Microsoft’s January 2026 Patch Tuesday delivered 114 updates and 3 zero-days – with SharePoint Toolshell, Fortinet VPN bypass, and HPE OneView RCE leading the charge. This isn’t theoretical. Attackers are already exploiting these in the wild. From Adobe Acrobat to Apple’s WebKit spyware holes, no vendor was spared. SMB IT teams, you’re on the clock. Here’s your no-fluff, brutally honest patching guide.
When Beverley Bryant, former Chief Digital Information Officer at Guy's and St Thomas' NHS Foundation Trust, stated that the Synnovis attack "may not have happened" with two-factor authentication enabled, she was not speculating. She was describing technical reality. The Qilin ransomware gang gained initial access through compromised credentials. Multi-factor authentication completely blocks this attack vector. A patient died because a free security control was not enabled. This is not hindsight
