bypass Archives

AppWizard

June 12, 2026

Telegram’s Wear OS app makes a comeback, now with full chats, voice notes, and more

Telegram has reintroduced its app to Wear OS, allowing Android smartwatch users to access a fully functional messaging interface. The new version enables users to scroll through complete conversations, view photos, videos, and location previews, and play voice messages directly from the smartwatch. Users can actively engage in conversations by replying with text or voice, sending stickers, and managing chats. On the smartphone side, Telegram has enhanced its Android app with features such as bots that send richly formatted messages and manage group interactions. Group administrators can assign bots for moderation, and Telegram Polls now support clickable links. The in-app browser has been improved to handle links more flexibly, allowing users to customize how links open.

AppWizard

June 11, 2026

You can just bypass Fable’s ‘complex, nuanced’ reputation system with enough gold

The reboot of Fable features a 30-minute gameplay demonstration showcasing an innovative reputation system that influences player interactions with over a thousand NPCs. Players earn reputational adjectives based on their actions, affecting how NPCs perceive them. Choices such as sparing a life can earn titles like "merciful," while reckless actions may lead to a "reckless" reputation. Players can alter their reputation by paying a fee to a town crier, raising questions about the balance between gameplay challenge and convenience. The developers note that negative reputations, like "killer" or "criminal," will persist unless players invest time to amend them or pay for intervention. This duality reflects trends in RPG design, where the complexity of choices can conflict with the desire for a smooth gameplay experience. The mechanics of the reputation system promise nuanced interactions and varied outcomes based on player decisions.

Winsage

June 11, 2026

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse has released a Windows BitLocker bypass tool named GreatXML, following a previously disclosed exploit targeting Microsoft Defender. The discovery was made accidentally and took four hours. A critical vulnerability exists for users who have used the Windows Defender Offline Scan feature, making them susceptible to the BitLocker bypass. The exploit involves copying an XML file and a recovery folder to the recovery partition and rebooting into the Windows Recovery Environment (WinRE). If the Defender offline scan was not initiated, users must log in to start it or find a way to boot into WinRE in offline scan state. GreatXML is the second BitLocker bypass tool released by Chaotic Eclipse, following the earlier exploit known as YellowKey (CVE-2026-45585), which has been patched by Microsoft.

Winsage

June 11, 2026

Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows

Nightmare Eclipse has released a new zero-day vulnerability exploit called GreatXML, which allows unrestricted access to BitLocker volumes on Windows systems that have previously run a Microsoft Defender Offline scan. This discovery was made in four hours and adds to Nightmare Eclipse's total of eight zero-day vulnerabilities. Microsoft is investigating the claims related to another exploit, RoguePlanet, but has not commented on GreatXML or provided a patch timeline. Nightmare Eclipse, rumored to be a former Microsoft employee, has faced backlash from the security community for previous disclosures and has vowed to continue releasing vulnerabilities. Security expert Will Dormann has raised concerns about the practicality of the GreatXML exploit, noting that it requires administrative access and questioning the accuracy of the instructions provided by Nightmare.

Winsage

June 11, 2026

Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft patched 206 vulnerabilities during June's Patch Tuesday, surpassing the previous record of 175 vulnerabilities patched in October 2025. Among the patched vulnerabilities, 118 are related to different versions of Windows, including Windows 10, Windows 11, and Windows Server. One critical vulnerability, CVE-2026-41091, in Microsoft Defender is actively being exploited, prompting an update to the Malware Protection Engine. Microsoft also addressed ten vulnerabilities in the Security Feature Bypass category due to the expiration of old Secure Boot certificates. Of the 118 Windows vulnerabilities, 19 are classified as critical Remote Code Execution (RCE) vulnerabilities, including CVE-2026-47288 and CVE-2026-47291. In Microsoft Office, 54 vulnerabilities were patched, including 25 RCE vulnerabilities, with nine classified as critical. Microsoft patched eight vulnerabilities in Exchange Server, including CVE-2026-45583, which can be exploited in a man-in-the-middle scenario. Additionally, the update for Edge addressed 74 Chromium vulnerabilities, including a zero-day vulnerability (CVE-2026-11645).

Winsage

June 11, 2026

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

A new zero-day exploit named RoguePlanet has been discovered targeting Microsoft’s Windows operating system, disclosed by security researcher Nightmare Eclipse. The exploit allows local privilege escalation (LPE) by exploiting a race condition in Microsoft Defender and can facilitate remote code execution (RCE) through deceptive .vhd(x) files. RoguePlanet may also bypass BitLocker encryption. The proof-of-concept has been tested on Windows 10 and Windows 11 systems but does not function on Windows Server, although the researcher believes all Windows Server versions are vulnerable. Following its release, RoguePlanet was confirmed by other researchers to spawn a command prompt with SYSTEM privileges on patched computers. This disclosure comes after Microsoft released patches for earlier exploits by Nightmare Eclipse, including GreenPlasma and YellowKey. The researcher has expressed dissatisfaction with Microsoft’s vulnerability disclosure process, alleging legal action against them and the suspension of their GitHub account, leading to the publication of RoguePlanet under a new account.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 10, 2026

Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

Microsoft's recent Patch Tuesday release addressed 206 security vulnerabilities, marking the largest update since the program began in October 2003. Among these, 32 vulnerabilities are classified as critical, including three zero-day vulnerabilities that were disclosed before patches were available, though none are reported to be actively exploited. Notable vulnerabilities include: - CVE-2026-50507 in Windows BitLocker, with a CVSS score of 6.8, allowing unauthorized bypass of security features through physical attacks. - CVE-2026-49160 in HTTP.sys, with a CVSS score of 7.5, which can be exploited for remote denial-of-service attacks. - CVE-2026-45586 in the Windows Collaborative Translation Framework (CTFMON), with a CVSS score of 7.8, which could grant SYSTEM privileges to attackers.

AppWizard

June 10, 2026

This useful sideloaded Android Auto app lets me watch YouTube, browse the web, and more

The exploration of sideloaded Android Auto applications has revealed features not available in Google's official offerings, with Fermata Auto being a notable all-in-one solution that combines local playback, YouTube access, web browsing, and screen mirroring. To use Fermata Auto, one must first install the Android Auto Apps Downloader (AAAD) and enable Developer Mode on their Android device. After installing AAAD, users can search for and download Fermata Auto. Upon installation, various components related to Fermata Auto may appear in the Android Auto launcher. Users may need to grant permissions for optimal functionality, and while the on-screen keyboard may lag, the app includes a bookmark feature for quick access to websites. Fermata Auto has been found to provide a reliable and efficient experience for in-car YouTube and web browsing, particularly when parked.

Winsage

June 10, 2026

Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature

On June 9, 2026, Microsoft announced a vulnerability in Windows BitLocker, identified as CVE-2026-50507, which allows unauthorized attackers with physical access to bypass BitLocker Device Encryption. The flaw is categorized under CWE‑306, indicating a missing authentication check for a critical function, and has a CVSS v3.1 base score of 6.8. It affects various versions of Windows 10, Windows 11, and Windows Server from 2012 R2 to 2025. Microsoft released security updates to address the vulnerability, and it was classified as “Exploitation More Likely.” Although there is no evidence of active exploitation, proof-of-concept code exists. Organizations are advised to implement multi-factor configurations and reassess device handling and security protocols.