NewApp Digest
search bot

attack

Forbidden Solitaire warns us to uninstall it 'before it's too late,' but I played the demo anyway and now I want more
AppWizard
January 17, 2026

Forbidden Solitaire warns us to uninstall it ‘before it’s too late,’ but I played the demo anyway and now I want more

The Steam page for Forbidden Solitaire warns users to uninstall it "before it's too late." The demo features bizarre elements, including an eyeball offering upgrades and a character embedding gems into their own flesh. Players can cheat by inserting gems into their hand, with gameplay mechanics resembling traditional solitaire but incorporating unique twists, such as damaging opponents with removed cards. The game's lore involves a character testing the game on a vintage '90s PC, with messages from a friend discussing its controversial history. The demo includes strategic gameplay with key cards, cursed cards, and the need for careful decision-making to succeed. The player experiences a mix of card battling and puzzle-solving, leading to a sense of competence in card games.
Easterly helms RSAC, Windows update problems, Police Copilot gaffe
Winsage
January 16, 2026

Easterly helms RSAC, Windows update problems, Police Copilot gaffe

Jen Easterly has been appointed as the new Chief Executive Officer of the RSA Conference. She is a cybersecurity expert and former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Palo Alto Networks has released security updates for a vulnerability (CVE-2026-0227) with a CVSS score of 7.7 affecting its GlobalProtect Gateway and Portal, which can cause a denial-of-service condition in PAN-OS software. The January 2026 security update from Microsoft has caused connection and authentication failures in Azure Virtual Desktop and Windows 365, affecting users across various Windows versions. Microsoft is working on a resolution. The chief constable of West Midlands Police acknowledged an error by Microsoft’s Copilot AI in generating a fictional intelligence report. Microsoft has not confirmed Copilot's involvement. Britain’s National Cyber Security Centre (NCSC) has collaborated with Five Eyes partners to provide guidance on securing industrial operational technology, highlighting risks associated with remotely monitored systems. Kyowon, a South Korean conglomerate, confirmed a ransomware attack on January 10 that may have compromised customer information, affecting approximately 5.5 million members. Researchers at Varonis have identified a new attack technique called "Reprompt" that allows data exfiltration from Microsoft Copilot via a malicious link, exploiting a Parameter 2 Prompt (P2P) injection technique. Central Maine Healthcare is notifying over 145,000 patients about a data breach that compromised personal, treatment, and health insurance information, discovered on June 1.
Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026
AppWizard
January 16, 2026

Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026

The past year saw a 45% increase in new vulnerabilities targeting Android. By the end of 2024, there are projected to be 2.87 million apps on Google Play, with 66% of American employees using personal smartphones for work. Mobile applications are responsible for 70% of digital interactions, and vulnerabilities in these apps contributed to approximately 40% of data breaches involving personal data in 2023. Effective Android App Vulnerability Scanners analyze app security by identifying insecure local storage, hardcoded credentials, weak cryptography, insecure network configurations, broken authentication flows, and misconfigured components. AI-powered scanners, like AutoSecT, can autonomously generate new scanning protocols quickly, detect zero-day vulnerabilities, automate penetration testing, and operate with near-zero false positives.
Microsoft Ends Windows Server 2008 Support on January 13, 2026
Winsage
January 16, 2026

Microsoft Ends Windows Server 2008 Support on January 13, 2026

Microsoft has officially ceased all support for Windows Server 2008 as of January 13, 2026, including paid extended security updates. This end-of-life scenario poses significant security risks for organizations still using the outdated operating system, making them vulnerable to cyberattacks. The transition away from Windows Server 2008 requires careful planning, as many organizations face challenges in migrating legacy applications to modern systems. The lack of ongoing patches means that any new vulnerabilities will remain unaddressed, potentially leading to data breaches and compliance failures, particularly in regulated sectors like healthcare and finance. Microsoft has encouraged migration to Azure, offering incentives for early adopters, but the transition can be complex and costly. The end of support also affects global supply chains and compatibility with newer software applications. Organizations are advised to conduct audits of their software portfolios and consider hybrid environments to enhance flexibility and security.
Monster Train 2's first DLC is transforming the game with a giant new mode and the hammer-swinging Railforged clan
AppWizard
January 15, 2026

Monster Train 2’s first DLC is transforming the game with a giant new mode and the hammer-swinging Railforged clan

A significant update for Monster Train 2, titled Destiny of the Railforged, will be released in early February as the game's first paid DLC. It introduces a new clan, the Railforged, and a gameplay mode called Soul Savior. In Soul Savior, players battle to reclaim souls from a final boss named the Lifemother, with unique mechanics that enhance gameplay. Players can unlock and upgrade over 30 souls, each providing powerful enhancements and strategic options. The Railforged clan specializes in boosting the pyre's attack power and features new units and mechanics. Additionally, the Wurmkin clan will receive a free update with new designs and balance adjustments. Pricing details for the DLC have not been disclosed.
Hytale and Minecraft: 5 key differences you should know about
AppWizard
January 15, 2026

Hytale and Minecraft: 5 key differences you should know about

Hytale, developed by Hypixel Studios, shares similarities with Minecraft, including expansive, procedurally generated worlds and block-based environments. The game features a more nuanced combat system with special movesets and ultimate attacks, distinguishing it from Minecraft's melee system. Hytale's crafting is streamlined, allowing players to select items from a menu rather than arranging resources in a grid, and includes a progression mechanic for crafting stations. Additionally, Hytale introduces mantling, enabling players to jump and grab onto edges of blocks, enhancing mobility and exploration.
Microsoft fixes 114 flaws in year's first Windows 11 Patch Tuesday
Winsage
January 13, 2026

Microsoft fixes 114 flaws in year’s first Windows 11 Patch Tuesday

Microsoft's January 2026 Patch Tuesday update, KB5074109, addresses 114 vulnerabilities, including a critical zero-day vulnerability (CVE-2026-20805) in the Windows Desktop Window Manager (DWM) that has been actively exploited. The update is applicable to Windows 11 versions 24H2 and 25H2 and includes security enhancements and updates to AI components. Other high-severity vulnerabilities addressed include CVE-2026-20816 (privilege escalation in Windows Installer), CVE-2026-20817 (elevation of privilege in Windows Error Reporting), CVE-2026-20840 (vulnerability in Windows NTFS), CVE-2026-20843 (flaw in Routing and Remote Access Service), CVE-2026-20860 (vulnerability in Ancillary Function Driver for WinSock), and CVE-2026-20871 (another DWM vulnerability). The update removes legacy modem drivers to minimize the attack surface and resolves reliability issues in Azure Virtual Desktop and WSL networking. It also changes the default setting for Windows Deployment Services (WDS) to disable hands-free deployment. Users can install the update through Windows Update, and a system reboot is required for full application.
EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup
Winsage
January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.
Windows 11 has a hidden feature that barely anyone knows exists, and Microsoft just made a crucial update that could actually make it useful | Attack of the Fanboy
Winsage
January 12, 2026

Windows 11 has a hidden feature that barely anyone knows exists, and Microsoft just made a crucial update that could actually make it useful | Attack of the Fanboy

Windows 11 introduces a feature called Resume, or Cross Device Resume (XDR), which allows users to switch from an app on their phone to their Windows PC. The feature currently has limited app support, mainly functioning with Spotify and Microsoft 365. Microsoft is working to enhance this feature by allowing a broader range of Android applications to utilize Windows Resume. An update has introduced an alternative method for developers to connect their applications to Resume using the Windows Push Notification Service (WNS), addressing previous limitations. Developers must submit a request to Microsoft to enable Resume for their applications, and the app must be available on both Windows and Android for the feature to work effectively.
Search