Consumer Advisory: Fake Windows Updates, Qilin in Healthcare, and patches you shouldn't skip

John Z Black Apr 27, 2026 Vulnerabilities & Patching #lumma #qilin #healthcare #cisa #windows #patching

Zero detections. That was the initial score for the LUMMA Stealer campaign targeting gamers through fake Windows 11 upgrade ads. It is polished, it looks exactly like a Microsoft portal, and it is designed to wipe out your crypto wallets and browser cookies in one shot.

While those ads hit individuals, Qilin ransomware is continuing its tear through the medical sector, most recently claiming Mid Florida Dermatology and exfiltrating patient records. It is a reminder that small medical practices are just as lucrative for extortionists as the giants.

Finally, CISA has added new mandatory patches for SOHO routers and digital signage servers. If you are running D-Link or Samsung hardware, you need to check your firmware status today.

The rule is simple: Windows updates only come from your settings menu. Not from a Discord link or a YouTube banner.

See the full list of fake update domains and get the CISA patch priority guide here.