LEMON BLOG

Disk encryption is supposed to be your "last line of defence." If your laptop goes missing, the idea is simple: the data stays locked, even if the device is in the wrong hands. But that protection can get messy when encryption is paired with third-party components that sit before Windows even boots. That's the core concern behind two recently highlighted vulnerabilities involving CryptoPro Secure Disk (CPSD), a product designed to work alongside BitLocker by adding extra controls like pre-boot authentication.

If you use Visual Studio Code daily (or you manage developer machines in an organisation), this isn't the kind of advisory to brush off as "just another extension issue." Security researchers have flagged multiple vulnerabilities across widely used VS Code extensions, and the combined install base is enormous. When flaws show up in tools that sit inside your editor, the risk isn't just theoretical, because extensions often have access to your workspace files, local environment, tokens, and internal resources.

If your day involves opening Word files from emails, shared drives, or chat apps, this is the kind of security warning that shouldn't sit around waiting for "when we have time." Security teams are tracking a new Microsoft Word zero-day that's already being exploited in real-world attacks. What makes it especially worrying is that it's not the classic "macro prompt" situation. This flaw can be used in a way that bypasses some of the protections and warning flows users normally rely on before a document does something risky.

If you use Google Chrome on desktop, this is one of those security stories where the boring advice is also the correct advice: update immediately. Google has released urgent security updates for a zero-day vulnerability that's already being actively exploited in the wild. In other words, attackers aren't waiting for you to patch, they're counting on you not doing it

Microsoft's product support timelines have always ticked away quietly in the background—but as 2026 approaches, those ticking clocks are starting to matter a lot more. A growing list of Windows editions, Office releases, and enterprise tools are heading toward end-of-life, and for many users, the impact goes far beyond simple version numbers.