exploits Archives

AppWizard

January 16, 2026

Valheim player keeps building Dollar Generals despite friend begging them to stop: ‘I do not want to play Valheim with Greg anymore’

Greg, known as "The Sorcerer" in Valheim, has been constructing Dollar Generals in unexpected locations, which has sparked amusement and frustration among fellow players. His friend Woman Mage expressed disbelief at the absurdity of the situation, while another player, Paladin Posting, discovered multiple Dollar Generals and reacted with exasperation. Greg also built a giant emoji sign and a Waffle House in a swamp, which he humorously noted was resilient like its real-world counterpart. Paladin Posting's incredulity grew with the Waffle House, which featured a solitary skeleton as staff, leading to complaints about the service. Greg's creative antics continue to entertain and disrupt the typical gameplay experience.

Winsage

January 16, 2026

Microsoft Ends Windows Server 2008 Support on January 13, 2026

Microsoft has officially ceased all support for Windows Server 2008 as of January 13, 2026, including paid extended security updates. This end-of-life scenario poses significant security risks for organizations still using the outdated operating system, making them vulnerable to cyberattacks. The transition away from Windows Server 2008 requires careful planning, as many organizations face challenges in migrating legacy applications to modern systems. The lack of ongoing patches means that any new vulnerabilities will remain unaddressed, potentially leading to data breaches and compliance failures, particularly in regulated sectors like healthcare and finance. Microsoft has encouraged migration to Azure, offering incentives for early adopters, but the transition can be complex and costly. The end of support also affects global supply chains and compatibility with newer software applications. Organizations are advised to conduct audits of their software portfolios and consider hybrid environments to enhance flexibility and security.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows vulnerability, CVE-2026-20805, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 8.7. This vulnerability, part of the January 2026 Patch Tuesday updates, affects the Windows Desktop Window Manager and allows attackers to leak memory information, potentially aiding in further exploits. Federal Civilian Executive Branch agencies must address this vulnerability by February 3, 2026, as mandated by Binding Operational Directive 22-01.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

January 12, 2026

2026 Shift: Professionals Ditch Windows 11 for Linux’s Speed and Savings

Professionals are increasingly moving away from Windows 11 to various Linux distributions due to dissatisfaction with performance issues and intrusive features in Windows. A 2025 analysis showed Linux distributions outperforming Windows by an average of 19.5% in everyday tasks. Performance tests indicated that SteamOS, a Linux-based platform, often matched or exceeded Windows 11 in gaming performance. Linux's lightweight nature and superior system administration tools appeal to those managing servers and virtual environments. Security concerns regarding Windows 11, including privacy issues and forced updates, have led users to prefer Linux's open-source model, which allows for greater transparency and customization. Economic factors also play a role, as Linux is free and open-source, eliminating licensing fees associated with Windows 11. User-friendly distributions like Linux Mint facilitate the transition for new users, and community support helps address common challenges. Large organizations are increasingly adopting Linux for its stability and responsiveness, while the Linux community fosters rapid improvements and adaptability. User feedback highlights privacy, performance, and customizability as key benefits of switching to Linux.

Winsage

January 12, 2026

EDRStartupHinder Disables Antivirus and EDR Protections During Windows 11 25H2 Startup

A new tool named EDRStartupHinder was unveiled on January 11, 2026, which allows attackers to inhibit the launch of antivirus and endpoint detection and response (EDR) solutions during the Windows startup process. Developed by security researcher Two Seven One Three, it targets Windows Defender and various commercial security products on Windows 11 25H2 systems by redirecting essential system DLLs during boot using the Windows Bindlink API and Protected Process Light (PPL) security mechanisms. The tool employs a four-step attack chain that includes creating a malicious service with higher priority than the targeted security services, redirecting critical DLLs to attacker-controlled locations, and modifying a byte in the PE header of the DLLs to cause PPL-protected processes to refuse loading them. This results in the termination of the security software. EDRStartupHinder has been tested successfully against Windows Defender and other unnamed antivirus products, demonstrating its effectiveness in preventing these security solutions from launching. The source code for EDRStartupHinder is publicly available on GitHub, raising concerns about its potential misuse. Security teams are advised to monitor for Bindlink activity, unauthorized service creation, and registry modifications related to service groups and startup configurations to detect this attack vector. Microsoft has not yet issued any statements regarding patches or mitigations for this technique.

AppWizard

January 12, 2026

Epic Games CEO Tim Sweeney argues banning Twitter over its ability to AI-generate pornographic images of minors is just ‘gatekeepers’ attempting to ‘censor all of their political opponents’

Epic Games CEO Tim Sweeney has criticized a US initiative to ban the social media platform X and its generative AI tool, Grok, following reports of Grok generating inappropriate images, including those of minors. Sweeney emphasized the importance of open platforms and opposed political demands for censorship, labeling it as crony capitalism. Reports indicated that Grok produced troubling content, including altered images of influencers in compromising situations. In response to the controversy, X has placed Grok's image generation feature behind a paywall. Sweeney's stance on free speech contrasts with censorship practices on his own platforms, such as the Epic Games Store's ban on the art game Horses due to pressure from conservative groups. He acknowledged the dangers of AI, noting that major AIs have instances of misuse.

Winsage

January 11, 2026

Windows 10 Users Are Being Targeted With New Upgrade Offer

A surge of attacks targeting Windows 10 machines highlights the need for users to upgrade to Windows 11 Pro, which is currently available at a discount of approximately 94% off its standard price. Windows 10 is becoming increasingly vulnerable as it approaches its end of support, leaving users exposed to cyber threats. The U.S. Cybersecurity and Infrastructure Security Agency warns that unsupported systems are often exploited by cybercriminals. Windows 10 remains widely used, making it a significant target for attackers, as evidenced by over billion in reported cybercrime losses in 2023. Windows 11 Pro offers enhanced security features, including BitLocker drive encryption, Credential Guard, and Smart App Control, along with a security-first design that requires compatible hardware. Current promotions allow users to purchase a Windows 11 Pro license for under 0, providing a one-time purchase option that includes updates until Microsoft ends support for Windows 11. Users are advised to check compatibility before upgrading and to back up important files. For those unable to upgrade, alternatives include purchasing Extended Security Updates or investing in new hardware that meets Windows 11 specifications.

Winsage

January 7, 2026

Hackers Use Fake Windows BSOD To Spread Malware

Security researchers have identified a social engineering campaign that mimics the Windows Blue Screen of Death (BSOD) to deceive users into installing a remote access Trojan (RAT). The campaign, named PHALT#BLYX, begins with phishing emails that appear to be legitimate cancellation notices from travel websites, leading victims to a fake login page and an interactive CAPTCHA. This culminates in a full-screen imitation of the BSOD, prompting users to follow instructions that ultimately allow attackers to gain control of their computers. The attackers use a “ClickFix” process that involves executing commands through native Windows tools like PowerShell and MSBuild, making detection more challenging. The malware delivered is an obfuscated version of DCRat, which provides attackers with remote control capabilities, keylogging, and the ability to download additional malware. The campaign primarily targets hotels and hospitality businesses in Europe, exploiting the urgency of front-desk staff to respond to apparent technical issues. Indicators of a fake BSOD include the ability to interact with the screen, requests to execute commands via Windows tools, and the presence of CAPTCHA prompts. Organizations are advised to train employees, implement application control, enhance email and web defenses, and prepare for incident response to mitigate risks associated with such attacks.