NewApp Digest
search bot

concern

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw
Winsage
April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.
Google warns phone actions are getting cut from its smart home automations very soon
AppWizard
April 28, 2026

Google warns phone actions are getting cut from its smart home automations very soon

Starting in the first week of May, Google will remove "phone actions and automations" from its Nest devices, which include features like checking battery levels, toggling Do Not Disturb settings, and adjusting phone volume. While these phone-related actions will be phased out, core home automations will remain functional. Google has introduced a new feature for its Gemini platform called "Continued Conversations," allowing users to engage in extended dialogues without repeating context. Additionally, some Nest Hub users are experiencing a glitch where alarms set for PM are announced as AM.
Top 10 Security Suites with VPN Included in 2026
Tech Optimizer
April 28, 2026

Top 10 Security Suites with VPN Included in 2026

Purchasing a VPN can lead to a minor reduction in internet speed, but advancements like optimized protocols (e.g., WireGuard) have made this less of a concern. Acquiring a comprehensive cybersecurity suite is generally more cost-effective than separate VPN and antivirus software, and these suites are designed to minimize software conflicts. Many well-known security packages, such as Norton and McAfee, offer licenses that cover multiple platforms (Windows, Mac, Android, iOS). While no cybersecurity software is completely impervious to attacks, these suites significantly reduce risk and defend against various threats. It is recommended to enable a VPN when using public Wi-Fi, and many users opt to keep their VPN active continuously for enhanced privacy and security.
Avoid Security Gaps and Compatibility Issues With a $9.97 Windows 11 Pro Upgrade
Winsage
April 27, 2026

Avoid Security Gaps and Compatibility Issues With a $9.97 Windows 11 Pro Upgrade

Windows 11 Pro keys are currently available for .97, offering an economical upgrade option that enhances software compatibility and security. The operating system includes features like Snap Layouts, multiple desktops, BitLocker encryption, Smart App Control, biometric logins, and an integrated AI assistant called Copilot. These enhancements aim to improve workflow management and security for businesses handling sensitive information. Upgrading to Windows 11 Pro can rejuvenate existing hardware performance, and the offer is significantly reduced from the MSRP of 9. Prices are subject to change.
Google just announced a cleaner Nest and Fitbit community, but there's a catch
AppWizard
April 27, 2026

Google just announced a cleaner Nest and Fitbit community, but there’s a catch

Google will overhaul its Google Home & Nest Community and Fitbit forums next month, resulting in the permanent deletion of all existing posts. Users will lose access to their post history, and Fitbit users must create new accounts as the previous platform will be retired along with all associated profile data. The updates are set to roll out in May, and users are advised to save important threads or guides before the transition.
Windows 11 KB5083769: The April Update may require the recovery key on certain BitLocker-enabled systems
Winsage
April 27, 2026

Windows 11 KB5083769: The April Update may require the recovery key on certain BitLocker-enabled systems

The April update KB5083769 for Windows 11 versions 24H2 and 25H2, released on April 14, 2026, has a known issue where certain devices may enter BitLocker recovery mode after installation. This problem affects a limited subset of devices with specific, non-recommended BitLocker Group Policy settings. The issue arises when BitLocker is activated, a specific TPM platform validation policy is set to include PCR7, PCR7 binding is not feasible, the Windows UEFI CA 2023 certificate is present, and the device is not using the 2023-signed Windows Boot Manager. Microsoft advises organizations to review their BitLocker Group Policy settings and verify PCR7 binding status before deploying the update to prevent devices from requesting recovery keys. If the recovery prompt appears, users will need to enter the BitLocker recovery key, but subsequent reboots should not trigger the recovery process again if the Group Policy remains unchanged.
Signal isn’t broken — so how are hackers targeting the world’s ‘most secure’ chat app?
AppWizard
April 27, 2026

Signal isn’t broken — so how are hackers targeting the world’s ‘most secure’ chat app?

On April 26, hackers allegedly linked to Russian groups targeted the Signal messaging app with phishing attacks aimed at senior politicians. These attacks did not compromise Signal's end-to-end encryption; rather, they deceived users into providing access to their accounts through fake messages. Signal is operated by the non-profit Signal Foundation, founded in 2012 by Moxie Marlinspike with funding from Brian Acton, a co-founder of WhatsApp. Signal distinguishes itself by rendering metadata invisible to its operators, unlike WhatsApp, which shares user data with its parent company. Signal's president, Meredith Whittaker, advocates for data privacy.
Microsoft Looks Ready To Stop Forcing Windows Updates At The Worst Time
Winsage
April 26, 2026

Microsoft Looks Ready To Stop Forcing Windows Updates At The Worst Time

Microsoft announced a new feature for Windows 11 on April 24, 2026, allowing users to select a pause date for updates, extending up to 35 days, which can be reset as needed. This update experience aims to give users more control over when updates occur, addressing frustrations related to the timing of updates. Additionally, the power menu will include options for "Update and restart" and "Update and shut down" when an update is pending. The new model is currently in testing, and it is unclear when it will be available to all Windows 11 users or if it will apply uniformly across all device categories and update types.
Go straight to sell! Windows second-chance setup hawks Microsoft services at IT's expense
Winsage
April 26, 2026

Go straight to sell! Windows second-chance setup hawks Microsoft services at IT’s expense

Months after acquiring a laptop, users may encounter a prompt from Windows 11 stating, “You’re almost done setting up your PC.” This leads to a series of inquiries about adopting Microsoft’s recommended browser settings, linking a phone for SMS notifications, and acknowledging Office installation. Users may feel compelled to click through these prompts, which can include advertisements, such as for Xbox Game Pass Premium at .99 per month. This series of prompts is referred to as the Second Chance Out of Box Experience (SCOOBE), which can resurface due to Windows updates and may lead to unnecessary support calls and potential unauthorized subscriptions in organizational settings. Users can disable SCOOBE by adjusting settings in Windows or Group Policy, but ongoing vigilance is required due to the evolving nature of Microsoft’s software.
Search