encryption Archives

Winsage

June 12, 2026

Still on Windows 10? This $13 upgrade to Windows 11 Pro offers better security, AI features, and more

Upgrade to Microsoft Windows 11 Pro for .97 (MSRP 9) until June 14. Windows 11 Pro features a redesigned interface, improved multitasking capabilities, enterprise-grade security functionalities like BitLocker encryption and Windows Hello, and includes Windows Copilot AI for task automation and assistance.

Tech Optimizer

June 11, 2026

Avast One: Security and privacy suite under the microscope

Avast One is the flagship consumer security suite from Avast (Gen Digital), combining antivirus, firewall, VPN, and privacy utilities into a single subscription for Windows, macOS, Android, and iOS. It offers four primary areas: device security, online privacy, identity protection, and performance tools. Device security includes real-time antivirus, Web Shield, Mail Shield, and Ransomware Shield. The online privacy component features a full VPN service with bank-grade encryption and a no-logs policy. Identity protection includes data breach monitoring and, in some markets, credit monitoring. Performance tools assist with disk cleanup and system optimization. Avast One has three plan tiers: Avast One Essential (free), Avast One Individual (paid, supports multiple devices), and Avast One Family (paid, supports up to 30 devices). Pricing varies based on promotions, with Avast One Individual typically around per year and Avast One Family ranging from to 0 per year. The suite can be downloaded directly from Avast's website, with installers available for various platforms. Avast One includes automatic updates and is designed to operate lightly on modern hardware, with options to minimize system impact during scans. Customer support includes self-help documentation, community forums, and direct support for paying customers. Avast One aims to appeal to both non-technical users and power users, providing a user-friendly interface while allowing for advanced configurations. The product is positioned as a comprehensive solution for households looking to secure multiple devices with a single subscription.

AppWizard

June 11, 2026

Apple removes Russian messenger from App Store

Apple has removed Russia’s state-backed Max messenger from its App Store, as confirmed by the app’s developers. The Max app, which lacks encryption, has been promoted by the Russian government, which has restricted access to popular messaging platforms like WhatsApp and Telegram, forcing civil servants and state agencies to use Max for communications. The app became unavailable for download on Apple’s platform on Wednesday night, and while current users can still access it, new downloads and updates are prohibited. Max, introduced in 2025 by VK, combines social media, messaging, government services, and banking options, and has been endorsed by President Putin. It is pre-installed on devices sold in Russia but not available in the European Union, with user data stored on Russian servers.

Winsage

June 11, 2026

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

A new zero-day exploit named RoguePlanet has been discovered targeting Microsoft’s Windows operating system, disclosed by security researcher Nightmare Eclipse. The exploit allows local privilege escalation (LPE) by exploiting a race condition in Microsoft Defender and can facilitate remote code execution (RCE) through deceptive .vhd(x) files. RoguePlanet may also bypass BitLocker encryption. The proof-of-concept has been tested on Windows 10 and Windows 11 systems but does not function on Windows Server, although the researcher believes all Windows Server versions are vulnerable. Following its release, RoguePlanet was confirmed by other researchers to spawn a command prompt with SYSTEM privileges on patched computers. This disclosure comes after Microsoft released patches for earlier exploits by Nightmare Eclipse, including GreenPlasma and YellowKey. The researcher has expressed dissatisfaction with Microsoft’s vulnerability disclosure process, alleging legal action against them and the suspension of their GitHub account, leading to the publication of RoguePlanet under a new account.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 10, 2026

Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

Microsoft's recent Patch Tuesday release addressed 206 security vulnerabilities, marking the largest update since the program began in October 2003. Among these, 32 vulnerabilities are classified as critical, including three zero-day vulnerabilities that were disclosed before patches were available, though none are reported to be actively exploited. Notable vulnerabilities include: - CVE-2026-50507 in Windows BitLocker, with a CVSS score of 6.8, allowing unauthorized bypass of security features through physical attacks. - CVE-2026-49160 in HTTP.sys, with a CVSS score of 7.5, which can be exploited for remote denial-of-service attacks. - CVE-2026-45586 in the Windows Collaborative Translation Framework (CTFMON), with a CVSS score of 7.8, which could grant SYSTEM privileges to attackers.

AppWizard

June 10, 2026

France’s Government Messaging App Tchap Got Breached

On June 7, 2026, Tchap, the French government's encrypted messaging platform for civil servants, experienced a significant breach detected by ANSSI. The breach resulted from a compromised user account and involved the education shard of Tchap, specifically targeting matrix.agent.education.tchap.gouv.fr. Approximately 650,000 messages, data from over 73,000 accounts, and about 13.5GB of documents and media files were allegedly scraped. The attacker also claimed to have discovered hardcoded LDAP credentials leaked through a PowerShell script shared by a regional director of the French tax authority. DINUM, the French Digital Affairs Directorate, stated that private conversations on Tchap are end-to-end encrypted and that the compromised account has been blocked. They notified CNIL about the potential exposure of personal data and reminded users to avoid sharing sensitive information in public chat rooms. The breach follows a mandate from Prime Minister François Bayrou in August 2025 requiring all civil servants to use Tchap, increasing its attractiveness as a target for cyber threats. The investigation into the breach is ongoing.

AppWizard

June 10, 2026

Tchap Breach: France’s State Messenger Compromised

On June 7, an unauthorized individual accessed a user account on the Tchap messaging platform, which is used by France's government. The Digital and Numérique Agency (DINUM) identified and blocked the compromised account, but the breach raised significant security concerns. The attacker claimed to have accessed about 14GB of documents and data from public Tchap rooms, including sensitive information such as hardcoded LDAP credentials, email addresses, meeting links, and organizational details. It was revealed that public chatrooms on Tchap do not use end-to-end encryption, making shared information accessible to anyone logged into the account. The incident has implications for the credibility of government-developed secure communication tools.

Winsage

June 10, 2026

Windows 11 Settings You Should Change in 2026：A 9-Point Speed, Privacy, and Security Checklist

On June 9, 2026, Microsoft released a major security update addressing around 200 vulnerabilities, including three critical zero-day exploits. This update coincides with the expiration of Secure Boot certificates that have been in place since 2011. Users are advised to review their Windows 11 settings to ensure security and optimization during this transition. Key actions include installing the June update, enabling faster delivery of updates, turning on Core Isolation memory integrity, activating Controlled folder access against ransomware, confirming drive encryption, disabling the advertising ID, minimizing diagnostic data, auditing camera and microphone permissions, disabling unnecessary startup applications, enabling Storage Sense, adjusting power mode settings, and tuning visual effects for better performance.

Winsage

June 10, 2026

Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature

On June 9, 2026, Microsoft announced a vulnerability in Windows BitLocker, identified as CVE-2026-50507, which allows unauthorized attackers with physical access to bypass BitLocker Device Encryption. The flaw is categorized under CWE‑306, indicating a missing authentication check for a critical function, and has a CVSS v3.1 base score of 6.8. It affects various versions of Windows 10, Windows 11, and Windows Server from 2012 R2 to 2025. Microsoft released security updates to address the vulnerability, and it was classified as “Exploitation More Likely.” Although there is no evidence of active exploitation, proof-of-concept code exists. Organizations are advised to implement multi-factor configurations and reassess device handling and security protocols.