NewApp Digest
search bot

exploitation

Android 16 Bug Allows Apps to Ignore VPNs and Leak IP Addresses
AppWizard
May 15, 2026

Android 16 Bug Allows Apps to Ignore VPNs and Leak IP Addresses

Android 16 may have a vulnerability that allows applications to bypass VPN protections, potentially exposing users' IP addresses. A security engineer reported this issue through Google’s Vulnerability Reward Program, but Google's security team deemed it "infeasible" to address. The vulnerability lies within the ConnectivityManager system service, which circumvents the VPN tunnel, leading to unencrypted traffic and exposure of sensitive information. This issue persists even with "Always-on VPN" or "Block connections without VPN" features enabled. Although there is no confirmed exploitation of this vulnerability, it poses ongoing risks for users. GrapheneOS has patched the issue, indicating a fix is possible. A debug command has been identified as a temporary workaround for affected users, but it requires caution and understanding of USB debugging mode.
Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution
Winsage
May 15, 2026

Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution

Windows systems are threatened by a vulnerability in the Windows DNS Client, identified as CVE-2026-41096, which allows remote code execution without user intervention. It has a CVSS base score of 9.8, indicating high severity. The flaw is a heap-based buffer overflow in the dnsapi.dll component, enabling unauthenticated remote attackers to execute arbitrary code. Exploitation requires sending a specially crafted DNS response to a vulnerable system, potentially leading to complete control over the host. Affected systems include supported versions of Windows 11 and Windows Server 2022/2025. Microsoft released security updates on May 12, 2026, and administrators are advised to apply these patches and reboot systems. Despite the severity, Microsoft currently classifies exploitation as “Exploitation Unlikely,” with no known public exploits or in-the-wild attacks.
Meta faces court over Android tracking claims
AppWizard
May 14, 2026

Meta faces court over Android tracking claims

Meta is facing a class action lawsuit for allegedly exploiting vulnerabilities in Android smartphones to track users' private information, linking browsing activity to Instagram and Facebook accounts. The lawsuit claims Meta unlawfully accessed and de-anonymized personal data of millions of Android users to enhance advertising profiling. A US District Court Judge ruled that most privacy-related claims in the lawsuit must proceed, stating that plaintiffs have plausibly alleged a significant intrusion upon their privacy. Meta is accused of exploiting an Android vulnerability to bypass security measures that isolate apps, allowing it to link browsing information to users' accounts. Although Meta has reportedly stopped using this tracking method, it successfully dismissed two claims related to unjust enrichment and the use of modified pixel code. Additionally, the lawsuit includes claims against Google for negligence, with one claim dismissed but another allowed to proceed. In response to regulatory pressures, Meta is introducing new features for parental supervision of teens on its platforms and plans to use AI to detect underage accounts.
Windows BitLocker zero-day gives access to protected drives, PoC released
Winsage
May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Winsage
May 13, 2026

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has introduced a multi-model AI system called MDASH, designed to enhance vulnerability discovery and remediation processes. Currently in limited private preview testing with select customers, MDASH employs over 100 specialized AI agents for various classes of vulnerabilities, enabling autonomous discovery, validation, and demonstration of exploitable defects in complex codebases. The system operates through a structured pipeline that analyzes source code, constructs threat models, and validates findings using auditor and debater agents. MDASH has successfully identified 16 vulnerabilities in its initial tests, including two critical flaws affecting Windows networking and authentication: 1. CVE-2026-33824 (CVSS score: 9.8) - A double-free vulnerability in "ikeext.dll" allowing remote code execution via specially crafted packets. 2. CVE-2026-33827 (CVSS score: 8.1) - A race condition vulnerability in Windows TCP/IP ("tcpip.sys") enabling remote code execution through specially crafted IPv6 packets.
Windows 11 security update fixes critical Bing and Azure flaws
Winsage
May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.
Marathon reconsiders bug abuse approach after player uses Cryo Archive exploit to butcher an entire team
AppWizard
May 12, 2026

Marathon reconsiders bug abuse approach after player uses Cryo Archive exploit to butcher an entire team

Bungie is reviewing its policies regarding player actions that exploit bugs in Marathon following a viral incident where a player used a flaw in the Cryo Archive map to eliminate another team. The company plans to compensate those affected by this incident and will address the bug before reintroducing the map. Bungie has historically not penalized players for going out of bounds but is considering stricter penalties for deliberate exploitation of bugs that negatively impact others. Since the launch of the Cryo Archive map, players have faced numerous issues, prompting ongoing patches and updates.
Microsoft Confirms KB5083769 Breaks Macrium and Acronis Backups
Winsage
May 10, 2026

Microsoft Confirms KB5083769 Breaks Macrium and Acronis Backups

Microsoft's April 2026 Windows security update, KB5083769, may disrupt image-mount operations for backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup due to the addition of the psmounterex.sys kernel driver to its Vulnerable Driver Blocklist. This action was taken to address a high-severity buffer overflow vulnerability, CVE-2023-43896. The inclusion of this driver in the blocklist has rendered several backup products inoperable, and Microsoft will not retract the block for security reasons. Administrators can use Event ID 3077 in the Code Integrity log to confirm that the blocklist is causing the failures. Microsoft advises updating backup applications to versions that include necessary driver protections instead of uninstalling or pausing the security patch. Additionally, the April updates have caused other issues, such as failures in Windows Server installations and devices booting into BitLocker recovery mode.
From BBM to Threema: How messaging apps fuel JK terror networks
AppWizard
May 10, 2026

From BBM to Threema: How messaging apps fuel JK terror networks

Srinagar has seen a resurgence of the Blackberry Messenger (BBM) application within the Lashkar-e-Taiba (LeT) terror network, as revealed by the interrogation of a key operative. The Srinagar police recently dismantled an LeT module, arresting Abdullah (Abu Hureira) and others, prompting the National Investigation Agency (NIA) to investigate. During questioning, it was disclosed that various communication apps, including BBM, Element, Threema, and Dust, were being used alongside mainstream platforms like WhatsApp and Telegram. BBM was initially flagged by investigative agencies in 2009, leading to the establishment of servers in India in 2011-12 after the Indian government threatened a ban. However, BBM transitioned to a paid service in 2019, and investigators are now tracing accounts linked to terrorist activities. The Indian government banned 14 messaging applications in May 2023, including Element, due to their use by terror groups. Highly secure apps like Threema and ephemeral messaging platforms like Dust are under scrutiny for their potential to hinder intelligence gathering. The rise of the internet has facilitated communication for terrorist organizations, with the UN highlighting their exploitation of online platforms for propaganda and recruitment, leading to the adoption of Resolution 2354 in 2017 to combat terrorism online.
Meta can see your Instagram messages now, and it's time to stop using it
AppWizard
May 8, 2026

Meta can see your Instagram messages now, and it’s time to stop using it

Instagram has removed end-to-end encryption from its direct messaging feature, meaning messages are no longer fully private. Meta can access and analyze message content for moderation, citing low adoption rates and safety concerns as reasons for this decision. The change took effect on May 8, 2026, and allows Meta to combat issues like child exploitation, fraud, and harassment. Users can download their chats, but ongoing conversations are not protected by encryption. Meta suggests users transition to WhatsApp for continued end-to-end encryption.
Search