categories Archives

Tech Optimizer

May 21, 2026

CVE-2024-55638: Highly Critical Drupal Core Vulnerability Threatens PostgreSQL Sites with Remote Code Execution (RCE)

A critical vulnerability, CVE-2024-55638, has been identified in Drupal Core, affecting installations using PostgreSQL as their backend database. This vulnerability involves PHP Object Injection, which can lead to full Remote Code Execution (RCE) when combined with another deserialization flaw. It cannot be exploited independently but increases the risk for Drupal installations that use third-party modules or custom code that improperly employs the unserialize() function. The affected versions include Drupal Core 7.x prior to 7.102, 8.0.0 and above prior to 10.2.11, and 10.3.0 prior to 10.3.9, with patched versions being 7.102, 10.2.11, and 10.3.9. The vulnerability is particularly relevant for sites using PostgreSQL, and organizations are urged to upgrade to the patched versions and audit their code for unsafe unserialize() usage. Currently, there are no confirmed reports of exploitation in the wild, but the risk remains high due to insecure deserialization bugs in third-party modules. The EPSS score for this vulnerability is 9.93%, indicating a significant likelihood of exploitation in the near future.

AppWizard

May 19, 2026

Valve Just Made Some Big Changes to Steam Tags, And The New Additions Shed Light on Recent Trends

Valve updated Steam's tagging system on May 18th, removing 28 outdated tags, introducing 17 new ones, and adjusting existing categories. The new tags include Bullet Heaven, Desktop Companion, Organizing, Cleaning, Decorating, Wuxia, Xianxia, Falling Blocks, Espionage, Samurai, Zoo, Wolves, Capybaras, Animals, Cult, Poker, and Language Learning. The retired tags include 3D Vision, Ambient, America, Blood, Crowdfunded, Cult Classic, Documentary, Drama, Dungeons & Dragons, Electronic, Experience, Feature Film, Foreign, GameMaker, Games Workshop, Illuminati, Kickstarter, LEGO, Masterpiece, Mature, Movie, Narration, NSFW, Roguevania, RPGMaker, Warhammer 40K, Web Publishing, and Well-Written. Existing tags like Clicker and Conversation were rebranded to Incremental and Dialogue Heavy, respectively. The updates aim to improve user navigation and reflect current gaming trends.

AppWizard

May 19, 2026

Google Unwraps Plans to Put AI to Work for Android, Web Developers

At the recent Google I/O event, Google introduced a suite of AI tools for Android and Chrome applications aimed at enhancing marketing and management for developers. In the Play Store, AI will assist in app discovery through Google’s Gemini and provide a Q&A interface for user inquiries. New AI-driven management tools for developers include creating app listings based on keyword insights, automating catalog management, analyzing payment issues, and offering retention incentives for users. Google also reduced Play Store charges for developers to a commission of 10% to 20%. For Android programmers, Google’s AI Studio offers coding assistance for specific app categories, while additional enhancements include a command-line interface guided by programming-assistant AIs and new marketing options. In Chrome, Google introduced a trial version of WebMCP for AI agents to connect with site APIs and expanded built-in AI tools for writing and debugging. New web-coding options are being tested to improve app-like interfaces and compatibility metrics. The “Immediate UI Mode” feature allows for a unified login interface to streamline passkey authentication.

Winsage

May 16, 2026

Windows 11 and Microsoft Edge Hacked at Pwn2Own Berlin 2026

On May 14, Pwn2Own Berlin 2026 began, where researchers earned ,000 for 24 unique zero-day vulnerabilities. Cheng-Da Tsai, also known as Orange Tsai, achieved a significant Edge sandbox escape, earning ,000, and later exploited Microsoft Exchange for remote code execution, earning an additional ,000. Tsai accumulated 17.5 Master of Pwn points, contributing to DEVCORE's lead with ,000 in total earnings. Other researchers, including Angelboy and TwinkleStar03, earned ,000 for an Improper Access Control vulnerability, while Marcin Wiązowski and Kentaro Kawane also contributed successful exploits. By the end of Day One, DEVCORE led with ,000, and the event featured a prize pool exceeding ,000,000 across 31 targets. As of Day Two, a total of ,750 had been awarded for 39 unique vulnerabilities, with DEVCORE leading at 40.5 points and ,000 in earnings.

AppWizard

May 16, 2026

Horizon Group USA Partners with Minecraft for New Line of Licensed Products

Horizon Group USA has entered into a licensing agreement with Minecraft to create a product line that transforms digital experiences into physical activities. The upcoming products will include tactile playsets, STEM-focused dig kits, and other interactive formats aimed at fostering community engagement and creativity. The product line is expected to debut this summer at major retailers such as Amazon and Walmart.

Winsage

May 16, 2026

Microsoft is making Windows 11’s Start menu resizable after years of complaints, adds Small and Large options

Microsoft is updating the Start menu in Windows 11 based on user feedback about its size and functionality. The new Start menu will feature a categories layout and enhanced customization options. Users will soon be able to choose between two layouts: small and large. Additionally, users can hide specific sections within the menu, such as the Pinned section or the Recommended feed, to create a more streamlined experience. The Recommended feed can be disabled without affecting the Recent section in the taskbar or File Explorer. Users will also have the option to hide their name and profile picture in the Start menu. These updates will be rolled out in the coming weeks, with plans for further enhancements, including a movable and smaller taskbar and up to 18 major changes to Windows 11.

Winsage

May 14, 2026

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the inaugural day of Pwn2Own Berlin 2026, a total of ,000 was awarded to security researchers for exploiting 24 unique zero-day vulnerabilities. Orange Tsai earned ,000 for chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was targeted by Angelboy, TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane, each earning ,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti earned ,000 for rooting Red Hat Linux for Workstations and an additional ,000 for a zero-day in the NVIDIA Container Toolkit. Other notable exploits included k3vg3n earning ,000 for taking down LiteLLM, Satoki Tsuji and haehae earning ,000 for exploiting NVIDIA Megatron Bridge zero-days, Compass Security and maitai earning ,000 each for hacking OpenAI's Codex, haehae earning ,000 for a Chroma zero-day, and STARLabs SG earning ,000 for exploiting a LM Studio zero-day. The DEVCORE Research Team leads the competition with ,000 in earnings, followed by Valentina Palmiotti with ,000. The contest is held at the OffensiveCon conference from May 14 to May 16, with over ,000,000 in cash and prizes available. Participants must target fully patched products and demonstrate arbitrary code execution. Vendors have a 90-day window to release security fixes after zero-day flaws are disclosed. Last year, the TrendMicro Zero Day Initiative awarded ,078,750 for 29 zero-day vulnerabilities.

AppWizard

May 14, 2026

Party Animals’ $75,000 AI video contest is a slap in the face to its creative team, and I’m not surprised it’s getting blasted on Steam

Recreate Games announced an AI video contest called the 'Golden Paw Awards' for players to create short films using generative AI tools, which has led to significant backlash from the community. The contest offers a cash prize of ,000 but has faced criticism for its reliance on AI-generated content, resulting in over 800 unfavorable reviews and a 'Mostly Negative' classification for recent reviews of Party Animals. In response to the negative feedback, Recreate Games issued an apology and proposed three options: canceling the contest, changing it to a non-AI competition, or keeping both AI and non-AI categories. The studio emphasized that they view AI as a tool for creative expression, but this explanation has not alleviated community disappointment.

AppWizard

May 14, 2026

Samsung may be working on its most aggressive anti-distraction tool yet

Samsung is developing a feature for One UI 9 called “Network management for concentration,” which aims to help users manage distractions by controlling internet access for specific app categories, including Browser, Game, Social, Streaming, and Other. This feature is found in the hidden Connectivity Labs menu and allows users to restrict internet access without manual intervention. It includes a six-digit PIN system for security, ensuring only authorized users can modify settings, and features a “Downtime” mode to schedule automatic activation of restrictions. The feature is currently in the experimental phase, with its public release uncertain.

AppWizard

May 14, 2026

Meta faces court over Android tracking claims

Meta is facing a class action lawsuit for allegedly exploiting vulnerabilities in Android smartphones to track users' private information, linking browsing activity to Instagram and Facebook accounts. The lawsuit claims Meta unlawfully accessed and de-anonymized personal data of millions of Android users to enhance advertising profiling. A US District Court Judge ruled that most privacy-related claims in the lawsuit must proceed, stating that plaintiffs have plausibly alleged a significant intrusion upon their privacy. Meta is accused of exploiting an Android vulnerability to bypass security measures that isolate apps, allowing it to link browsing information to users' accounts. Although Meta has reportedly stopped using this tracking method, it successfully dismissed two claims related to unjust enrichment and the use of modified pixel code. Additionally, the lawsuit includes claims against Google for negligence, with one claim dismissed but another allowed to proceed. In response to regulatory pressures, Meta is introducing new features for parental supervision of teens on its platforms and plans to use AI to detect underage accounts.