enforcement Archives

Winsage

April 16, 2026

“The fastest path towards reinstatement”: Microsoft responds to developer backlash after account termination — but identity verification remains non-negotiable

Microsoft terminated developer accounts associated with security tools like VeraCrypt, WireGuard, and Windscribe, reportedly without notice, which led to criticism regarding its enforcement protocols. The company clarified that the suspensions were due to non-compliance with the account verification process for the Windows Hardware Program, which is to be fully implemented by October 2025. Microsoft plans to expedite the reinstatement of affected accounts for partners who resolve their compliance issues, requiring them to submit a support case with a business justification. The verification process was introduced to enhance security by controlling access to kernel-level driver signing and distribution.

Winsage

April 16, 2026

“We’ve heard your feedback”: Microsoft responds to Windows developers after account suspension caused chaos

Microsoft terminated developer accounts associated with security tools like VeraCrypt, WireGuard, and Windscribe without notice, leading to community backlash. The company clarified that the suspensions were due to non-compliance with the account verification process for the Windows Hardware Program, which begins in October 2025, and committed to reinstating the accounts. Microsoft introduced a fast-track process to help developers regain access, requiring them to open a support case and provide a business justification, while also ensuring compliance checks are met. Jason Donenfeld, creator of WireGuard, noted that the suspensions affected the release of Windows builds and security patches, increasing user vulnerability.

AppWizard

April 16, 2026

Your Android phone could soon get a better way to sniff out spoofed calls

Google is enhancing the security of incoming calls on Android devices by integrating a "Verified Caller" feature into Google Play Services. This feature aims to combat scam calls that use Do-Not-Originate (DNO) numbers by cross-referencing incoming calls against a database of DNO numbers to flag potential scams. The system will work with existing applications, such as banking apps, to monitor specific DNO numbers. The feature is still in development and its effectiveness will depend on business participation and strict verification processes by Google.

AppWizard

April 15, 2026

Stuck on a sketchy site? Google is finally putting a stop to it

Google is implementing updated spam policies to combat "back button hijacking," a deceptive practice that manipulates browser history and traps users on unwanted websites. Starting June 15, websites engaging in this practice will face penalties, including manual actions or drops in search rankings. Google has observed an increase in scripts that alter browser history, often through JavaScript, creating misleading entries that redirect users within the same site or to advertisements. Website owners have a two-month period to address these issues, as failure to do so could lead to significant traffic loss. Google's enforcement will begin after the deadline, with automated systems identifying and removing offending sites from search results.

Winsage

April 13, 2026

Microsoft tightens Windows 11 driver security rules

Microsoft will enforce a new mandate requiring all hardware drivers to comply with the Windows Hardware Compatibility Program (WHCP) standards starting April 1, 2026. This change will eliminate the "cross-signing" system that allowed older drivers with expired certificates to remain trusted. The enforcement of WHCP certification will apply to various versions of Windows 11 and Windows Server 2025. Users may face blocks when installing older drivers on new systems, but existing installations will not be immediately disrupted. Microsoft plans to introduce an "allow list" for vetted legacy drivers to ensure essential equipment remains operational during the transition. The initial rollout will occur in "evaluation mode," allowing Microsoft to monitor driver behavior without blocking software. For corporate environments, Microsoft offers "Application Control for Business" to allow specific software while maintaining security measures.

Winsage

April 11, 2026

Microsoft terminated accounts tied to VeraCrypt, WireGuard, and Windscribe

Several prominent security and privacy developers, including those behind VeraCrypt, WireGuard, and Windscribe, had their Microsoft developer accounts terminated, preventing them from accessing essential publishing and verification tools. Microsoft acknowledged the terminations but did not provide a detailed explanation. The lead developer of VeraCrypt, Mounir Idrassi, expressed frustration over the inability to sign drivers and ship updates for WireGuard due to the account suspension. Windscribe reported similar issues and difficulties in reaching Microsoft support. The situation gained attention on social media, prompting Microsoft’s EVP for Windows and Devices, Pavan Davuluri, to assure that the company was working to resolve the issue and had reached out to VeraCrypt and WireGuard to reinstate their accounts. The terminations were attributed to a new mandatory account verification process that took effect on October 16, 2025, requiring partners to verify their identities with government-issued IDs. Microsoft acknowledged the need to improve communication regarding such changes.

AppWizard

April 9, 2026

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

Version 5.2.1 of the EngageSDK was released to address security vulnerabilities related to third-party SDKs, particularly affecting digital asset management applications. Although no exploitation of this vulnerability has been reported, developers are urged to upgrade to the latest version. The Android operating system's security model provides some protections against these vulnerabilities, and the Android team has updated user protections during the transition to the secure version. The vulnerability, classified as severe, allows unauthorized access to protected components and sensitive data through intent redirection. Affected applications, particularly in the cryptocurrency and digital wallet sectors, account for over 30 million installations. The vulnerability was first identified in version 4.5.4 of the EngageLab SDK, reported in April 2025, and was addressed in version 5.2.1 released on November 3, 2025, which set the vulnerable activity to non-exported. Developers are advised to regularly review their Android manifests and upgrade to the latest SDK version to maintain application security.

Winsage

April 8, 2026

“Wait, Windows uses less?”: I break down the surprising requirement that flips the Linux vs. Windows script

Ubuntu 26.04 LTS, developed by Canonical, will be released on April 23, 2026, with updated desktop requirements of a 2GHz dual-core processor, 6GB of RAM, and 25GB of storage. Unlike Windows 11, which enforces strict minimum requirements, Ubuntu allows installation on lower-spec machines, though performance may be compromised. The new requirements reflect a shift away from supporting older hardware, as the operating system incorporates a modern desktop stack with updated GNOME components and Wayland support. Ubuntu's installer evaluates hardware capabilities but does not block installation on unsupported devices, contrasting with Windows 11's rigid installation process that requires specific hardware features like TPM 2.0 and Secure Boot.

Winsage

April 8, 2026

Linux gamers didn’t do anything wrong, but they might pay for Windows piracy anyway

Gaming on Linux has advanced significantly due to Valve's Proton compatibility layer and the Steam Deck, allowing most single-player PC games to run on the platform. Data from ProtonDB indicates that nearly every Windows game is now playable on Linux. However, hypervisor-based DRM bypass techniques have emerged, weakening Denuvo's anti-tamper protections and reviving day-zero piracy. Hypervisors operate beneath the operating system, allowing pirates to manipulate Denuvo's validation checks, drastically reducing the time to crack games. This resurgence of piracy poses security risks, as users must disable kernel-level security features, exposing their systems to vulnerabilities. Irdeto, the company behind Denuvo, recognizes the need for updated security measures, but these could complicate the gaming experience for Linux users. Linux's open-source nature complicates enforcing kernel integrity, making effective anti-cheat and DRM systems challenging. Despite these issues, Linux gaming has seen considerable growth, but the threat of hypervisor-based piracy could jeopardize this progress and lead to tighter DRM measures that may reduce Linux compatibility.

AppWizard

April 6, 2026

Dangerous “NoVoice” malware found in over 50 Play Store apps that were installed 2.3 million times

A new malware threat called "NoVoice" has been found in over 50 applications on the Google Play Store, with 2.3 million installations on Android devices. Discovered by McAfee, this malware is hidden in seemingly harmless apps like system cleaners, games, and image galleries. It exploits Android vulnerabilities to gain root access, potentially allowing attackers to steal sensitive information and manipulate applications without user consent. In some cases, it may persist even after a factory reset. Google has stated that Android devices updated since May 2021 are protected against this threat and that Google Play Protect actively removes malicious apps and blocks new installations. The malware was not able to infect devices in Beijing and Shenzhen, suggesting the attackers may be avoiding local law enforcement. One identified app carrying the NoVoice payload is SwiftClean, developed by Biodun Popoola. The malware operates using a silent audio file, executing its code without user detection. Users are advised to download apps only from the Google Play Store and keep their devices updated.