data Archives

Tech Optimizer

May 21, 2026

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has announced critical security updates for a vulnerability in Drupal Core, identified as CVE-2026-9082, which allows attackers to execute remote code, escalate privileges, or disclose sensitive information. The vulnerability has a CVSS score of 6.5 and affects only sites using PostgreSQL databases. It can be exploited by anonymous users and is rooted in a database abstraction API used for query validation and SQL injection prevention. Updates have been released for the following versions: - Drupal 11.3.10 - Drupal 11.2.12 - Drupal 11.1.10 - Drupal 10.6.9 - Drupal 10.5.10 - Drupal 10.4.10 Drupal 7 is not impacted by this vulnerability. Users on unsupported versions 9 and 8 can access manual patches for: - Drupal 9.5 - Drupal 8.9 Drupal has stated that versions 11.1.x, 11.0.x, and 10.4.x and below are end-of-life and do not receive security coverage, and that both Drupal 8 and 9 have reached end-of-life status. Patches for unsupported versions are provided as a best effort, but users should be aware of potential other vulnerabilities.

Tech Optimizer

May 21, 2026

PostgreSQL Flaws Expose Databases to Remote Code Execution and SQL Injection

PostgreSQL has released versions 18.4, 17.10, 16.14, 15.18, and 14.23 to address 11 security vulnerabilities and over 60 bugs. The vulnerabilities affect PostgreSQL versions 14 through 18 and include issues such as remote code execution, SQL injection, and denial-of-service risks. Specific vulnerabilities include: - CVE-2026-6472: Missing authorization in CREATE TYPE allows query hijacking. - CVE-2026-6473: Integer wraparound leads to out-of-bounds writes and server crashes. - CVE-2026-6474: Format string issue leaks server memory. - CVE-2026-6475: Symlink attack allows overwriting arbitrary files. - CVE-2026-6476: SQL injection allows execution of arbitrary SQL as superuser. - CVE-2026-6477: Memory buffer overwrite via libpq lo_* functions. - CVE-2026-6478: Timing attack exposes MD5-hashed passwords. - CVE-2026-6479: SSL/GSS recursion flaw allows denial-of-service. - CVE-2026-6575: Buffer over-read leaks memory data (PostgreSQL 18 only). - CVE-2026-6637: Refint module enables stack overflow and SQL injection, leading to possible RCE. - CVE-2026-6638: SQL injection in REFRESH PUBLICATION via table names. Organizations are advised to upgrade to the latest versions, avoid MD5 password authentication, restrict privileges, audit extensions, and monitor for abnormal activity. PostgreSQL 14 will reach its end-of-life on November 12, 2026.

AppWizard

May 21, 2026

Google Health 5.0 rolling out with new stats widget on Android

Google Health has started rolling out version 5.0 of the Fitbit app for Android devices, introducing a new homescreen Quick Access Widget that replaces the previous Steps widget. This widget can display up to six different metrics simultaneously and allows users to customize their interface by removing certain elements. It includes a heart icon for direct app access, quick navigation to the Health Coach feature, and indicates the last update time. The update also features a new Google Health icon, phasing out Fitbit branding for software, while Fitbit branding remains for hardware. Version 5.0 is necessary for setting up the upcoming Fitbit Air, with the rollout starting on May 19 and expected to be fully available by May 26.

AppWizard

May 21, 2026

Binance’s Android app privacy fight is back in the spotlight

Binance is facing scrutiny regarding the data collection practices of its Android app, which some users believe functions more as a data collection tool than a trading platform. Concerns have been raised about the app's extensive permissions and tracking capabilities, with a report indicating the presence of numerous tracking components, including SDKs from TikTok and WeChat, and over 50 system permissions. Binance's privacy portal states that data is collected for account management, security, marketing, fraud prevention, and legal compliance. Despite this, there are questions about whether the data collection practices are proportionate to the app's intended functions. Binance has a history of legal issues, including a guilty plea in November 2023 that resulted in a .32 billion penalty for anti-money laundering violations. The exchange claims to tailor its privacy framework to regional regulations, but user concerns about the app's tracking capabilities persist. As of early 2026, Binance has over 300 million registered users, making any privacy-related disputes potentially impactful. The ongoing scrutiny may lead to gradual adjustments in Binance's practices rather than a complete overhaul.

AppWizard

May 20, 2026

Google adds Android app generation and Managed Agents to Gemini developer tools

Google unveiled enhancements to its Gemini technology at the I/O 2026 event, introducing new developer tools in AI Studio and the Gemini API. Key features include the ability to generate native Android applications directly from AI Studio, which produces Kotlin code using Jetpack Compose patterns and supports hardware features like camera and GPS. The platform includes an embedded Android Emulator and allows direct publishing to the Google Play Console while adhering to Google Play's quality standards. Additionally, Google introduced Antigravity 2.0, an agent-first development platform with a revamped desktop application and SDK for custom workflows. Projects from AI Studio can be exported to Antigravity for local development. The Managed Agents feature in the Gemini API enables developers to create agents with a single API call, allowing them to reason and execute code in a secure Linux environment. This feature is available in Public Preview and simplifies infrastructure tasks for production-grade agents. Custom agents can be defined and registered, with Google encouraging developers to create their own managed agents.

Winsage

May 20, 2026

Windows multi-monitor HDR bug: Why do your displays share the wrong calibration?

Windows has a bug that affects HDR calibration for multi-monitor setups, causing incorrect peak brightness data to be applied across different displays. This results in distorted colors and highlights, particularly impacting gaming experiences where games draw settings from Windows. The issue is suspected to be triggered by the device entering standby mode, waking from sleep, or physically swapping display cables. Microsoft has not officially recognized or fixed this problem, leaving users to manually check their display profiles or restart their systems as a workaround.

Tech Optimizer

May 20, 2026

Critical PostgreSQL Flaws Enable Code Execution and SQL Injection

On May 14, 2026, PostgreSQL released critical security updates for versions 18.4, 17.10, 16.14, 15.18, and 14.23, addressing 11 Common Vulnerabilities and Exposures (CVEs) related to stack buffer overflows, SQL injection, memory disclosure, and denial-of-service vulnerabilities. The most critical vulnerability, CVE-2026-6637, has a CVSS score of 8.8 and allows remote, unprivileged database users to execute arbitrary code. Other notable vulnerabilities include CVE-2026-6473, which affects memory allocation leading to potential memory corruption, and CVE-2026-6475, which allows overwriting sensitive OS-level files. Additional vulnerabilities include SQL injection flaws and authentication issues, with various CVSS scores ranging from 3.7 to 7.5. The updates can be implemented without a database dump, and PostgreSQL 14 will reach its end-of-life on November 12, 2026.

Tech Optimizer

May 20, 2026

PostgreSQL backup tool gets some backup of its own after sole maintainer sounds alarm

A coalition of companies, including AWS, Percona, Supabase, pgEdge, and Tiger Data, has formed to support the maintenance of pgBackRest, an extension for the PostgreSQL database, after its long-time maintainer, David Steele, could no longer continue due to a lack of sponsorship following the acquisition of Crunchy Data by Snowflake. pgBackRest is a backup and restore solution for PostgreSQL, which is widely used by major cloud service providers. Steele had been seeking sponsorship to maintain the project but was unsuccessful, prompting concerns about its future. The coalition aims to provide stability and reduce reliance on a single sponsor by onboarding a new maintainer and seeking additional support. Percona's CEO emphasized the importance of collaboration to ensure the project's health for the community.

AppWizard

May 20, 2026

Your Nvidia drivers could be insecure, and you should update now

Nvidia has issued a security bulletin regarding vulnerabilities in its GPU drivers, urging users to update to the latest versions for products including GeForce, Quadro, and Tesla GPUs. Users with Nvidia GPU drivers older than version 596.36 are advised to update to protect against vulnerabilities related to kernel-mode driver issues and resource management, which include time-of-check/time-of-use vulnerabilities, improper GPU resource access, and driver-lock leaks. The potential risks include denial of service, privilege escalation, information disclosure, data tampering, and code execution, with Nvidia classifying these vulnerabilities as "High." Users can check their current driver version in the Nvidia Control Panel or the Nvidia App and should visit Nvidia's driver page to download the latest updates.

AppWizard

May 20, 2026

Android 17’s Live Updates will be a boon for workout and travel apps

Android 17 will introduce a new "Metric Style" notification template for Live Updates, enhancing user experience by allowing health, fitness, timers, and travel applications to present vital information more accessibly. The Metric Style template can showcase up to three distinct data points simultaneously on the Always-On Display, lock screen, and status bar, focusing on real-time raw data rather than milestones. It features three display modes: a glanceable view prioritizing the most relevant metric, an expanded view showing all metrics side-by-side, and a collapsed view condensing information into a single line. This standardization provides app developers with a reliable framework for delivering critical information directly on the lock screen and status bar. Google has not confirmed whether this feature will be included in the first stable Android 17 update or a subsequent QPR release.