codebase Archives

Winsage

May 14, 2026

Microsoft MDASH finds Windows security flaws with AI | ETIH EdTech News

Microsoft has developed an AI security system called MDASH that has identified 16 vulnerabilities in Windows networking and authentication frameworks, with four classified as Critical, allowing for remote code execution. MDASH uses over 100 specialized AI agents to analyze code from multiple perspectives, improving the accuracy of vulnerability detection. The system has successfully detected all 21 planted vulnerabilities in a private testing environment without false positives, achieving a 96 percent recall rate against historical cases and an 88.45 percent success rate on the CyberGym benchmark. The identified vulnerabilities include issues in tcpip.sys and IKEEXT, which can be exploited remotely without needing credentials.

Winsage

May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.

Winsage

May 11, 2026

Rustinel: Open-source endpoint detection for Windows and Linux

Open-source endpoint detection tools have typically been divided between Windows and Linux, with Windows solutions focused on Sysmon and Linux solutions on eBPF or auditd. Rustinel is a Rust-based endpoint agent that consolidates these efforts by gathering telemetry from both operating systems using ETW on Windows and eBPF on Linux, normalizing the data into a unified model. It evaluates the information against Sigma rules, YARA signatures, and atomic indicators of compromise, storing alerts in ECS-compatible NDJSON format for integration with SIEM or log-analysis platforms. Rustinel supports a range of events on Windows, including process creation, network activity, and PowerShell executions, while Linux support currently includes process, network, file, and DNS telemetry. It operates in user mode on both platforms, requiring specific conditions for installation. Unlike commercial EDR solutions that use kernel drivers, Rustinel's user-mode design prioritizes simplicity and stability, although it acknowledges limitations in tamper resistance and visibility. The agent utilizes three detection engines: Sigma for behavioral matching, YARA for scanning executables, and an IOC engine for deterministic checks. While it leverages existing content familiar to defenders, it has coverage gaps for certain advanced threats. Rustinel is available on GitHub under the Apache 2.0 license.

AppWizard

May 6, 2026

How I found the Android launcher that finally rivals the Google Pixel experience

The Pixel Launcher is built on three foundational features: visual consistency through Material You, simplicity with a minimalistic interface, and fluidity with smooth animations. However, it has limited customization options compared to other launchers. Lawnchair is an open-source project that enhances the Pixel experience by restoring customization options removed by Google, such as hiding widgets, supporting icon packs, and allowing user-defined grid layouts. Lawnchair maintains a clean interface while offering extensive control over app visibility and layout, effectively addressing the limitations of the Pixel Launcher. Lawnchair 15 provides a refined version of the Pixel experience, making it accessible to users of non-Pixel devices.

Winsage

May 6, 2026

Microsoft’s Windows 11 update just fixed memory leaks, slow startup, and File Explorer bugs

Microsoft released the April 2026 optional preview update (KB5083631) for Windows 11, targeting versions 24H2 and 25H2. This update resolves the "white flash" bug in File Explorer, overhauls its codebase, and preserves user settings for View and Sort preferences. It improves the reliability of the explorer.exe process, optimizes the Delivery Optimization service to reduce memory leaks, and enhances the boot sequence for faster startup. The update lifts the FAT32 formatting limit from 32GB to 2TB. It also includes reliability improvements for the Taskbar, fixes for Microsoft Store download errors, resolves a Windows Hello fingerprint data loss issue, enhances Remote Desktop scaling, ensures color profile consistency, and improves the Fluid Dictation feature. The comprehensive improvements will be included in the mandatory Patch Tuesday update on May 12, 2026.

Winsage

May 4, 2026

Windows 11’s Windows 95-era File Explorer Properties dialog is getting replaced with modern version and dark mode

Microsoft is replacing the legacy File Explorer Properties dialog box in Windows 11 with a modern version powered by WinUI 3. This change aims to improve the performance and reliability of Windows 11. The current Properties dialog does not support dark mode, which has been an issue for users. Recent findings from Windows 11 Insider builds indicate that Microsoft is actively developing a new file properties dialog. Strings for “DeletedFileProperties” have been discovered, suggesting the old dialog will be replaced. Microsoft is also modernizing outdated Windows 8 UI elements within Windows 11. The introduction of the WinUI 3 properties dialog is expected to enhance File Explorer's performance by streamlining its hybrid codebase. Users can anticipate gradual updates throughout 2026, with a rollout to the Experimental channel expected later this year.

Winsage

April 7, 2026

Windows 11 Version 25H2 is Now Being Pushed to All Eligible PCs

Windows 11 version 25H2 is now available for Home and Pro users, rolling out to all non-managed PCs currently on version 24H2. The upgrade will be automatic for eligible users unless there are compatibility issues. Version 24H2 will reach its end of support on October 13, 2026, while version 25H2 will be supported until October 2027. The upgrade process uses a simple enablement package, and most features are accessible to both versions. However, version 25H2 removes certain legacy features like PowerShell 2.0 and WMIC. Users can choose when to restart or postpone the installation, but it becomes mandatory after a pause time limit. Windows 11 version 26H1 is in development and will debut on new devices with Qualcomm’s Snapdragon X2 Series processors.

Tech Optimizer

April 5, 2026

Linux 7.0 Cuts PostgreSQL Performance in Half

An AWS engineer reported a significant drop in PostgreSQL throughput on Linux 7.0, with performance reduced to approximately half of its previous capability. Benchmark tests showed that the removal of the PREEMPT_NONE scheduling option was the main cause of this regression. On a 96-vCPU Graviton4 instance, throughput measured at just 0.51x compared to earlier kernel versions. Salvatore Dipietro from Amazon/AWS conducted benchmarking analysis of PostgreSQL 17, revealing that Linux 7.0 delivered only 0.51x the throughput of its predecessors. The root cause was traced to kernel commit 7dadeaa6e851, which eliminated PREEMPT_NONE as the default option, leading to increased contention due to the new PREEMPT_LAZY model. Profiling data indicated that 55% of CPU time is consumed by spinning in PostgreSQL’s spinlock, causing significant performance degradation. When a revert patch was applied, throughput rebounded to 1.94x the baseline. The decision to restrict preemption modes in Linux 7.0 aimed to address issues within the kernel's scheduling model. Dipietro proposed a patch to restore PREEMPT_NONE, but kernel developers suggested PostgreSQL adopt the rseq time slice extension instead. Database operators running PostgreSQL on Linux face potential performance reductions with the upgrade to Linux 7.0.

Winsage

March 31, 2026

Speechify Launches with On-Device Voice AI for 1B+ Windows Users Worldwide

Speechify has launched a Windows application featuring real-time text-to-speech and speech-to-text functionality, allowing for both cloud-based and on-device processing. On-device processing ensures user voice data remains secure on the machine. The application utilizes the Windows ML stack and platform APIs to operate across x64 and Arm64 architectures, leveraging Qualcomm’s Snapdragon technology for enhanced performance. The ONNX Runtime's QNN execution provider facilitates real-time transcription on Snapdragon laptops, enabling a split encoder-decoder architecture that optimizes processing. The application includes features like system-wide shortcuts, auto-pasting of transcribed text, OCR functionality, and secure data handling through Windows DPAPI. The Speechify Windows application is available for x64 and Arm64 devices via the Microsoft Store.

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.