code Archives

AppWizard

May 13, 2026

Playground Games Confirms Forza Horizon 6 PC Leak Came From a Reviewer, an Influencer, or an Insider

A leak regarding the PC version of Forza Horizon 6 was confirmed by Playground Games to have originated from an individual with early access, not a pre-load issue. The company announced strict enforcement actions against anyone accessing the leaked build, including potential franchise-wide and hardware bans. SteamDB indicated that the file list for the game appeared on their platform due to a token dumper, clarifying they do not share keys or facilitate downloads. Playground Games can trace the leaker using unique identifiers in review codes. The official release date for Forza Horizon 6 is set for May 19.

Winsage

May 13, 2026

May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA

Organizations using S/4HANA for critical functions should prioritize remediation efforts as SAP has confirmed there is no alternative workaround for existing vulnerabilities. They must implement specified correction instructions or support packages. Additionally, SAP has issued a HotNews note (#3733064) with a CVSS score of 9.6, indicating a high-severity vulnerability in SAP Commerce Cloud due to missing authentication checks. This vulnerability allows unauthenticated users to execute malicious actions, including configuration uploads and code injections, potentially leading to arbitrary server-side code execution. Organizations are advised to take immediate action to protect their systems.

Winsage

May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.

Winsage

May 13, 2026

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

Microsoft's May 2026 security update addresses 137 vulnerabilities, with 31 classified as critical. None of these critical vulnerabilities are currently being exploited in active attacks. Sixteen of the critical vulnerabilities involve remote code execution (RCE) issues in Microsoft products, including Microsoft Office, Microsoft Word, and Azure. Specific vulnerabilities include: - CVE-2026-32161: A use-after-free vulnerability in the Windows Native WiFi Miniport Driver. - CVE-2026-40358: A use-after-free vulnerability in Microsoft Office. - CVE-2026-41089: A stack-based buffer overflow in Windows Netlogon. Additional important vulnerabilities flagged include: - CVE-2026-33835: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. - CVE-2026-33837: Windows TCP/IP Local Elevation of Privilege Vulnerability. - CVE-2026-35416: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. Talos is releasing a new Snort ruleset to detect attempts to exploit these vulnerabilities, and users are advised to update their Cisco Security Firewalls and acquire the latest rule pack via Snort.org.

AppWizard

May 12, 2026

Where to find the key code to Carter’s PC in Directive 8020

The key code to access Carter's PC in Directive 8020 is 2808 or 0828. The clue to the password is a post-it note on Carter's monitor that says "Luna's," pointing to a calendar in Crew Quarters. The calendar reveals that Luna's birthday is on August 28th, which provides the necessary digits for the code. After entering the code, a cutscene occurs with Simms entering Crew Quarters, and players receive a new objective to follow her. Interaction with Carter's PC is no longer possible after this cutscene.

Winsage

May 12, 2026

Microsoft’s Windows K2 overhaul is making File Explorer launch much faster

Microsoft is reassessing its strategy following criticism and a decline in user satisfaction related to its AI tool, Copilot. The company is unwinding some Copilot integrations and reallocating resources to address issues with Windows 11, particularly focusing on improving File Explorer. Windows K2 will enhance File Explorer's performance, utilizing the WinUI 3 framework, which aims to streamline operations. Recent benchmarks show significant reductions in resource consumption for File Explorer, including 41% fewer allocations, 63% fewer transient allocations, 45% fewer function calls, and a 25% reduction in time spent in WinUI code. Improvements are expected to be rolled out soon.

AppWizard

May 12, 2026

Popular PlayStation emulator clamps down on AI submissions: ‘Leave behind something useful to humanity when you’re gone, instead of peddling slop’

The RPCS3 development team has publicly addressed the influx of AI-generated pull requests (PRs) in their project, urging contributors to stop submitting what they call "AI slop code" and warning that they will ban those who do not disclose AI contributions. They expressed concern over poorly constructed PRs, particularly affecting their macOS build, and emphasized the importance of understanding the code being contributed. The team clarified that their issue is not with the use of AI code itself, but with the lack of disclosure. They have established new guidelines for AI contributions, allowing the use of AI tools for research and reverse engineering, but requiring contributors to fully understand and take ownership of their code. All communication with the team must come from human contributors, not AI.

AppWizard

May 12, 2026

Samsung’s solution for apps with ‘excessive’ ads is rolling out now

Samsung's Device Care has introduced a new feature to block apps that generate excessive advertisements as part of the One UI 8.5 update. This feature includes two blocking options: a "basic" setting and an "intelligent" blocking feature that uses analytics to identify and manage ads. The rollout of One UI 8.5 began in the U.S. on May 11. The update version 13.8.80.7 includes the ad-blocking feature, which has been in development since December and may utilize AI to monitor ads across all installed applications. The update also brings AI call screening, enhanced editing tools, and minor user interface adjustments.

AppWizard

May 12, 2026

Brawl RNG codes May 2026

Players are encouraged to take note of the latest Brawl RNG codes to maintain a competitive edge in the game. Brawl RNG is described as "a fast, clean idle clicker" featuring RNG drops, upgrades, rebirths, and battle simulations. The latest Brawl RNG code is "NovaWeekend!!," which provides a Golden Dice. To redeem Brawl RNG codes, players must launch the game, click the 'Settings' icon, input a valid code, and press the 'Redeem' button. If players experience issues with the settings screen closing unexpectedly, maximizing the Roblox app or restarting the game may help. New codes are typically announced on the Brawl RNG Discord page during significant updates, and players can find permanent codes in the 'codes' channel and limited-time codes in the 'announcements' channel. Expired codes include KGems.FOR.BRAWLPASS, PinPackILikeChillyTea, N.O.V.A.D.R.O.P, Demonic?, Angelic?, and DEMONVSANGEL!!.

Winsage

May 11, 2026

New GhostLock tool abuses Windows API to block file access

A security researcher has developed a proof-of-concept tool called GhostLock, which exploits a vulnerability in the Windows file API, specifically the 'CreateFileW' function. By manipulating the 'dwShareMode' parameter to grant exclusive access to files, GhostLock can prevent other users or applications from opening those files, resulting in a 'STATUSSHARINGVIOLATION' error. The tool automates the process of opening multiple files on SMB shares, causing access disruptions without requiring elevated privileges. This technique is intended as a disruption attack rather than a destructive one, similar to ransomware, and can serve as a diversion during intrusions. Detection of this attack relies on monitoring the open-file count with ShareAccess set to 0 at the file server layer. Dvash has provided resources for IT teams to enhance detection capabilities against this threat.