exploit Archives

Tech Optimizer

April 16, 2026

Unpatched Microsoft Defender flaw lets hackers gain admin access

A security researcher named Chaotic Eclipse has discovered a significant vulnerability in Microsoft Defender that could allow hackers to gain administrative access to systems running Windows 10, Windows 11, and Windows Server. The vulnerability arises from Windows Defender's behavior of rewriting detected malicious files back to their original location instead of removing them, which can be exploited to overwrite system files and grant unauthorized users elevated privileges. This issue remains unaddressed by Microsoft, leaving millions of users vulnerable. Although there is no current evidence of active exploitation, the situation could change. Users are advised to consider additional antivirus solutions for enhanced security.

Winsage

April 16, 2026

A zero-day BlueHammer Windows exploit was leaked by a researcher fed up with Microsoft’s Security Response Center — and the rushed fix isn’t perfect

On April 2, 2026, a security researcher named Chaotic Eclipse announced a zero-day Windows exploit called BlueHammer, which allows attackers to gain SYSTEM privileges. Will Dormann, a principal vulnerability analyst, confirmed the exploit's functionality. Chaotic Eclipse criticized the Microsoft Security Response Center (MSRC) for its perceived incompetence, suggesting that prior attempts to resolve the issue privately were ignored. Dormann indicated that budget cuts at Microsoft may have led to a decline in the quality of the MSRC. BlueHammer was neutralized in the Windows 11 CVE-2026-33825 update released on April 14, 2026, but some components may still exist.

AppWizard

April 16, 2026

Your Android phone could soon get a better way to sniff out spoofed calls

Google is enhancing the security of incoming calls on Android devices by integrating a "Verified Caller" feature into Google Play Services. This feature aims to combat scam calls that use Do-Not-Originate (DNO) numbers by cross-referencing incoming calls against a database of DNO numbers to flag potential scams. The system will work with existing applications, such as banking apps, to monitor specific DNO numbers. The feature is still in development and its effectiveness will depend on business participation and strict verification processes by Google.

Winsage

April 16, 2026

CISA flags Windows Task Host vulnerability as exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Windows Task Host, identified as CVE-2025-60710, which poses a risk of privilege escalation, potentially allowing attackers to gain SYSTEM privileges. This flaw affects devices running Windows 11 and Windows Server 2025 and arises from a weakness in link following. Microsoft released a patch for this issue in November 2025. CISA has added CVE-2025-60710 to its list of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. CISA encourages all organizations, including those in the private sector, to implement necessary patches and improve network security. CISA also advised organizations to follow vendor instructions for mitigations or discontinue use of the affected product if mitigations are unavailable.

AppWizard

April 15, 2026

Players have already found exploits for the Sulfur Cube in Minecraft, including using it as a mode of transportation

The Sulfur Cube, introduced in the Chaos Cubed update, is currently in testing and has generated excitement among players. A Reddit user demonstrated a creative use of the Sulfur Cube as a mode of transportation by attaching it to a boat with a lead, along with a potion of slow falling and a spear, allowing for high-speed travel. This method offers a new way to navigate the game, surpassing traditional transport options like elytra, horses, or minecarts. There are concerns that this exploit may be patched soon, but it presents an opportunity for players to explore the Sulfur Cube's capabilities.

Winsage

April 15, 2026

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new security measures for Windows 10 and Windows 11 to protect against phishing attacks that exploit Remote Desktop Protocol (RDP) connection files. These updates, part of the April 2026 cumulative updates (KB5082200, KB5083769, and KB5082052), include a one-time educational prompt for users upon first opening an RDP file, requiring acknowledgment of the associated risks. Subsequent attempts to open RDP files will display a security dialog with information about the file's publisher, the remote system address, and local resource redirections, with options disabled by default. If an RDP file is unsigned, a warning will indicate an "Unknown remote connection." These protections apply only to connections initiated through RDP files, not through the Windows Remote Desktop client, and can be temporarily disabled via the Windows Registry.

AppWizard

April 15, 2026

Like Baby Steps, the devs’ speedrun reaction video is hilarious, unpredictable, and one giant troll

Bennett Foddy, co-creator of Baby Steps, questioned the authenticity of reactions in developer react videos, referencing Markiplier's performances in Getting Over It as potentially exaggerated. During a speedrun commentary, the developers provided humorous insights, celebrating the player's skill and clever exploits. Conan O'Brien's appearance on Hot Ones showcased his comedic approach to the spicy challenge, emphasizing the blend of authenticity and performance in entertainment.

Winsage

April 14, 2026

Microsoft’s April Windows update fixes 165 flaws, one exploited zero-day

Microsoft has released its April 2026 Patch Tuesday updates for Windows 11, addressing a total of 165 vulnerabilities, including one zero-day exploit that has been actively targeted by malicious actors. The update aims to enhance security and improve overall system performance. Users are encouraged to promptly install the updates to mitigate risks associated with these vulnerabilities.

AppWizard

April 13, 2026

Capcom’s new game has reminded me how good ray-tracing can look on PC

Pragmata is a new game by Capcom that features a protagonist named Hugh and a robotic companion named Diana, enhancing gameplay through traditional third-person shooting mechanics and on-the-fly hacking. The combat system involves navigating a grid maze to exploit enemy weaknesses, creating a strategic challenge. The game also emphasizes exploration with intricately designed levels filled with collectibles and resources. Visually, Pragmata is impressive, utilizing ray-traced lighting and running on an Nvidia GeForce RTX 5070 Ti, achieving around 90fps at maximum settings and potentially up to 150fps with frame generation. Capcom has successfully created a visually stunning game that may become a cult favorite.

AppWizard

April 13, 2026

As the new Galactic Civilization 4 DLC rolls out, you can the game at under $3 in the latest Humble Bundle

The latest Humble Bundle features Galactic Civilizations 4, available for .57 / £2.33 for the base game and .32 for the complete bundle, the lowest price to date. The game is a classic 4X strategy title with innovative mechanics, including sectors connected by "space roads." It has received significant enhancements through DLCs, such as Megastructures and Tales of the Arnor, and a second expansion pass is in progress with content planned through 2027. The game received a review score of 8/10. The bundle also includes other titles like Terminator: Dark Fate - Defiance and Valkyria Chronicles 4, available until April 22.