On March 26, 2026, Microsoft announced that starting with the April security update, it will eliminate trust in kernel drivers from the previous Cross-Signed Program for Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. Only drivers that have passed the Windows Hardware Compatibility Program (WHCP) or are on Microsoft's allow list will be allowed to load by default. This change aims to enhance security by establishing a robust chain of trust and addressing vulnerabilities associated with old kernel drivers. Users of older hardware that rely on specialized drivers may face challenges, as drivers not WHCP-signed or explicitly allowed will be excluded from the trusted zone.
Samsung's Hearapy app addresses motion sickness by using sound to alleviate symptoms. It is based on a study from Nagoya University that found exposure to a 100Hz tone for one minute can reduce motion sickness. The app emits a 100 Hz bass sine wave at 80-85dB through earphones, engaging the vestibular system to override conflicting sensory signals. Listening for 60 seconds can provide about two hours of relief. The app is available on the Google Play Store and works with any Android device. For optimal results, users should listen at a high volume, and Samsung recommends using Galaxy Buds 4 Pro for best sound quality. Other compatible options include the Soundpeats H3 and Bose QuietComfort Ultra 2. The Puro Sound Labs PuroPro is suggested for younger users due to its volume limit.
Folder permissions in Windows 11 control access to files, determining who can read, modify, or delete them. Common issues arise from drive or file migration, Windows updates, malware, or user errors. Symptoms include "Access Denied" messages and ownership displayed as "unknown."
Methods to resolve folder permission issues include:
1. Security Tab: Reset permissions through the Security tab by modifying access levels and ensuring proper inheritance.
2. Take Ownership: Claim ownership of a folder if the current owner is no longer valid, then reset permissions.
3. Command Prompt: Use commands like PLACEHOLDERfa5c045a85bc6cf0 and PLACEHOLDER14a87b7576573f58 to reset permissions quickly and efficiently.
4. PowerShell: Utilize PowerShell for advanced permission resets, allowing for conditional logic.
5. Windows Reset: As a last resort, reset Windows to restore default permissions while keeping personal files.
To prevent future issues, back up permissions before changes, understand NTFS vs. share permissions, and avoid altering system folders. If problems persist, ensure commands are run as an administrator, check ownership settings, and verify that Group Policy or sync tools are not overriding changes.
Recent findings from McAfee have revealed a malware campaign named Operation NoVoice that has infiltrated over 50 applications on the Google Play Store, which collectively received over 2.3 million downloads before being removed. The malware uses a rootkit attack strategy to gain administrator-level control of Android devices while remaining undetected. Affected apps appeared benign, performing tasks like cleaning files or managing photos, but were secretly communicating with a remote server to send device information. This allowed attackers to deploy custom exploit code, achieving root-level access and posing significant security risks. The malware persists even after factory resets, potentially requiring firmware reinstallation for complete removal. Users with older or unpatched Android versions are at greater risk, as well as anyone who downloaded the compromised apps.
Samsung is discontinuing its Samsung Messages application and transitioning users to Google Messages by July. Users are encouraged to switch themselves for a smoother transition, with advantages including enhanced AI capabilities, multi-device connectivity, and RCS Messaging. The exact date for the discontinuation has yet to be provided. Users will receive in-app notifications to guide them through the transition, or they can manually download Google Messages and set it as their default SMS app. Samsung Messages will not be available for download on new devices, including the Galaxy S26. Users with Android 12 or 13 will need to manually add the Google Messages icon to their home screen dock after switching. Those with devices released prior to 2022 may experience temporary disruptions in RCS conversations. Messaging support will also cease for older generation smartwatches running Tizen OS, specifically those launched before the Galaxy Watch4.
Apple has removed Jack Dorsey's decentralized peer-to-peer messaging service, Bitchat, from its China App Store following a request from the Cyberspace Administration of China (CAC). The app's beta version was also suspended in the region. Dorsey confirmed that Bitchat was removed in February, and Apple stated that all apps must comply with local laws and regulations. The CAC noted that Bitchat violated regulations requiring online services that can influence public opinion to undergo a security assessment. Bitchat remains available in other countries, with over 3 million downloads on Chrome and more than 1 million on Google Play.
Windows 11 version 25H2 is now available for Home and Pro users, rolling out to all non-managed PCs currently on version 24H2. The upgrade will be automatic for eligible users unless there are compatibility issues. Version 24H2 will reach its end of support on October 13, 2026, while version 25H2 will be supported until October 2027. The upgrade process uses a simple enablement package, and most features are accessible to both versions. However, version 25H2 removes certain legacy features like PowerShell 2.0 and WMIC. Users can choose when to restart or postpone the installation, but it becomes mandatory after a pause time limit. Windows 11 version 26H1 is in development and will debut on new devices with Qualcomm’s Snapdragon X2 Series processors.
Crystal Project is a non-linear JRPG developed by Andrew Willman that combines storytelling from the Final Fantasy universe with gameplay in Minecraft. Players explore a vibrant world, encountering Crystals that unlock various classes and abilities. The game emphasizes player agency, allowing choices to shape the experience, and caters to different playstyles, including combat and crafting. It is currently available for free on PlayStation 5 for a limited time.
Minecraft is launching its Tiny Takeover campaign on Twitch on April 6th at 9am PT, allowing streamers to earn up to ,000 by streaming Minecraft gameplay. Viewers can receive exclusive rewards such as the Baby Chick Chat Badge, Hatchling Hat, Turtle Tunes, and Bunnie Beanie for participating. Streamers must stream at least 1 hour of Minecraft to qualify for rewards, and the campaign is first-come, first-served with limited availability. Participating channels will be featured on the front page from April 6-8, and earnings will be reflected in the revenue dashboard within a week.
The Kickstarter campaign for PlanetSmith has raised over £26,700, surpassing its target of £4,314. The project is led by Kenneth Ward, also known as Incandescent Games, who has spent five years developing the game. PlanetSmith aims to enhance the sandbox experience by allowing players to explore alien planets, build structures, engage in battles, and launch into space. Alpha access is scheduled to begin in April, and the campaign has 23 days remaining.
Mojang released a hotfix for Minecraft, designated as Bedrock 26.12 (console users recognize it as update 3.36/1.046), addressing several gameplay bugs, including an issue with the Members tab in Realms Stories and an allowlist problem for servers. The Java edition also received a hotfix (26.1.1) that fixed a bug preventing chat messages from being reported. The previous Bedrock 26.11 update improved mouse camera sensitivity for Windows users. Upcoming features include the golden dandelion dropping from moobloom, enhanced utility for the Clock, and increased functionality for Bats, among others.
The Twitch Tiny Takeover campaign, a collaboration between Twitch and Mojang Studios, will launch on April 6th at 9:00 AM PT. Streamers can participate by streaming at least one hour of Minecraft gameplay and may earn up to ,000. Viewers can earn hats by watching Minecraft streams for five minutes and can obtain a Baby Chick Badge by purchasing or gifting a subscription. Streamers must be part of the Twitch Affiliate Program to qualify for rewards. Rewards will be sent to Twitch inboxes and can be redeemed on Minecraft.net.
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that impersonate Strapi CMS plugins. These packages exploit Redis and PostgreSQL, deploy reverse shells, harvest credentials, and establish persistent implants. Each package consists of three files—package.json, index.js, and postinstall.js—without descriptions or repositories, and all use version 3.6.8 to mimic legitimate Strapi plugins. The malicious packages follow a naming convention starting with "strapi-plugin-" and were uploaded by four accounts within 13 hours. The identified packages include names like strapi-plugin-cron, strapi-plugin-database, and strapi-plugin-server.
The malicious code is embedded in the postinstall script, executing automatically upon installation with the same privileges as the user. The payloads evolve from exploiting Redis for remote code execution to attempting direct PostgreSQL database exploitation and deploying persistent implants for remote access. The campaign appears to target cryptocurrency platforms, as indicated by the focus on credential theft and digital assets. Users of these packages are advised to assume compromise and rotate credentials.
This incident reflects a broader trend of supply chain attacks in the open-source ecosystem, with recent examples including credential exfiltration payloads in GitHub repositories and compromised GitHub Actions workflows. Group-IB reported that software supply chain attacks are increasingly reshaping the cyber threat landscape, targeting trusted vendors and open-source software to gain access to downstream organizations.
Microsoft's new Copilot application for Windows 11 operates as a hybrid web application that essentially launches Microsoft Edge, functioning more as a rebranded browser wrapper than a standalone AI assistant. The installation replaces the previous native Copilot app with a version that includes Microsoft Edge files, such as msedge.exe and msedge.dll, within a WebView2 container. A user demonstrated that renaming the Copilot executable to msedge.exe allowed it to launch Microsoft Edge directly. Microsoft has expressed a goal to develop 100% native applications for Windows 11, but it is unclear if this will apply to the current Copilot.
A new malware threat called "NoVoice" has been found in over 50 applications on the Google Play Store, with 2.3 million installations on Android devices. Discovered by McAfee, this malware is hidden in seemingly harmless apps like system cleaners, games, and image galleries. It exploits Android vulnerabilities to gain root access, potentially allowing attackers to steal sensitive information and manipulate applications without user consent. In some cases, it may persist even after a factory reset. Google has stated that Android devices updated since May 2021 are protected against this threat and that Google Play Protect actively removes malicious apps and blocks new installations. The malware was not able to infect devices in Beijing and Shenzhen, suggesting the attackers may be avoiding local law enforcement. One identified app carrying the NoVoice payload is SwiftClean, developed by Biodun Popoola. The malware operates using a silent audio file, executing its code without user detection. Users are advised to download apps only from the Google Play Store and keep their devices updated.
Recent benchmark results show that Linux, specifically CachyOS, outperforms Windows 11 in various modern gaming titles. Tests conducted by NJ Tech used identical hardware configurations, including an AMD Ryzen 5 5600X processor and a Radeon RX 6700 XT graphics card. In the game Crimson Desert, CachyOS achieved 63 FPS compared to Windows 11's 59 FPS, and in Warhammer 40,000: Space Marine 2, CachyOS delivered 81 FPS versus Windows' 68 FPS. In Red Dead Redemption 2, CachyOS averaged 85 FPS while Windows recorded 81 FPS, and in Cyberpunk 2077, CachyOS reached 98 FPS compared to Windows' 91 FPS. Overall, Linux showed frame rates approximately 3 to 10 percent higher across multiple tests. However, in The First Descendant, Windows outperformed CachyOS with 63 FPS to 54 FPS, and in The Division 2, both platforms had identical average frame rates of 128 FPS, though Windows had slightly more stable lows. All games on Linux were run using Proton, which has evolved into a robust solution for running Windows games on Linux. The results indicate that the performance gap between Linux and Windows in gaming is narrowing, with Linux capable of matching or surpassing Windows in certain scenarios.
Exploit code for a Windows privilege escalation vulnerability, named BlueHammer, has been released, allowing attackers to gain SYSTEM or elevated administrator permissions. This zero-day vulnerability was disclosed by a researcher, Chaotic Eclipse, who expressed frustration with Microsoft's handling of the issue. The exploit combines a time-of-check to time-of-use (TOCTOU) issue with path confusion, granting local attackers access to the Security Account Manager (SAM) database, which contains password hashes for local accounts. While the exploit is confirmed to work, it has been found unsuccessful on Windows Server due to bugs that hinder its effectiveness. Attackers can gain local access through various means, raising significant security risks. Microsoft has not yet responded to inquiries about the BlueHammer flaw.
Google is updating the Play Store by introducing a keyword search feature for app reviews, allowing users to search for specific terms within reviews. This feature aims to improve the user experience by helping individuals identify common issues or experiences. However, the update also removes the “device model” filter, which previously allowed users to filter reviews based on their specific device model. While the “latest version” filter has been moved to a more prominent position, the removal of the device-specific filter may hinder users seeking tailored insights related to their hardware. These changes have been observed in the latest updates but have not been officially announced by Google.
NihonGame will release the Hiryu no Ken Collection, featuring four classic NES titles, on April 15, exclusively on PC via Steam. The collection includes:
- Hiryu no Ken
- Hiryu no Ken II: Dragon no Tsubasa
- Hiryu no Ken III: Gonin no Ryusenshi
- Hiryu no Ken: Special Fighting Wars
These titles are straightforward ports without any remastering or enhancements. The Hiryu no Ken series originated in arcades in 1985, and the last entry was released on the Game Boy Color in 2000. The collection will only support Japanese language, which may limit its appeal to players outside Japan.
