disclosure Archives

AppWizard

January 16, 2026

Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026

The past year saw a 45% increase in new vulnerabilities targeting Android. By the end of 2024, there are projected to be 2.87 million apps on Google Play, with 66% of American employees using personal smartphones for work. Mobile applications are responsible for 70% of digital interactions, and vulnerabilities in these apps contributed to approximately 40% of data breaches involving personal data in 2023. Effective Android App Vulnerability Scanners analyze app security by identifying insecure local storage, hardcoded credentials, weak cryptography, insecure network configurations, broken authentication flows, and misconfigured components. AI-powered scanners, like AutoSecT, can autonomously generate new scanning protocols quickly, detect zero-day vulnerabilities, automate penetration testing, and operate with near-zero false positives.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

January 13, 2026

Microsoft fixes 114 flaws in year’s first Windows 11 Patch Tuesday

Microsoft's January 2026 Patch Tuesday update, KB5074109, addresses 114 vulnerabilities, including a critical zero-day vulnerability (CVE-2026-20805) in the Windows Desktop Window Manager (DWM) that has been actively exploited. The update is applicable to Windows 11 versions 24H2 and 25H2 and includes security enhancements and updates to AI components. Other high-severity vulnerabilities addressed include CVE-2026-20816 (privilege escalation in Windows Installer), CVE-2026-20817 (elevation of privilege in Windows Error Reporting), CVE-2026-20840 (vulnerability in Windows NTFS), CVE-2026-20843 (flaw in Routing and Remote Access Service), CVE-2026-20860 (vulnerability in Ancillary Function Driver for WinSock), and CVE-2026-20871 (another DWM vulnerability). The update removes legacy modem drivers to minimize the attack surface and resolves reliability issues in Azure Virtual Desktop and WSL networking. It also changes the default setting for Windows Deployment Services (WDS) to disable hands-free deployment. Users can install the update through Windows Update, and a system reboot is required for full application.

AppWizard

January 13, 2026

Epic Games Store has grown massively, but it has trained users to never buy anything — is Xbox PC going down the same path?

The Epic Games Store has grown its user base by 173% from 2019 to 2024, increasing from 108 million to over 295 million users. However, its revenue from third-party earnings has only increased by 1.6%. The store was launched in 2018 as a competitor to Steam and initially attracted users through a favorable revenue split for developers and exclusive game releases. Epic's strategy of offering free games has led to a perception of the store as primarily a platform for claiming giveaways rather than purchasing games. Critics note that the Epic Games Store has historically provided a less satisfying experience compared to Steam, lacking essential features at launch, with some improvements made only recently. In contrast, the Xbox app emphasizes subscription services through Game Pass, which has seen a 45% year-over-year growth, indicating a more engaged audience willing to spend money. Steam remains the preferred platform for many PC users due to its user-centric approach and comprehensive features. Epic is exploring NFT-based games and AI integration, while its revenue is projected to be over [openai_gpt model="gpt-4o-mini" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: In recent discussions, the Epic Games Store has found itself at the center of scrutiny as users analyze its growth trajectory from 2019 to 2024. During this period, the platform has expanded its user base by an impressive 173%, climbing from 108 million users to over 295 million. However, this surge in numbers has not been mirrored in revenue, with third-party earnings only seeing a modest increase of 1.6%. This disparity raises questions about the spending habits of the newly acquired audience, suggesting that while Epic has successfully attracted users, many are not engaging in purchasing games. The Epic Game Store problem The Epic Games Store was launched in 2018 as a direct competitor to Steam, the dominant PC storefront developed by Valve. Steam has long been favored by players for its seamless user experience and robust feature set. In its initial attempts to capture market share, Epic offered developers a more favorable revenue split and secured exclusive game releases. However, these strategies did not resonate with gamers, prompting Epic to shift its approach while still maintaining a better revenue share for developers. To draw users in, Epic has heavily relied on a strategy of offering free games. While this tactic has effectively increased sign-ups, it has also led to a perception of the store as a platform primarily for claiming giveaways, rather than a destination for purchasing games. Many users, including myself, find themselves opening the Epic Games Store solely to claim free titles before promptly closing it. Critics have pointed out that the Epic Games Store has historically provided a less satisfying experience compared to Steam. The platform launched without several essential features, and although it has made strides to address these gaps, some users feel that the improvements have come too late. Key features such as user reviews, wishlists, achievements, and gifting were added only in recent years, while family sharing and mod support remain absent. Is this an Xbox PC problem as well? There are intriguing parallels to be drawn between the Epic Games Store and Xbox PC, both vying for a share of the market dominated by Steam. However, their approaches differ significantly. The Xbox app emphasizes subscription services through Game Pass, which has experienced a remarkable 45% year-over-year growth. This indicates that even with its feature limitations, Xbox has cultivated an engaged audience willing to spend money, contrasting with Epic's model of attracting users primarily through free offerings. Console players, particularly those on Xbox, demonstrate a strong willingness to invest in games, especially in popular genres like shooters. Despite PlayStation's larger hardware sales, Xbox users consistently show up to purchase titles, reflecting a dedicated gaming community. In contrast to Epic's strategy, Xbox is investing in a cross-device ecosystem that integrates cloud, console, and PC gaming. This long-term vision aims to blur the lines between console and PC, potentially unifying Xbox and Steam libraries under one umbrella. Such a strategy fosters a more open and flexible gaming environment, appealing to users who seek versatility in their gaming experiences. The future of PC gaming is Steam for now For the time being, Steam remains the preferred platform for many PC users, thanks to its user-centric approach and comprehensive feature set. This stability has left little incentive for players to migrate to alternative platforms, leading both Xbox and Epic to carve out their own niches rather than attempting to supplant Steam directly. Looking ahead, Xbox's next generation of hardware is expected to support multiple storefronts, including Steam and Epic. Meanwhile, Epic is exploring avenues that Steam has yet to embrace, such as NFT-based games and AI integration in development. Tim Sweeney, CEO of Epic, has publicly criticized Steam for its policies regarding AI disclosure, further highlighting the competitive landscape. What once seemed like a battleground where Epic and Xbox could not coexist now appears to be evolving into a space where collaboration and coexistence are possible. Neither platform needs to eclipse Steam to achieve success; rather, they can thrive alongside it. This reality is reflected in my own usage patterns—I often access the Epic Games Store to claim free games, yet I find myself primarily engaged with my Steam and Xbox libraries. Epic's performance, with over .09 billion in revenue in 2024, demonstrates that it can be a viable player in the market, even if it never reaches the same scale or user goodwill as Steam. Do you use Epic Games Store and if so, how? Let us know by commenting and taking part in our poll below: Follow Windows Central on Google News to keep our latest news, insights, and features at the top of your feeds!" max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].09 billion in 2024.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

BetaBeacon

January 8, 2026

How to Secure an Epic Win for Consumer Choice on Android Phones

Epic Games won a lawsuit against Google in late 2023, resulting in a jury siding with Epic on all claims made against Google. As a result, Google was required to allow third-party app stores on the Google Play Store, stop paying handset manufacturers to preference the Play Store, allow developers to link users to third-party payment systems, and share a list of its apps with third-party stores. This victory has led to increased competition and choice for Americans on Android phones.

AppWizard

January 7, 2026

It’s not weird to want a generative AI disclosure on games

The rising costs of RAM have delayed a PC upgrade for the author, who reflects on the implications of technology in gaming. Tim Sweeney, CEO of Epic Games, criticized Steam's generative AI disclosure requirement, comparing it to revealing haircare routines. The author supports Valve's perspective, viewing the disclosure as a safeguard against issues related to generative AI, which has been accused of automating plagiarism and using copyrighted material. The energy demands of AI data centers are also a concern, drawing parallels to collective environmental damage. Transparency in AI usage in gaming is deemed essential, with Activision's vague statement about generative AI in Call of Duty raising questions. The author believes that if AI enhances games, developers should explain their creative processes. As AI-generated content becomes more common, there may be a trend for developers to announce their lack of AI involvement, though the prospect of creativity driven by algorithms is seen as disheartening.