abuse Archives

AppWizard

May 14, 2026

Google may be cutting free Gmail storage for new accounts down to 5GB

Google may reduce free account storage from 15GB to 5GB for users who do not link a phone number during signup. Users who connect a phone number can still access the full 15GB storage. Google has updated its support page to state "up to 15GB" of free storage instead of a guaranteed 15GB.

AppWizard

May 12, 2026

Popular PlayStation emulator clamps down on AI submissions: ‘Leave behind something useful to humanity when you’re gone, instead of peddling slop’

The RPCS3 development team has publicly addressed the influx of AI-generated pull requests (PRs) in their project, urging contributors to stop submitting what they call "AI slop code" and warning that they will ban those who do not disclose AI contributions. They expressed concern over poorly constructed PRs, particularly affecting their macOS build, and emphasized the importance of understanding the code being contributed. The team clarified that their issue is not with the use of AI code itself, but with the lack of disclosure. They have established new guidelines for AI contributions, allowing the use of AI tools for research and reverse engineering, but requiring contributors to fully understand and take ownership of their code. All communication with the team must come from human contributors, not AI.

AppWizard

May 12, 2026

Marathon reconsiders bug abuse approach after player uses Cryo Archive exploit to butcher an entire team

Bungie is reviewing its policies regarding player actions that exploit bugs in Marathon following a viral incident where a player used a flaw in the Cryo Archive map to eliminate another team. The company plans to compensate those affected by this incident and will address the bug before reintroducing the map. Bungie has historically not penalized players for going out of bounds but is considering stricter penalties for deliberate exploitation of bugs that negatively impact others. Since the launch of the Cryo Archive map, players have faced numerous issues, prompting ongoing patches and updates.

AppWizard

May 11, 2026

Jewish teen subjected to antisemitic slurs on Minecraft, inquiry told

A Perth teenager shared his experience of online bullying during a Royal Commission on Antisemitism and Social Cohesion hearing, detailing how classmates hurled antisemitic slurs at him while playing Minecraft. He felt isolated and distressed, confiding in his parents, who reported the bullying to the school. The school addressed the situation, leading to apologies from the students involved. The boy's mother expressed concerns about rising antisemitism, drawing parallels to her past experiences in the former Yugoslavia. Rabbi Menachem Dadon honored his friend Rabbi Eli Schlanger, who was killed in a shooting attack. Julie Nathan from the Executive Council of Australian Jewry reported a 316 percent increase in antisemitic incidents from 2023 to 2024, with over 1,600 incidents recorded in the past year. Musician Joshua Moshe faced online abuse after discussing Jewish history in a WhatsApp group, leading to threats and vandalism. Musician Deborah Conway experienced backlash and harassment after comments about military actions in Gaza, resulting in canceled gigs and protests. The Royal Commission continues to investigate antisemitism, having received over 9,600 submissions, primarily from Jewish individuals.

Winsage

May 11, 2026

Rustinel: Open-source endpoint detection for Windows and Linux

Open-source endpoint detection tools have typically been divided between Windows and Linux, with Windows solutions focused on Sysmon and Linux solutions on eBPF or auditd. Rustinel is a Rust-based endpoint agent that consolidates these efforts by gathering telemetry from both operating systems using ETW on Windows and eBPF on Linux, normalizing the data into a unified model. It evaluates the information against Sigma rules, YARA signatures, and atomic indicators of compromise, storing alerts in ECS-compatible NDJSON format for integration with SIEM or log-analysis platforms. Rustinel supports a range of events on Windows, including process creation, network activity, and PowerShell executions, while Linux support currently includes process, network, file, and DNS telemetry. It operates in user mode on both platforms, requiring specific conditions for installation. Unlike commercial EDR solutions that use kernel drivers, Rustinel's user-mode design prioritizes simplicity and stability, although it acknowledges limitations in tamper resistance and visibility. The agent utilizes three detection engines: Sigma for behavioral matching, YARA for scanning executables, and an IOC engine for deterministic checks. While it leverages existing content familiar to defenders, it has coverage gaps for certain advanced threats. Rustinel is available on GitHub under the Apache 2.0 license.

AppWizard

May 9, 2026

Instagram Loses End-To-End Message Encryption Today; What It Means For You

Instagram has discontinued its end-to-end encryption (e2ee) feature for direct messages, which previously allowed users to communicate securely without interception. All direct messages will now be protected by standard encryption, allowing potential access by service or network providers. Meta, Instagram's parent company, cited low usage rates for this change, which was communicated in March. Privacy advocates have raised concerns about user communications being shared with law enforcement and for AI training purposes, although Meta clarified it does not use private messages for AI purposes. Users seeking privacy can switch to WhatsApp or the standalone Messenger app, which still support e2ee. Meta has also advised users who had e2ee enabled to download their chat histories and media before the feature is fully retired.

AppWizard

May 8, 2026

Google is turning Android Studio into a policy watchdog

Google is enhancing the development experience for Android app creators by expanding Play Policy Insights within Android Studio, allowing developers to identify potential policy issues during coding. Developers will connect their Play developer accounts to access tailored insights. Google is also leveraging the SDK Index, a searchable database of Android SDKs, to provide crucial information on permissions and compliance with Play policies. To improve app security and user privacy, Google is upgrading the Play Integrity API for quicker detection of fraud and abuse, and introducing new privacy tools like a contact picker and location button. Support for post-quantum cryptography in Play App Signing will be added to protect apps from future threats. Developer verification will be implemented across Android to prevent the distribution of harmful apps. Google is revamping the Play Console to streamline the app publishing process, introducing expanded pre-review checks for common policy violations, a release status API for tracking approvals, and a feature to prevent new commits during reviews. Parallel publishing will be rolled out to avoid delays in updates. Additional enhancements include a Submission History log, secure account transfer tools, AI-powered policy recommendations, and expanded Play Academy training resources for new developers.

Winsage

April 23, 2026

Microsoft faces court battle in £2bn Windows Server class action

The Competition Appeal Tribunal (CAT) has approved a £2 billion class action against Microsoft, aimed at compensating approximately 59,000 businesses using the Windows Server operating system in non-Microsoft public clouds. The collective action, led by Maria Luisa Stasi, alleges that Microsoft has overcharged UK entities for Windows Server on competing cloud services. The tribunal dismissed Microsoft's objections and granted a Collective Proceedings Order on an opt-out basis. The class action addresses two main issues: pricing abuse related to the Microsoft Service Provider License Agreement (SPLA) and re-licensing abuse concerning the deployment of Windows Server on Azure versus other cloud providers. The UK Competition and Markets Authority is also investigating Microsoft's software licensing practices within the cloud market. James Hain-Cole from law firm Scott+Scott expressed satisfaction with the tribunal's decision, emphasizing its significance for securing compensation for affected businesses.

AppWizard

April 22, 2026

Steam, Minecraft, Roblox and Fortnite risk “becoming onramps to abuse, extremist violence, radicalisation or lifelong harm”, claim Australian government

The Australian government's eSafety commissioner has issued transparency notices to major gaming platforms, including Valve, Epic Games, Microsoft, and the Roblox Corporation, to understand their measures for safeguarding children online. Concerns have been raised about predatory adults targeting children through grooming and extremist narratives in games. Specific instances include Islamic State-inspired games on Roblox, far-right groups using Minecraft for fascist imagery, Fortnite gamifying tragic historical events, and Steam serving as a hub for extreme-right communities. The government is urging these companies to take meaningful steps to prevent abuse and radicalization. Some measures have already been implemented, such as Roblox restricting access to social hangouts and unrated games for users under 13 and introducing selfie-based facial age estimation technology. The companies are expected to provide detailed accounts of their existing and planned measures to combat grooming and extremism.

AppWizard

April 21, 2026

Trojanized Android App Fuels New Wave of NFC Fraud

A new variant of the NGate malware family has emerged, using a trojanized Android application to capture payment card data and personal identification numbers (PINs). This modified version of HandyPay, a legitimate NFC relay app, has been distributed since November 2025, primarily targeting users in Brazil. The malware intercepts NFC payment card data and allows fraudulent transactions. Two distinct malware samples have been observed, delivered through phishing infrastructure that impersonates a Brazilian lottery site and a Google Play listing for a card protection tool. The trojanized app captures NFC data, requests the victim's card PIN, and transmits this information to attacker-controlled infrastructure. It requires minimal permissions, leveraging its role as the default payment application to evade detection. Evidence suggests that generative AI tools may have been used in its development, indicated by emoji markers in debug logs. ESET has reported its findings to Google, and Google Play Protect can detect known versions of the malware. The developer of HandyPay is investigating the misuse of its application.