bugs Archives

AppWizard

May 15, 2026

Minecraft Update on May 14 Applies Patch 3.38

Mojang released a hotfix for Minecraft, updating the game to version 26.21 on May 14, addressing issues from the recent Chaos Cubes update. The update fixes a UI freezing bug when opening a furnace and includes various gameplay bug fixes, stability improvements, and a technical update for block traits. Console users will see this as update 3.38. Specific fixes include: - Fixed a freeze when opening a furnace without recipes. - Fixed several crashes during gameplay. - Fixed a crash on launch. - Fixed a crash when clicking the ‘Search for people’ button while not signed in. - Fixed block traits not respecting experimental requirements for format_version >= 1.26.20.

AppWizard

May 15, 2026

Minecraft Bedrock 26.21 Released as Patch 1.048

Minecraft Bedrock Edition 26.21 was released on May 14, addressing various technical issues. The update is labeled as Minecraft update 1.048 (version 1.048.000) for console gamers. It fixes a freeze issue when opening a furnace without recipes, several gameplay crashes, and block traits not respecting experimental requirements for format_version >= 1.26.20.

Winsage

May 14, 2026

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the inaugural day of Pwn2Own Berlin 2026, a total of ,000 was awarded to security researchers for exploiting 24 unique zero-day vulnerabilities. Orange Tsai earned ,000 for chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was targeted by Angelboy, TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane, each earning ,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti earned ,000 for rooting Red Hat Linux for Workstations and an additional ,000 for a zero-day in the NVIDIA Container Toolkit. Other notable exploits included k3vg3n earning ,000 for taking down LiteLLM, Satoki Tsuji and haehae earning ,000 for exploiting NVIDIA Megatron Bridge zero-days, Compass Security and maitai earning ,000 each for hacking OpenAI's Codex, haehae earning ,000 for a Chroma zero-day, and STARLabs SG earning ,000 for exploiting a LM Studio zero-day. The DEVCORE Research Team leads the competition with ,000 in earnings, followed by Valentina Palmiotti with ,000. The contest is held at the OffensiveCon conference from May 14 to May 16, with over ,000,000 in cash and prizes available. Participants must target fully patched products and demonstrate arbitrary code execution. Vendors have a 90-day window to release security fixes after zero-day flaws are disclosed. Last year, the TrendMicro Zero Day Initiative awarded ,078,750 for 29 zero-day vulnerabilities.

Winsage

May 14, 2026

Microsoft pits more than 100 AI agents against each other to find Windows vulnerabilities

Microsoft has introduced MDASH (Multi-Model Agentic Scanning Harness), a security solution that uses over 100 specialized AI agents to identify software vulnerabilities. On May 12, 2026, MDASH identified 16 new vulnerabilities (CVEs) in the Windows networking and authentication stack, four of which were critical, including remote code execution vulnerabilities in tcpip.sys, ikeext.dll, netlogon.dll, and dnsapi.dll. Ten of these vulnerabilities can be accessed over the network without authentication. MDASH operates through a four-stage pipeline: analyzing source code, scrutinizing for suspicious elements, debating the exploitability of issues, and attempting to exploit vulnerabilities. The system is model-agnostic and allows integration of new models and domain-specific knowledge. MDASH scored 88.45 percent on the CyberGym benchmark, ranking first among competitors, although the comparison may not be entirely fair as it contrasts a comprehensive framework with individual models. The models used to achieve this score are not specified. MDASH is supported by Microsoft's Autonomous Code Security Team and is currently in a limited private preview for select customers.

Winsage

May 14, 2026

Microsoft MDASH finds Windows security flaws with AI | ETIH EdTech News

Microsoft has developed an AI security system called MDASH that has identified 16 vulnerabilities in Windows networking and authentication frameworks, with four classified as Critical, allowing for remote code execution. MDASH uses over 100 specialized AI agents to analyze code from multiple perspectives, improving the accuracy of vulnerability detection. The system has successfully detected all 21 planted vulnerabilities in a private testing environment without false positives, achieving a 96 percent recall rate against historical cases and an 88.45 percent success rate on the CyberGym benchmark. The identified vulnerabilities include issues in tcpip.sys and IKEEXT, which can be exploited remotely without needing credentials.

Winsage

May 13, 2026

Windows Update is getting better at saving your PC from buggy drivers

Microsoft has introduced Cloud-Initiated Driver Recovery, a feature that allows the company to replace problematic drivers on affected devices directly from the cloud, without requiring manual intervention from users or hardware partners. This aims to enhance system reliability and performance while reducing user burden in managing driver issues.

TrendTechie

May 13, 2026

На торренты слили Subnautica 2, но это старый билд

Some players have experienced outdated versions of Subnautica 2 ahead of its anticipated release on May 14. A leak has occurred, distributing older builds of the game online, leading to various theories about its source. Unknown Worlds Entertainment has confirmed the leak, stating that the circulating builds are incomplete and do not represent the final game. They warned that these unofficial builds may contain bugs and cannot be verified for safety or stability. The official release will differ significantly from the leaked versions and will launch in an "early access" format, with plans for ongoing updates and new features.

AppWizard

May 13, 2026

Minecraft 26.2 Snapshot 7 patch notes: Friends List, Music Disc, and more

Mojang has released the seventh snapshot for Minecraft Java Edition 26.2, introducing several new features: - A Friends List has been added, accessible via a new button and keybind ("O"), with tabs for managing friends and pending requests. Player presence is indicated, and notifications for friend request activities are included. Privacy settings can be managed in Online Options, though there are known desynchronization issues. - Players can now convert singleplayer worlds to online multiplayer through a new Multiplayer Options screen, offering two connection methods: Invite to World and Request to Join World. The previous Open to LAN screen has been replaced. - A new music disc titled Bounce by fingerspit is available in Mineshaft Chest Minecarts in Sulfur Cave biomes, along with five new background music tracks and activated biome music for Sulfur Caves. - Changes to Potent Sulfur include randomized geyser eruption times and the ability to erupt when a Lava block is placed underneath. Noxious Gas can spread through non-collidable blocks, and erupting Potent Sulfur can propel entities. - Bug fixes include resolving game crashes during legacy world upgrades, addressing issues with Wardens and Sulfur Spikes, enabling bucketed Sulfur Cubes to despawn, and correcting the TNT explosion advancement trigger.

Winsage

May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.

Winsage

May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.