code Archives

Winsage

May 6, 2026

Defender Misflags DigiCert Root Certificates, Breaking Windows SSL Trust

On April 30, 2026, Microsoft Defender misclassified two legitimate DigiCert root certificates as a severe threat, specifically Trojan:Win32/Cerdigent.A!dha, leading to their quarantine and disrupting SSL/TLS validation across affected endpoints. This misclassification was a result of new malware detections introduced by Microsoft in response to concerns over compromised certificates from a DigiCert breach. The false-positive alerts were triggered by the registry entries of the two trusted root certificates, which are crucial for validating SSL/TLS sessions. Microsoft later acknowledged the error and adjusted the alert logic. There was no actual compromise of the DigiCert certificates, as administrators confirmed that the certificate hashes matched the official values. The misclassification stemmed from a failure to properly constrain the detection to only revoked end-entity signing certificates related to a separate incident. This incident follows a pattern of Microsoft Defender misidentifying legitimate software as malicious, as seen in a 2022 incident where Microsoft Office was flagged as a virus. Organizations with restrictive update policies may continue to face SSL/TLS validation failures until they deploy the corrective Security Intelligence version or manually restore the DigiCert roots.

Winsage

May 6, 2026

Security updates Windows no longer require frequent reboots

Since early May 2026, a U.S. company has introduced Hotpatching technology for compatible devices, allowing security updates to be applied without a full system reboot. This technology replaces code fragments directly in the RAM of running processes, reducing the size of downloaded packages and enabling quicker implementation of critical patches. The update mechanism operates on a hybrid schedule with four base months requiring mandatory reboots for cumulative changes and eight hotpatching months focusing on in-memory security fixes. If extensive architectural changes are needed or if the software environment does not meet standards, the system defaults to a standard installation algorithm that requires a reboot. The technology is designed for corporate infrastructures with high operational demands and requires Windows 11 version 24H2 or later, specific editions, and enabled VBS virtualization protection.

AppWizard

May 6, 2026

Sniper Arena codes May 2026

Sniper Arena offers competitive gun-based gaming with opportunities to enhance gameplay through in-game items. The latest codes for Sniper Arena are: - FREELIKE1 - unlocks a random mystic knife - 50mvisit - grants one neon core case - freecase - provides one release case - weaponfix - offers one limited case To redeem codes, players must launch the game, access the settings menu, select the redeem code option, input a code, and click redeem. Codes are released by the developer, 9D Game Club, and can often be found in the game's Discord community. Expired codes include: 3mvisit and EASTER2026.

AppWizard

May 6, 2026

Android Apps Get Public Verification System to Stop Supply Chain Attacks

Google has launched an enhanced Binary Transparency initiative for Android to strengthen the ecosystem against supply chain attacks. This initiative builds on the Pixel Binary Transparency framework introduced in October 2021, which ensures Pixel devices operate on verified OS software through a public cryptographic log of factory images. The new initiative aims to address the increasing sophistication of binary supply chain attacks, emphasizing that a binary's digital signature alone is insufficient for guaranteeing its authenticity. Starting May 1, 2026, all production Android applications released by Google will include a cryptographic entry confirming their authenticity. This initiative covers various Google applications and provides a transparent 'Source of Truth' for users to verify the software on their devices. Google is also offering verification tools for users and researchers to confirm the transparency state of supported software types, enhancing user privacy and security.

AppWizard

May 6, 2026

Google expands Android Binary Transparency to counter supply chain attacks

Supply chain attacks targeting mobile software have increased due to the reliance on smartphones for essential functions. In response, Google has launched an enhanced Binary Transparency program for Android, which includes a public ledger that records cryptographic entries for production applications. This program initially covers two software layers: Google Applications and Mainline Modules. For Pixel device owners, it complements the Pixel System Image Transparency feature introduced in 2023, allowing users to verify the authenticity of system images and Google applications. The program aims to address the gap in software trust by distinguishing between digital signatures, which confirm the identity of the binary's creator, and binary transparency, which indicates the intent for public release. If a Google-signed application released after May 1, 2026, is not listed in the ledger, it means Google did not authorize it as production software. Verification tools are available on GitHub for assessing software against the ledger. Google employs "defense-in-depth" protocols to mitigate insider risks, ensuring that no single individual can publish a binary without triggering cryptographic verification. The ledger acts as a public record to deter unauthorized modifications. Google is also working to extend Binary Transparency to third-party developers to enhance the security of the global software supply chain.

Winsage

May 6, 2026

Microsoft enables Hotpatching by default: Windows updates without restarts become a reality

Beginning in May 2026, Microsoft will introduce Hotpatching as a default feature for compatible systems, allowing security updates to be applied without requiring a restart. Hotpatching updates code directly in the memory of running processes, enabling selective updates without interrupting the entire system. It does not replace monthly security updates but alters their activation process on eligible systems, categorized as security updates within the monthly B releases. Eligible systems must be running Windows 11 version 24H2 or newer and possess suitable licenses such as Enterprise, Education, Microsoft 365, or Windows 365. Management of these updates will be facilitated through Windows Autopatch or Microsoft Intune. Microsoft will continue to utilize baseline updates that require a restart, which will alternate with Hotpatch months. Hotpatching aims to reduce the frequency of restarts tied to security updates, particularly benefiting environments where uptime is critical. However, planned restarts will still be necessary, and robust telemetry and maintenance practices will be needed to ensure smooth operation.

Winsage

May 6, 2026

Microsoft’s Windows 11 update just fixed memory leaks, slow startup, and File Explorer bugs

Microsoft released the April 2026 optional preview update (KB5083631) for Windows 11, targeting versions 24H2 and 25H2. This update resolves the "white flash" bug in File Explorer, overhauls its codebase, and preserves user settings for View and Sort preferences. It improves the reliability of the explorer.exe process, optimizes the Delivery Optimization service to reduce memory leaks, and enhances the boot sequence for faster startup. The update lifts the FAT32 formatting limit from 32GB to 2TB. It also includes reliability improvements for the Taskbar, fixes for Microsoft Store download errors, resolves a Windows Hello fingerprint data loss issue, enhances Remote Desktop scaling, ensures color profile consistency, and improves the Fluid Dictation feature. The comprehensive improvements will be included in the mandatory Patch Tuesday update on May 12, 2026.

Tech Optimizer

May 5, 2026

Open Source Tamper-Proof Database Adds Immutable Audit Logging and Expands PostgreSQL Compatibility

Codenotary has released immudb 1.11, an open-source database that enhances immutable audit logging and compatibility with PostgreSQL. This version features integrated audit logging that captures database activities in a tamper-proof manner, eliminating the need for external logging systems. It allows organizations to create unalterable audit trails, streamline compliance processes, and maintain a reliable history of data interactions. Immudb 1.11 is compatible with existing PostgreSQL code, enabling seamless integration with various applications and tools. The database is particularly beneficial for sectors requiring trust and accountability, such as finance, software development, cybersecurity, regulated industries, AI systems, and supply chain management. Immudb has over 50 million downloads and supports a zero-trust approach to data management. The open-source version is available on GitHub.

AppWizard

May 5, 2026

Samsung Driving Insights app could be the backseat driver no one asked for

A newly leaked build of Samsung's One UI 9 reveals an app called Driving Insights, which uses artificial intelligence to provide personalized feedback on driving habits. The app analyzes driving behaviors through location tracking and AI algorithms, generating weekly summaries for users. It assesses aspects such as speed and braking intensity, and activates when a phone connects to a vehicle's Bluetooth. Users can filter reports by time and distance, receiving feedback ranging from commendations to constructive advice. The app will also monitor rapid acceleration and sharp turns. Driving Insights aims to enhance driving practices, but raises concerns about the reliability of AI-generated advice in promoting safe driving.

Winsage

May 5, 2026

April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver

Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.