into a practical checklist.
Sources
- BleepingComputer: Microsoft quietly extends free Windows 10 ESU support to October 2027
- Microsoft Learn: Windows 10 Extended Security Updates
- Mandiant: Zero-day exploitation of CVE-2026-20245 in Cisco Catalyst SD-WAN Manager
- SecurityWeek: Cisco SD-WAN zero-day exploited months before patching
- The Hacker News: Cisco Catalyst SD-WAN zero-day CVE-2026-20245 exploited
- SecurityWeek: Chrome 149 update resolves 18 severe vulnerabilities
- SecurityWeek: GitLab patches code execution and information disclosure vulnerabilities
- Daniel Stenberg: curl 8.21.0
- curl: CVE-2026-8932 incomplete mTLS config matching in connection reuse
- SecurityWeek: 25-year-old vulnerability patched in curl
- CISA: Four known exploited vulnerabilities added to catalog
- SecurityWeek: Lantronix serial-to-IP converter flaw exploited in attacks
- The Verge: Facebook Creator Studio revived as an AI companion app