environments Archives

Tech Optimizer

June 14, 2026

Neon vs Supabase 2026: $1B Deal, Scale-to-Zero

Neon and Supabase are two managed PostgreSQL platforms with distinct approaches. Neon adopts a serverless architecture that separates storage and compute, allowing databases to scale to zero when idle and enabling rapid database branching. Supabase, in contrast, provides a comprehensive backend-as-a-service that includes authentication, file storage, real-time subscriptions, and edge functions, all built around PostgreSQL. In 2025, Databricks acquired Neon for approximately billion, motivated by the observation that around 80% of databases created on Neon were generated by AI agents. Post-acquisition, users experienced reduced storage costs and improved pricing structures, although concerns arose regarding Neon's independence. Neon features instant database branching and a scale-to-zero capability, while Supabase offers a fully integrated backend with built-in authentication and storage. Neon operates on a usage-based pricing model, whereas Supabase has a flat-tier pricing structure. Both platforms support the pgvector extension for AI applications, but Supabase is fully open-source and allows for self-hosting, unlike Neon. The developer community recognizes Supabase for its ease of use and rapid application development capabilities, while Neon is praised for its innovative serverless features and cost efficiency. Migration between the two platforms is simplified due to their shared PostgreSQL foundation.

Winsage

June 13, 2026

Windows Server 2025 Adds DNS Over HTTPS for Secure DNS Traffic

Microsoft has rolled out support for DNS over HTTPS (DoH) in Windows DNS Server as part of the Windows Server 2025 update. This feature enhances the security of DNS communications through encryption and server authentication, allowing encrypted client-to-resolver traffic in on-premises DNS environments. DoH encrypts DNS queries and responses using HTTPS, protecting sensitive information from interception or alteration. It also uses digital certificates for DNS server authentication to reduce spoofing and impersonation risks. The feature is compatible with existing Windows DNS Server configurations and supports both encrypted and traditional DNS. DoH support is available on Windows Server 2025 with the June 9, 2026 update or newer. Administrators must configure a trusted TLS certificate and enable DoH in the DNS Server service to deploy this feature. Microsoft plans to extend encryption capabilities to include communication between the Windows DNS Server and upstream DNS resolvers in the future.

Winsage

June 13, 2026

Windows 11 KB5094126: Microsoft’s desktop.ini hardening causes some folder icons to disappear

Following the June 2026 update, custom folder icons and localized folder names in Windows are no longer displaying as they typically would due to intentional modifications related to security updates, specifically KB5094126 for Windows 11 versions 24H2 and 25H2. This update tightens the handling of the desktop.ini file, which is used for folder customization. Although access to the actual files remains unchanged, affected folders may revert to default icons or display original directory names instead of customized labels. Microsoft has identified certain sources as untrusted, including files downloaded from the internet and specific remote sources, which affects how desktop.ini files are processed. Users are encouraged to verify file origins, and administrators should ensure that internal sources are classified as trusted to avoid disruptions in folder presentation. The update also includes other security fixes and enhancements.

AppWizard

June 13, 2026

Dole expands Minecraft campaign with pineapple focus

Dole is launching a 15-week campaign starting June 21 across North America and Europe, focusing on pineapples and targeting younger audiences. This campaign includes in-game rewards for Minecraft players, such as a branded ‘pineapple hoodie.’ The previous campaign resulted in a 20-fold increase in website visits from QR code scans, generating 2 million landing page views and significant social media impressions. Over 60% of participants expressed increased intent to purchase Dole’s fruit after engaging with the campaign. This year's campaign will feature new recipes, digital puzzles, and offline engagement activities, along with QR-enabled stickers in retail environments to connect purchases to digital rewards.

Tech Optimizer

June 13, 2026

Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

On June 10th, Splunk released an advisory for CVE-2026-20253, a high-severity vulnerability with a CVSS score of 9.8 that requires no authentication. The vulnerability is associated with the PostgreSQL Sidecar Service Endpoint and affects Splunk Enterprise versions 10 and above. In default installations, the service is not installed on Windows but is installed and enabled by default on AWS. The vulnerability allows unauthorized users to create and truncate arbitrary files through an API that lacks authentication controls. Additionally, it enables the execution of SQL commands via a backup and restore mechanism, potentially leading to remote code execution (RCE). A Detection Artefact Generator has been developed to help organizations assess their vulnerability to this issue.

Winsage

June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.

Winsage

June 12, 2026

Microsoft fixes Windows update failures linked to WUSA installer

Microsoft resolved an issue affecting the installation of Windows updates released since May 2025, which primarily impacted users using the Windows Update Standalone Installer (WUSA) from a network share, especially in enterprise environments. The problem was significant for devices running Windows 11 24H2/25H2 and Windows Server 2025, but did not occur when handling a single .msu file or when files were stored locally. In August 2025, Microsoft acknowledged that updates installed using WUSA might fail with error ERRORBADPATHNAME when multiple .msu files were involved. A Known Issue Rollback Group Policy was implemented in September 2025 to mitigate the impact on home and non-managed business devices. The issue was ultimately resolved with cumulative updates released in June 2026 for Windows 11 (KB5079391) and Windows Server 2025 (KB5094125). Microsoft provided a workaround for users experiencing difficulties with prior updates by suggesting they save .msu files locally for installation. Users were also advised to wait at least 15 minutes after installing an .msu file via WUSA before checking the Update History page. Additionally, Microsoft had previously addressed another issue in April 2025 that affected enterprise customers installing security updates via WSUS, which recurred in the August 2025 updates. Microsoft warned customers about potential issues with installing the latest monthly updates on devices upgraded to Windows 11 24H2 or 25H2.

AppWizard

June 12, 2026

Minecraft Dungeons 2

Mojang is developing Minecraft Dungeons 2, a sequel that enhances the original game's mechanics and introduces an interconnected world for exploration. The game features multiplayer cooperative play for up to four players, improved matchmaking, and full cross-platform play at launch. New gameplay elements include a mini-inventory for loadout adjustments, the ability to jump and execute jump attacks, and a guiding line for navigation. Character customization has been expanded, allowing armor categorization by body parts and the introduction of Talismans, which provide passive abilities. The game includes a new Deep Dark biome with visual enhancements and a challenging boss encounter, the Twisted Warden. Minecraft Dungeons 2 is set to release on September 29th for Xbox Series X|S, PlayStation 5, PC, and Nintendo Switch.

BetaBeacon

June 12, 2026

$99 Android Handheld is a Retro Gaming Steal : Mangmi Air X

The Mangmi Air X is a budget-friendly handheld gaming device designed for retro gaming enthusiasts, featuring a 5.5-inch 1080p IPS LCD display, Snapdragon 662 processor, 4GB RAM, and 64GB storage. It offers hall-effect joysticks, linear triggers, and a six-axis gyroscope for precise controls, but lacks premium features like OLED displays and video output via USB-C.

AppWizard

June 12, 2026

6 Android Auto apps that are essential when I’m off-roading

Android Auto is expanding its functionality for outdoor activities with a variety of apps designed for off-road navigation and exploration. These applications cater to different vehicle types, including RVs and ATVs, and many off-road vehicles now come with built-in Android Auto systems. Aftermarket multimedia units are also available for those without factory-installed screens. Key apps include: - onX Offroad/Hunt: Provides access to verified off-road trails, difficulty ratings, and land boundaries, with features for hunters including landowner information and offline maps. - National Park Service: Offers interactive trail maps, self-guided tours, and downloadable park information, enhancing the experience of exploring U.S. national parks. - RV Life: Assists RV owners in planning safe routes based on their vehicle's dimensions, avoiding low bridges and restricted roads, though it requires a subscription for Android Auto integration. - Gaia GPS: A navigation tool for areas with limited cell service, featuring various map layers and the ability to track position and access downloaded maps on the vehicle's display. - Spotify: Allows users to download music and podcasts for offline listening through Android Auto, requiring a premium subscription and a brief online connection every 30 days.