exploit Archives

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.

AppWizard

April 15, 2026

Like Baby Steps, the devs’ speedrun reaction video is hilarious, unpredictable, and one giant troll

Bennett Foddy, co-creator of Baby Steps, questioned the authenticity of reactions in developer react videos, referencing Markiplier's performances in Getting Over It as potentially exaggerated. During a speedrun commentary, the developers provided humorous insights, celebrating the player's skill and clever exploits. Conan O'Brien's appearance on Hot Ones showcased his comedic approach to the spicy challenge, emphasizing the blend of authenticity and performance in entertainment.

Winsage

April 14, 2026

Microsoft’s April Windows update fixes 165 flaws, one exploited zero-day

Microsoft has released its April 2026 Patch Tuesday updates for Windows 11, addressing a total of 165 vulnerabilities, including one zero-day exploit that has been actively targeted by malicious actors. The update aims to enhance security and improve overall system performance. Users are encouraged to promptly install the updates to mitigate risks associated with these vulnerabilities.

AppWizard

April 13, 2026

Capcom’s new game has reminded me how good ray-tracing can look on PC

Pragmata is a new game by Capcom that features a protagonist named Hugh and a robotic companion named Diana, enhancing gameplay through traditional third-person shooting mechanics and on-the-fly hacking. The combat system involves navigating a grid maze to exploit enemy weaknesses, creating a strategic challenge. The game also emphasizes exploration with intricately designed levels filled with collectibles and resources. Visually, Pragmata is impressive, utilizing ray-traced lighting and running on an Nvidia GeForce RTX 5070 Ti, achieving around 90fps at maximum settings and potentially up to 150fps with frame generation. Capcom has successfully created a visually stunning game that may become a cult favorite.

AppWizard

April 13, 2026

As the new Galactic Civilization 4 DLC rolls out, you can the game at under $3 in the latest Humble Bundle

The latest Humble Bundle features Galactic Civilizations 4, available for .57 / £2.33 for the base game and .32 for the complete bundle, the lowest price to date. The game is a classic 4X strategy title with innovative mechanics, including sectors connected by "space roads." It has received significant enhancements through DLCs, such as Megastructures and Tales of the Arnor, and a second expansion pass is in progress with content planned through 2027. The game received a review score of 8/10. The bundle also includes other titles like Terminator: Dark Fate - Defiance and Valkyria Chronicles 4, available until April 22.

AppWizard

April 11, 2026

Security researchers find 213 vulnerabilities in Russia’s state-backed messaging app Max

Security researchers discovered 213 vulnerabilities in Max, Russia's state-backed messaging app, during a bug bounty initiative. This information was shared by Alexei Batyuk, CTO of Positive Technologies, at the Svyaz-2026 exhibition. The bug bounty program has been active since July 1, 2025, resulting in 288 accepted vulnerability reports and total payouts of nearly 22 million rubles. Common vulnerabilities could allow unauthorized access to user data through the manipulation of object identifiers. Max's press service claimed that user data is "reliably protected" and emphasized the importance of independent white-hat hackers in identifying vulnerabilities. Max was launched by VK in March 2025 and is being promoted by Russian authorities amid efforts to block other messaging platforms like Telegram and WhatsApp. The app has faced criticisms regarding user surveillance and security vulnerabilities.

Winsage

April 10, 2026

Windows Zero-Day Published on Github as Microsoft Fails to Act

A security researcher named Chaotic Eclipse published a working exploit for a Windows zero-day vulnerability, called BlueHammer, on GitHub on April 2. The exploit allows attackers to gain SYSTEM-level privileges by exploiting a race condition in Windows Defender’s signature update mechanism. The exploit has gained significant attention, with over 100 forks and nearly 300 stars on GitHub. Will Dormann, a principal vulnerability analyst, confirmed that while BlueHammer is functional, it may not always operate reliably. Microsoft has not issued a patch for this vulnerability. The exploit targets the Windows Defender signature update process, allowing low-privilege attackers to manipulate a file path during operation, leading to access to the Security Account Manager (SAM) database. Currently, only 8 out of 72 cybersecurity vendors on VirusTotal flag the exploit file as malicious, which raises concerns about detection coverage. Microsoft reiterated its commitment to coordinated vulnerability disclosure but did not address the communication issues regarding the BlueHammer report.

AppWizard

April 9, 2026

Project Zomboid bans rogue mods deploying “malicious code” to players’ PCs

The Indie Stone has removed a series of malicious mods associated with the 'True Moozic' soundtrack expander for Project Zomboid, which were found to generate harmful files outside the game’s directory. These mods were not linked to their original creator and have been taken down from the Steam Workshop. The developer banned the individual responsible for these uploads and advised players who downloaded the affected mods to take security precautions. A total of 14 mods from the same user were identified, with installations estimated between 500 and 2,200. The Indie Stone clarified that the exploit was limited to Build 42 branches and emphasized that the malicious uploads were unauthorized and not part of the True Moozic mod. Additionally, they released a security update for Build 41 to address a separate vulnerability, which has not been found to be exploited. The 'outdated unstable' branch has also been updated to ensure it remains one content update behind the 'unstable' branch.

AppWizard

April 9, 2026

Project Zomboid identifies and bans over a dozen Steam Workshop mods containing ‘heavily obfuscated code’ that was ‘creating malicious files’

The Indie Stone has identified a security issue involving 14 mods on the Steam Workshop for Project Zomboid, which contain heavily obfuscated code linked to the creation of malicious files outside the game's directory. Reports from players indicated that one mod was generating harmful code, prompting an investigation that confirmed the presence of the exploit across multiple mods uploaded by the same user. The affected mods had between 500 and 2,200 installations, and the user has been banned while the mods have been removed from the Steam Workshop. The exploit specifically affects Build 42 branches of Project Zomboid, with players using Build 41 being unaffected. The Indie Stone advises players who downloaded these mods to take security precautions beyond simply uninstalling them. The affected mods include various soundtracks, such as Risk of Rain 2 OST, NieR: Automata OST, and others, each with specific Workshop and Mod IDs.

Winsage

April 9, 2026

BlueHammer: Windows zero-day exploit leaked

A proof-of-concept (PoC) exploit called BlueHammer has been released on GitHub, targeting an unpatched local privilege escalation vulnerability in Windows. The exploit, attributed to users Chaotic Eclipse and Nightmare Eclipse, has been modified by security researchers to work on updated versions of Windows 10, 11, and Windows Server. The exploit manipulates Microsoft Defender to create a Volume Shadow Copy, allowing access to sensitive registry files and enabling the extraction of NTLM password hashes. This facilitates the alteration of a local Administrator's password and subsequent login. The exploit can duplicate the Administrator's security token and create a malicious Windows Service that runs with SYSTEM privileges. While there are no reports of BlueHammer being exploited by malicious actors, researchers warn that such PoC code can be weaponized quickly. Microsoft has committed to investigating reported security issues related to this vulnerability.