background Archives

Winsage

April 18, 2026

RedSun: Windows 0day when Defender becomes the attacker

A vulnerability has been discovered in Windows Defender that allows standard users to exploit a logic error in the file remediation process, enabling code execution with elevated privileges without administrative access. This flaw, identified by security researcher Chaotic Eclipse, occurs because Windows Defender does not verify if the restoration location of flagged files has been altered through a junction point. The exploit, named RedSun, takes advantage of a missing validation in the MpSvc.dll file, allowing attackers to redirect file restoration to the C:WindowsSystem32 directory. RedSun operates by chaining together four legitimate Windows features: Opportunistic Locks (OPLOCKs), Cloud Files API, Volume Shadow Copy Service (VSS), and Junction Points. The execution of the exploit involves monitoring shadow copies, triggering Defender's detection, synchronizing OPLOCKs, and ultimately writing malicious binaries to the System32 directory. The root cause is the lack of reparse point validation in the restoration process, and currently, no patch or CVE has been assigned for this vulnerability. It affects Windows 10, Windows 11, and Windows Server 2019 and later, and organizations are advised to implement behavioral detection strategies until a fix is available.

Winsage

April 18, 2026

‘They mopped the floor with me and pulled every childish game they could’: Disgruntled researcher releases second major Windows zero-day — claims Microsoft ‘would ruin my life, and they did’

A new zero-day vulnerability in Microsoft Defender has been disclosed by a researcher known as "Chaotic Eclipse," who has created a proof-of-concept exploit called "RedSun." This vulnerability allows local privilege escalation to SYSTEM level on Windows 10, Windows 11, and Windows Server when Microsoft Defender is active. The vulnerability has attracted attention from antivirus vendors, with some detecting it on VirusTotal due to an embedded EIRCAR in the executable. Chaotic Eclipse previously disclosed another vulnerability named BlueHammer, which also allowed local attackers to gain SYSTEM or elevated permissions. The researcher expressed dissatisfaction with Microsoft's vulnerability disclosure process, recounting negative interactions with the company. A Microsoft spokesperson stated the company's commitment to investigating security issues and supporting coordinated vulnerability disclosure.

AppWizard

April 18, 2026

Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits

On April 16, Google released Android 17 Beta 4, concluding its beta phase and focusing on app compatibility and platform stability. Developers must finalize updates for Android 17 to avoid delays when the stable version is released. Key behavioral changes for apps targeting Android 17 include: - Large-screen resizability restrictions, preventing apps from opting out of maintaining orientation, resizability, and aspect ratio constraints. - Expanded restrictions on dynamic code loading, requiring native files loaded via System.load() to be read-only. - Certificate Transparency is enabled by default. - Local network access is restricted by default, with a new ACCESSLOCALNETWORK permission for persistent access. - Stricter rules on background audio interactions, including playback and volume change APIs. Android 17 introduces per-app memory limits based on device RAM to target memory leaks and anomalies, with minimal impact expected on app sessions. Developers can check for memory limit impacts via ApplicationExitInfo and utilize profiling tools in Android Studio Panda. An on-device anomaly detection service monitors resource-intensive behaviors and provides profiling artifacts. Additionally, the Android Keystore now supports ML-DSA for quantum-safe signatures, allowing developers to generate keys and create signatures within secure hardware.

AppWizard

April 17, 2026

New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps

Cybersecurity researchers from Zimperium zLabs have identified four families of Android malware—RecruitRat, SaferRat, Astrinox, and Massiv—targeting banking and cryptocurrency applications. These malware families can extract sensitive information from over 800 applications. They primarily use phishing and smishing to lure users into downloading malicious software. Phishing involves creating fake websites resembling legitimate login pages, while smishing uses urgent text messages with links to download harmful payloads. RecruitRat targets job seekers with fake employment websites, and SaferRat promises free access to premium video services. Astrinox mimics a business tool and has been linked to a fraudulent Apple App Store page, while Massiv's distribution methods remain unclear. Once installed, these malware applications initiate Overlay attacks, displaying counterfeit screens to capture user credentials. They also use a "blindfold" technique to obscure their activities by overlaying static images on the user's screen. The malware can intercept security codes, capture one-time passwords, and employ keylogging techniques. RecruitRat has a library of over 700 counterfeit login pages that activate with targeted apps. Researchers recommend avoiding links in urgent messages and downloading apps only from official sources.

Tech Optimizer

April 17, 2026

Why Postgres wants NVMe on the hot path, and S3 everywhere else

Efforts to merge storage roles into a single solution are ongoing, particularly with Amazon S3's durability and cost-effectiveness. In PostgreSQL, achieving a durable commit requires flushing the Write-Ahead Log (WAL) before signaling transaction completion, which can take tens of microseconds on high-performance NVMe drives but extend to milliseconds on slower storage. This latency impacts Online Transaction Processing (OLTP) systems and user response times. Benchmark studies show that systems with faster local storage outperform those with slower alternatives as workloads exceed memory capacity. The fsync operation in PostgreSQL is a commitment rather than a simple write, with enterprise-grade SSDs performing better due to power-loss protection. Read operations also face challenges, as PostgreSQL's need for small, latency-sensitive reads conflicts with S3's design for larger, higher-latency requests. As the working set exceeds memory, storage latency becomes a critical performance factor. Modern managed PostgreSQL systems typically do not place object storage in the critical commit path, instead maintaining a fast log or cache close to the database while relegating colder data to remote storage. Recent PostgreSQL developments, such as asynchronous I/O support in version 18, aim to leverage fast storage more effectively. S3 is valuable for tasks like WAL archiving and backups, but these should be kept separate from the commit path to avoid resource contention. The solution involves using both NVMe and S3, with fast storage managing commits and cache misses, while object storage handles archives and backups. PostgreSQL performs best when hot and cold storage functions are clearly delineated.

AppWizard

April 17, 2026

Android 17 hits a major milestone as Google releases its last ‘scheduled’ beta

Google has released Android 17 beta 4, the final beta version before the anticipated mid-2026 launch. This update, with build number CP21.260330.008, is available for Pixel devices from Pixel 6 to Pixel 10 and focuses on stability rather than new features. A key addition is 'App memory limits' to manage RAM usage and improve performance, particularly for foldable phones and tablets. Developers are required to optimize apps for Android 17, ensuring compatibility with new features. The beta update is rolling out via the Android Beta Program, with stable Android 17 expected later this year. Users can sideload the update or manually flash the factory image if they haven't received it.

AppWizard

April 16, 2026

Your next Android app might be AI-made, and Google wants it done right

Aspiring developers can now use advanced AI tools like ChatGPT, Claude, and Gemini to generate code for Android applications with minimal coding expertise. However, AI-generated apps may rely on outdated information, leading to inefficiencies and bugs. In response, Google is providing AI coding agents with access to current Android developer resources and introducing tools like a new Android Command Line Interface (CLI) and task-specific skills to improve app development. This initiative aims to ensure that apps follow the latest guidelines and practices. Additionally, Google is streamlining the process for scaling applications across various Android devices, which will benefit end-users by delivering better-optimized AI-generated applications.

Tech Optimizer

April 16, 2026

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher named Chaotic Eclipse has discovered a significant vulnerability in Microsoft Defender that could allow hackers to gain administrative access to systems running Windows 10, Windows 11, and Windows Server. The vulnerability arises from Windows Defender's behavior of rewriting detected malicious files back to their original location instead of removing them, which can be exploited to overwrite system files and grant unauthorized users elevated privileges. This issue remains unaddressed by Microsoft, leaving millions of users vulnerable. Although there is no current evidence of active exploitation, the situation could change. Users are advised to consider additional antivirus solutions for enhanced security.

Tech Optimizer

April 16, 2026

Best Antivirus Software for Windows PCs in 2026

Bitdefender Total Security offers real-time malware and virus detection, multi-layer ransomware protection, a limited daily data VPN, a password manager, parental controls, and webcam protection. It is compatible with Windows, Mac, Android, and iOS. Pros include excellent detection ratings, minimal system impact, and coverage for up to five devices. Cons are a VPN data cap unless upgraded, significant renewal price increases, and some advanced features being buried in menus. Surfshark Antivirus provides real-time malware scanning, webcam and microphone protection, data breach alerts, and is bundled with Surfshark VPN. It is available on Windows and Android. Pros include competitive pricing when bundled with VPN, a clean interface, and decent malware detection. Cons are fewer features compared to dedicated suites, limited iOS support, and being relatively new in the antivirus space. Norton 360 includes real-time threat detection, LifeLock identity monitoring (on higher tiers), a built-in VPN with no data cap, cloud backup, and a password manager. It supports multiple platforms. Pros are strong overall protection, dark web monitoring alerts, and no VPN data limits. Cons include a higher starting price, automatic renewal enabled by default, and being resource-heavy on older machines. Avast Free Antivirus offers real-time virus and malware protection, a Wi-Fi network scanner, a browser cleanup tool, and a basic ransomware shield. It is available on multiple platforms. Pros include core protection for free, lightweight installation, and an extensive threat database. Cons are aggressive upselling, past privacy concerns, and advanced features locked behind a subscription. Malwarebytes focuses on malware and adware detection, offering real-time protection (Premium only), a browser guard extension, and a light system footprint. It is available on multiple platforms. Pros include excellent detection of adware and a user-friendly interface. Cons are the lack of real-time protection in the free version and fewer features compared to full-suite competitors. Free antivirus software should prioritize real-time protection, coverage beyond basic viruses, a browser extension for blocking suspicious sites, and automatic updates. Free versions typically handle common threats adequately but lack advanced features and support found in paid versions. Some free tools may collect user data, raising privacy concerns. To install antivirus software on Windows 10, download it from the official website, follow setup instructions, and ensure background protection and automatic updates are enabled. Transitioning from Windows Defender is usually managed automatically by most antivirus programs. Running two real-time scanners can cause conflicts; instead, pair a primary antivirus with a secondary tool like Malwarebytes for manual scans. If a paid antivirus plan is not renewed, protection may revert to a limited mode or cease entirely. Microsoft Defender offers adequate protection but lacks additional features like a VPN or identity monitoring. Standard antivirus plans typically range from to 0 annually, with renewal prices often increasing.

AppWizard

April 16, 2026

You can now get YouTube Premium for half price with Google AI Pro

Google is offering a 50% discount on the annual YouTube Premium subscription for new subscribers to the Google AI Pro plan, reducing the yearly cost significantly. This promotion follows recent price hikes for YouTube Premium in the U.S. and aims to attract users to the AI Pro subscription, which has increased its storage capacity from 2TB to 5TB at no extra cost. The discounted rate will continue upon renewal, but it is only available to the Google One plan manager or family organizer, not to other family plan members. Subscribers will receive features like background playback, offline downloads, ad-free viewing, and access to Gemini-powered functionalities.