attacks Archives

Winsage

May 13, 2026

Disgruntled researcher releases two more Microsoft zero-days

An anonymous researcher known as Nightmare-Eclipse has revealed two new vulnerabilities affecting Windows systems, named YellowKey and GreenPlasma, shortly after Microsoft's latest Patch Tuesday update. YellowKey is a "BitLocker bypass" that allows attackers with physical access to gain unrestricted shell access to protected machines. Experts have expressed concerns about YellowKey's potential to transform laptop theft into a serious breach notification scenario, and suggested mitigations such as implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse has also hinted that YellowKey could function as a backdoor allegedly introduced by Microsoft, although this claim remains unsubstantiated. GreenPlasma is a privilege escalation flaw for which partial exploit code has been released, but it currently triggers a User Account Control (UAC) consent prompt, requiring attackers to invest time in weaponizing it. There is no known mitigation for GreenPlasma, making it crucial for organizations to patch their systems promptly once Microsoft addresses the issue. Nightmare-Eclipse has previously disclosed five zero-day vulnerabilities this year, including BlueHammer, and has characterized their actions as a response to a perceived violation of trust. The researcher has indicated the existence of a "dead man's switch," suggesting that more disclosures could follow if their demands are not met.

Tech Optimizer

May 13, 2026

AI-Powered Endpoint Detection and Response: Why Modern Cybersecurity Depends on EDR

Every device connected to a corporate network, including laptops, desktops, servers, and mobile phones, can be a potential gateway for cyberattacks. AI-powered Endpoint Detection and Response (EDR) solutions are essential in modern cybersecurity strategies, utilizing behavioral analysis, real-time monitoring, and machine learning to detect, investigate, and respond to advanced threats. Traditional antivirus software, which relies on known malicious signatures, is becoming ineffective against modern attackers who use fileless attacks and custom-built malware. EDR continuously monitors endpoint activity, capturing behavioral data to identify anomalies consistent with attacks. It provides forensic capabilities to help security teams understand how breaches occur. EDR is a critical component of a multi-layered security architecture, complementing other security measures like firewalls and patch management. When choosing an EDR solution, organizations should consider real-time detection, automated response capabilities, integration with existing security tools, and ease of investigation.

AppWizard

May 13, 2026

Path of Exile 2’s new boss-taming summoner class breaks ARPG minions like never before

The Path of Exile 2 Return of the Ancients update is set to launch on May 29, introducing significant changes, including a redesign of the endgame and a crafting overhaul. Two new Ascendancies will be added: the Martial Artist Monk and the Spirit Walker Huntress. The Spirit Walker Ascendancy allows players to control powerful beast bosses and features three branches: Vivid, Primal, and Wild. The Vivid Path summons stag spirits, the Primal Path enhances projectile skills, and the Wild Path provides a spirit bear companion that boosts minion damage and life. The Idolatry path expands minion build options. The Natural Order feature allows the Tame Beast skill to work on unique beasts, starting with early-game adversaries and escalating to tougher foes. Game director Mark Roberts showcased a "zookeeper build" that utilizes the unique scepter Sylvan's Effigy, which removes companion limits. Companion damage has been buffed, and new features include a raven flock and a cluster grenade launcher called Redemption.

AppWizard

May 13, 2026

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google introduced a new opt-in feature for Android users called Intrusion Logging, which enhances the analysis of spyware attacks as part of the Advanced Protection Mode. Developed with Amnesty International and Reporters Without Borders, it logs daily device and network activities, including app activity, installations, network connections, file transfers, system certificate modifications, and device lock events. The log data is encrypted and stored securely, accessible only to the device owner. Logs are retained for 12 months and cannot be deleted by users before expiration, though they can be downloaded for offline storage. Intrusion Logging also records network events during Chrome's Incognito mode. This feature is beneficial for high-risk individuals who may be targets of surveillance. Users can access the logs through the Settings app, and the rollout is underway for devices with the Android 16 December update and newer. Additionally, Google announced other privacy and security features, including a verified financial call feature to combat scams, expansion of Live Threat Detection, evaluation of APK files for malware, revocation of accessibility services API access from non-designated apps, and enhancements to Find Hub's Mark as Lost feature. Other updates include improved device recovery options, enhanced privacy controls, introduction of AISeal with pKVM, expansion of Binary Transparency, protection against OTP theft, and strengthening data protection with post-quantum cryptography.

AppWizard

May 13, 2026

What’s New in Android Security and Privacy in 2026

The company is implementing default-on theft protections globally for all new Android 17 devices and those recently reset or upgraded. This initiative follows a successful pilot in Brazil and will also extend to devices running Android 10 or higher in Argentina, Chile, Colombia, Mexico, and the UK. Features like Remote Lock and Theft Detection Lock will automatically activate to enhance security against theft. The frequency of PIN or password attempts has been reduced, with longer wait times between failed attempts to deter brute-force attacks. Users can access their device's IMEI from the lock screen on Android 12 or higher, aiding in the recovery of stolen devices. Additionally, Android 17 introduces a temporary location sharing button for specific applications, allowing users to share their location without permanent permissions.

Winsage

May 13, 2026

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

Microsoft's May 2026 security update addresses 137 vulnerabilities, with 31 classified as critical. None of these critical vulnerabilities are currently being exploited in active attacks. Sixteen of the critical vulnerabilities involve remote code execution (RCE) issues in Microsoft products, including Microsoft Office, Microsoft Word, and Azure. Specific vulnerabilities include: - CVE-2026-32161: A use-after-free vulnerability in the Windows Native WiFi Miniport Driver. - CVE-2026-40358: A use-after-free vulnerability in Microsoft Office. - CVE-2026-41089: A stack-based buffer overflow in Windows Netlogon. Additional important vulnerabilities flagged include: - CVE-2026-33835: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. - CVE-2026-33837: Windows TCP/IP Local Elevation of Privilege Vulnerability. - CVE-2026-35416: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Talos is releasing a new Snort ruleset to detect attempts to exploit these vulnerabilities, and users are advised to update their Cisco Security Firewalls and acquire the latest rule pack via Snort.org.

AppWizard

May 12, 2026

Google wants Gemini to take over how you browse in Chrome

Google will integrate its Gemini 3.1 AI into the Chrome toolbar for Android starting in June, allowing users to summarize articles, ask questions about content, and extract details without switching apps. Users can enable the "Personal Intelligence" feature for tailored responses based on personal preferences. The Nano Banana feature will let users create or modify visuals from web pages. The auto browse function will allow Chrome to perform tasks like reserving parking or updating orders automatically. These features will include security protections, but sensitive actions will still require user confirmation. Gemini in Chrome will require devices with at least 4GB of RAM, running Android 12 or newer, and set to English-U.S. The rollout will begin for select Android devices in the U.S. at the end of June, with the auto browse feature available initially only to AI Pro and Ultra subscribers.

AppWizard

May 12, 2026

Nine Sols, one of our best-reviewed soulslikes, is just $12 on Steam this week

Nine Sols achieved a score of 92% in a review, qualifying it for a "compelling recommendation for most PC Gamers." It is currently available on Steam at a 60% discount until May 18, reducing the price to £10. The game offers approximately 20 hours of gameplay and is noted for its parry-based mechanics, appealing to fans of Hollow Knight and Silksong. It features an innovative mechanic called the Unbounded Counter, which requires precise timing to deflect attacks. The soundtrack enhances the gaming experience.

Tech Optimizer

May 12, 2026

Trend Micro Inc stock (JP3180400008): Trading at premium to fair value estimate

Trend Micro Inc (TSE: 4704) is trading at ¥6,178.00, which is a 698% premium over Morningstar's estimated fair value of ¥8,415.77 for May 2026. The company specializes in cybersecurity solutions, including antivirus software and cloud security, with a subscription-based business model. Its core markets include Japan, North America, Europe, and Asia-Pacific, with significant revenue from enterprise security solutions like the Trend Micro Vision One XDR platform. The company has a Price/Earnings ratio of 20.02, a Quick Ratio of 1.10, and a Return on Assets of 13.52%. The rising demand for cybersecurity, particularly in North America, is a key revenue driver. Trend Micro's portfolio includes AI-powered threat intelligence and mobile security solutions, targeting sectors like finance and healthcare. The company is positioned favorably against competitors and offers U.S. investors access through American Depository Receipts (ADRs).

Winsage

May 11, 2026

Rustinel: Open-source endpoint detection for Windows and Linux

Open-source endpoint detection tools have typically been divided between Windows and Linux, with Windows solutions focused on Sysmon and Linux solutions on eBPF or auditd. Rustinel is a Rust-based endpoint agent that consolidates these efforts by gathering telemetry from both operating systems using ETW on Windows and eBPF on Linux, normalizing the data into a unified model. It evaluates the information against Sigma rules, YARA signatures, and atomic indicators of compromise, storing alerts in ECS-compatible NDJSON format for integration with SIEM or log-analysis platforms. Rustinel supports a range of events on Windows, including process creation, network activity, and PowerShell executions, while Linux support currently includes process, network, file, and DNS telemetry. It operates in user mode on both platforms, requiring specific conditions for installation. Unlike commercial EDR solutions that use kernel drivers, Rustinel's user-mode design prioritizes simplicity and stability, although it acknowledges limitations in tamper resistance and visibility. The agent utilizes three detection engines: Sigma for behavioral matching, YARA for scanning executables, and an IOC engine for deterministic checks. While it leverages existing content familiar to defenders, it has coverage gaps for certain advanced threats. Rustinel is available on GitHub under the Apache 2.0 license.