disclosure

Tech Optimizer
July 7, 2026
Researchers at Positive Technologies have identified two significant vulnerabilities in the PHP Data Objects (PDO) extension layer, both posing high severity risks. The first vulnerability (CVE-2025-14180) leads to a NULL pointer dereference, causing PHP worker processes to crash. It affects PHP versions 8.1.x prior to 8.1.34, 8.2.x before 8.2.30, 8.3.x before 8.3.29, 8.4.x before 8.4.16, and 8.5.x before 8.5.1. This issue occurs when the pdo_pgsql driver operates with PDO::ATTR_EMULATE_PREPARES enabled, allowing a remote attacker to exploit it without authentication by submitting malformed character sequences. The second vulnerability (CVE-2025-14179) allows for SQL injection and affects PHP versions 8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6. It arises from a mishandling of NUL bytes in the Firebird driver during the PDO::prepare() process, despite the quoting routine functioning correctly. Additionally, the audit revealed an integer overflow in PostgreSQL’s libpq client library and an information disclosure flaw in Firebird 3’s fbclient.
AppWizard
June 30, 2026
The Godot Foundation has decided to implement new guidelines to prohibit AI-authored code, pull requests from AI agents, and AI-generated text in communications between contributors. This decision follows concerns about the increasing number of AI-generated contributions, which have made code review more challenging for maintainers. The Foundation aims to reduce the burden on maintainers and ensure that all contributions come from accountable humans. The new policies will explicitly reject AI-authored code and advise contributors to use AI assistance only for minor tasks while requiring disclosure of its use. Machine translations of human-authored text will still be allowed. The Foundation plans to adopt a cautious approach to AI tools and will re-evaluate its policies as the situation evolves.
Tech Optimizer
June 19, 2026
AV-Comparatives conducted a Real-World Protection Test from February to May 2026, evaluating 20 consumer security products against real-world internet threats. Seven products received the ADVANCED+ award for their effective protection and low false alarm rates. The complete test report is available for free at av-comparatives.org. The evaluated products included well-known security solutions such as Avast, AVG, Bitdefender, Kaspersky, Microsoft, Norton, and TotalAV. The test aimed to assess how well these products protect against various online threats, including malware embedded in trusted platforms.
AppWizard
June 17, 2026
The second installment of Steam Next Fest for 2026 is running until June 22 and features a total of 8,682 demos, nearly double the entire library of PlayStation 2 games. Approximately 1,700 of these demos incorporate AI technology, leading to concerns about the quality of some titles, often labeled as "shovelware." Various digital storefronts are struggling to maintain quality amidst the influx of AI-generated content, with Sony recently removing a publisher known for low-quality releases. The reaction to AI in game development has been mixed, with backlash against certain titles. Additionally, early Geekbench results for Valve's upcoming Steam Machine suggest a potential launch next week.
AppWizard
June 15, 2026
Android Who Dreams of Stars is a visual novel developed by JinCycle, featuring an autonomous android named Eve Nova in a futuristic Tokyo where AI has eliminated war and hunger. The game relies heavily on AI-generated content for artwork, sound, narrative, and localization. My Summer Love Memories also uses generative AI for its videos, images, music, and dialogue. Kryonull has gained attention for its AI-generated voices, while some users on Steam question the legitimacy of its zero price tag. Typical NPC, developed by SmogGames, launched at a zero price with all AI-generated images, followed by After the Hero, which used AI-generated images but human-crafted text. KalendulaGames has released titles priced at zero, with extensive AI disclosures. Underwater claims to use AI-generated images only as art references. Steam emphasizes transparency in AI disclosures, with developers clarifying their use of AI in various ways. Many of the 120 games using generative AI focus on music and assets rather than translation. The Steam Deck has recently seen a resurgence in stock, with a price point higher than the average game. A humorous Steam review noted the unique experience of rummaging through trash for rewards in the game Where the F**k is my Bitcoin.
Winsage
June 12, 2026
Nightmare-Eclipse, also known as Chaotic-Eclipse, has introduced two new exploits: RoguePlanet and GreatXML. RoguePlanet exploits a vulnerability in Windows Defender, allowing attackers to gain SYSTEM user access privileges by tricking a user into executing a script. This access enables attackers to execute commands beyond standard Administrator capabilities, siphon sensitive data, and install malware. GreatXML provides a method for bypassing BitLocker encryption by creating a specially crafted "unattend.xml" file and a "Recovery" directory on the Windows recovery partition. Microsoft has shifted its stance from threatening legal action against Eclipse and is now monitoring the situation, while Eclipse has postponed a planned mass disclosure of zero-day Windows vulnerabilities initially set for July 14 due to delays in developing RoguePlanet.
Search