advisory

Tech Optimizer
July 3, 2026
Percona has formed a strategic alliance with HexaCluster to assist organizations in migrating from proprietary databases to open-source alternatives, specifically PostgreSQL, MySQL, and MariaDB. The partnership combines Percona's migration assessment and production support with HexaCluster's migration software for diverse database environments. The migration process will begin with a comprehensive assessment by Percona to outline the scope and plan the transition. Percona will lead the migration efforts, while HexaCluster will provide software solutions for complex migrations. This collaboration aims to help enterprises reduce costs associated with proprietary databases and minimize risks during migration. HexaCluster specializes in PostgreSQL migration and offers tools for migration assessment, schema conversion, data migration, and live replication. Percona supports various database systems and emphasizes open-source solutions to give organizations more control over their data infrastructure.
AppWizard
June 30, 2026
Robert Henrysson has announced his departure as CEO of Supermassive Games, two months after the launch of Directive 8020. He reflected on his tenure with pride, noting the studio's expansion and commitment to quality. Nordisk Games recognized his contributions and leadership during a transformative period. Directive 8020, part of the Dark Pictures series, received mixed user ratings on Steam but was praised by critics, achieving an 85% rating. Henrysson's leadership occurred amid industry challenges, including layoffs. He plans to spend the summer with his family while remaining open to future opportunities in the gaming industry.
Tech Optimizer
June 24, 2026
EDB's per-core pricing model offers predictable costs compared to consumption-based cloud data platforms, aiding organizations in budgeting. However, predictable billing does not guarantee lower costs, as high-speed operational data processing requires more expensive hardware than lakehouse storage solutions. EDB's architecture, built on a unified Postgres-Iceberg foundation, streamlines data governance by reducing the need for multiple specialized data stores, leading to fewer platforms to manage and enhancing operational efficiency and data governance protocols.
Tech Optimizer
June 23, 2026
A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.
Winsage
June 15, 2026
Microsoft has expanded the rollout of the Secure Boot 2023 certificate update to more Windows 11 and Windows 10 devices with the June 2026 Patch Tuesday update (KB5094126). This update aims to ensure that most supported consumer PCs are classified as high confidence, meaning necessary certificates are either installed or will be applied automatically. Secure Boot is a firmware security feature that verifies the software attempting to load during the startup process, blocking unauthorized software. The certificates supporting Secure Boot, issued in 2011, are expiring in stages starting June 24, 2026, prompting Microsoft to deploy replacement certificates. Most home users do not need to take manual action as the updates will occur automatically via Windows Update. Users can check their Secure Boot certificate status in the Windows Security app. A yellow warning indicates pending compatibility data, while a red alert suggests a firmware incompatibility requiring a BIOS update. Multiple reboots during the update process are normal, and a new SecureBoot folder in Windows is for staging cryptographic files. Older PCs may experience longer update times, and some may not receive updates due to firmware issues. HP users should check for BIOS updates if encountering BitLocker recovery loops. IT administrators should monitor device classifications and manually initiate updates for devices not in the high confidence category. Devices with Secure Boot disabled cannot receive updates, leaving them vulnerable. The expiration of the Microsoft Corporation KEK CA 2011 certificate on June 24 does not immediately affect device functionality, but it limits Microsoft's ability to sign new bootkit blacklist updates.
Tech Optimizer
June 13, 2026
On June 10th, Splunk released an advisory for CVE-2026-20253, a high-severity vulnerability with a CVSS score of 9.8 that requires no authentication. The vulnerability is associated with the PostgreSQL Sidecar Service Endpoint and affects Splunk Enterprise versions 10 and above. In default installations, the service is not installed on Windows but is installed and enabled by default on AWS. The vulnerability allows unauthorized users to create and truncate arbitrary files through an API that lacks authentication controls. Additionally, it enables the execution of SQL commands via a backup and restore mechanism, potentially leading to remote code execution (RCE). A Detection Artefact Generator has been developed to help organizations assess their vulnerability to this issue.
Winsage
June 9, 2026
Dell confirmed that a bug in version 5.5.16.0 of its SupportAssist Remediation software is causing blue screen errors and system restarts. The issue is linked to the SupportAssist Remediation service, which operates independently from the main SupportAssist application. Dell has released an updated version, 5.5.16.1, to fix the problem. Affected users should check for version 5.5.16.0 in the Installed Apps section of Windows Settings and update their SupportAssist OS Recovery Tools. Users are advised to back up data and keep their systems powered during the update process. HP is facing issues related to Windows Secure Boot updates, causing boot problems and BitLocker recovery loops on affected devices. This occurs when new UEFI Secure Boot CA 2023 certificates fail to apply correctly. HP recommends updating to the latest BIOS version and configuring Secure Boot certificates before installing Windows 11 Patch Tuesday updates. For systems already experiencing issues, BIOS configuration changes may be necessary.
Winsage
June 3, 2026
Cybersecurity researchers have identified an unpatched vulnerability that could expose NTLMv2 hashes to attackers, linked to the "search:" URI handler. This issue is similar to CVE-2026-33829, which involved a spoofing vulnerability in the Windows Snipping Tool's ms-screensketch: URI handler. The flaw allows attackers to trick users into connecting to their SMB servers, disclosing NTLMv2 hashes for authentication exploitation. The new vulnerability operates using "search:" and "crumb=location:" parameters, resulting in a similar Net-NTLMv2 leak. Microsoft has chosen not to address this issue, stating only vulnerabilities classified as Important or Critical would be fixed. Recommendations to mitigate risks include blocking outbound SMB traffic, enforcing SMB signing, and disabling NTLM authentication where possible.
Winsage
June 1, 2026
The Centre for Cybersecurity Belgium (CCB) has warned about the exploitation of a critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, which allows remote code execution on domain controllers without prior access or authentication. This vulnerability, characterized as a stack-based buffer overflow, was patched by Microsoft during the May 2026 Patch Tuesday. The CCB emphasized the urgency of patching vulnerable servers, noting that the vulnerability is actively being exploited. The CVSS score for this vulnerability is 9.8. Further details on the ongoing attacks have not been disclosed, and Microsoft has not updated its advisory on the vulnerability.
Search