GitHub Archives

Winsage

May 22, 2026

Microsoft says public sharing of Windows 11 vulnerability violates ‘best practices’

A security researcher known as Nightmare-Eclipse revealed a vulnerability in Windows 11, named YellowKey, which allows attackers to access BitLocker-encrypted drives through the Windows Recovery Environment. Microsoft acknowledged the vulnerability, assigned it the identifier CVE-2026-45585, and criticized the public sharing of its proof of concept. Currently, there is no patch available for the BitLocker bypass, but physical access to the device provides some protection. The vulnerability does not exist in Windows 10 due to differences in the Windows Recovery Environment. The attack requires a stolen Windows 11 laptop and a USB stick, and the vulnerable filesystems include NTFS, FAT32, and exFAT. Nightmare-Eclipse speculated that the bypass may function as a backdoor, while Microsoft referred to it as a "security feature bypass vulnerability."

Tech Optimizer

May 21, 2026

CVE-2024-55638: Highly Critical Drupal Core Vulnerability Threatens PostgreSQL Sites with Remote Code Execution (RCE)

A critical vulnerability, CVE-2024-55638, has been identified in Drupal Core, affecting installations using PostgreSQL as their backend database. This vulnerability involves PHP Object Injection, which can lead to full Remote Code Execution (RCE) when combined with another deserialization flaw. It cannot be exploited independently but increases the risk for Drupal installations that use third-party modules or custom code that improperly employs the unserialize() function. The affected versions include Drupal Core 7.x prior to 7.102, 8.0.0 and above prior to 10.2.11, and 10.3.0 prior to 10.3.9, with patched versions being 7.102, 10.2.11, and 10.3.9. The vulnerability is particularly relevant for sites using PostgreSQL, and organizations are urged to upgrade to the patched versions and audit their code for unsafe unserialize() usage. Currently, there are no confirmed reports of exploitation in the wild, but the risk remains high due to insecure deserialization bugs in third-party modules. The EPSS score for this vulnerability is 9.93%, indicating a significant likelihood of exploitation in the near future.

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

AppWizard

May 21, 2026

And Now I’ve Vibe Coded a Native Android Markdown App ⭐

The author developed a Markdown editor using Google AI Studio, initially intending to create a native Android application but ultimately producing a web app. They discovered a feature in Google AI Studio to build an Android app and crafted a prompt for a Markdown editor resembling Typora. The app includes file management, a WYSIWYG editing view, and keyboard shortcuts, with enhancements for hyperlink insertion and theme customization. The author successfully installed the app on a physical device and tested it on different configurations. They noted limitations in the testing capabilities of AI Studio and faced challenges transferring the project to Android Studio due to unclear instructions. The app is functional and feature-rich, but cannot be publicly shared due to the inclusion of a Google API key. Google has indicated that sharing on the Google Play Store will be possible in the future.

AppWizard

May 20, 2026

Google AI Studio has learnt to create Android apps from a text query

Google has introduced a new feature in AI Studio that enables users to create native Android applications from text descriptions, automatically generating Kotlin code and using Jetpack Compose for the user interface. Developers can build Android apps directly in the browser without needing to install Android Studio or additional libraries. AI Studio includes a built-in Android Emulator for real-time testing and allows immediate installation of applications on Android devices via USB. Users can publish builds to Google Play's internal test track and export projects as ZIP archives or push them to GitHub. The service is ideal for developing simple utilities and applications that utilize various Android hardware features. Future updates will include support for Firebase and other tools.

Tech Optimizer

May 20, 2026

PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability

A proof-of-concept exploit has been developed for CVE-2026-2005, a remote code execution vulnerability in the pgcrypto extension of PostgreSQL. This vulnerability, stemming from legacy code, allows attackers to trigger a heap-based buffer overflow through specially crafted PGP messages, enabling arbitrary memory read and write operations. Successful exploitation can escalate privileges to PostgreSQL superuser status and execute commands on the operating system. The exploit targets PostgreSQL instances compiled from a specific vulnerable commit and circumvents protections like Address Space Layout Randomization (ASLR). It involves corrupting heap memory structures, leading to a controlled pointer leak that reveals the heap layout. Security researcher Varik Matevosyan has published the PoC on GitHub, demonstrating the exploitation process. The exploit requires a compatible PostgreSQL binary and utilizes Python-based tools for interaction. Organizations are advised to review their PostgreSQL deployments, disable unnecessary extensions, and apply security updates to mitigate risks.

AppWizard

May 20, 2026

You can now build Android apps in minutes by describing them to Google AI Studio

Google has introduced AI-powered features in Google AI Studio to simplify Android app development. Users can describe their app ideas in plain language, and the AI translates these into functional Android applications via a web browser. The platform generates the app's framework, user interface, and core functionalities using Kotlin and Jetpack Compose, supporting features like GPS, Bluetooth, and NFC. AI Studio includes an in-browser Android Emulator for building and testing apps, along with Android Debug Bridge integration for direct deployment to devices. Currently, the tools are aimed at personal utilities and lightweight projects, with plans for broader sharing options in the future. The platform can automatically create Play Console records, package Android App Bundles, and upload builds for testing, reducing manual steps. Developers can also export projects as zip files for further work in Android Studio or GitHub. Future expansions will include support for Firebase services. Additionally, Google has introduced the "Ask Play" feature for app discovery, allowing users to search using conversational prompts instead of keywords, and plans to integrate Android applications within Gemini interactions across mobile and web platforms.

TrendTechie

May 20, 2026

Фанаты Minecraft тайно скопировали 24 терабайта данных с легендарного сервера 2b2t – архив миллиона блоков скоро раздадут через торрент

A group of Minecraft enthusiasts has completed a digital archaeology project, mapping and archiving the oldest anarchy server, 2b2t, resulting in 24 terabytes of data. This data will be released as a torrent in the coming weeks. The 2b2t server has been operational for 16 years and is known for its lack of rules and bans. The team successfully archived various areas of the server, including: - Overworld area of 1,024,000² blocks (December 25, 2025 – April 13, 2026) - Overworld area of 512,000² blocks (November 11, 2024 – December 12, 2024) - End area of 256,000² blocks (January 23, 2026 – February 15, 2026) - Nether area of 100,000² blocks (June 9, 2025 – June 14, 2025) The team plans to release high-resolution renders and data analysis tables alongside the archive. Open-source tools for the archive are available on GitHub, and updates can be followed via Discord and Patreon.

Winsage

May 20, 2026

This tool lets you purge Windows 11 of all AI bloat features

Microsoft's Copilot chatbot is integrated into various Windows 11 applications, including the Edge browser, Photos app, and Paint software. Users can manage and disable unwanted AI components using the open-source program FlyOOBE, available for free on GitHub. To use FlyOOBE, users download a ZIP file, extract it, and run FlyOOBE.exe as an administrator. The program allows users to check the activation status of AI components and disable those they do not want by selecting them and confirming the changes. If FlyOOBE freezes, users can close the "Windows PowerShell" window to re-check components. FlyOOBE also offers features for removing bloatware. While it is free, donations to the developer, Builtbybel, are appreciated.

AppWizard

May 20, 2026

Google’s AI Studio now lets anyone build Android apps in minutes

The Google I/O 2026 event revealed enhanced native Android app creation capabilities within the web-based Google AI Studio, significantly reducing the app development time from weeks to minutes. Google introduced Gemini AI to help users discover applications on the Play Store and the web, improving user experience and developer visibility. The new platform allows users to "vibe-code" Android applications using intuitive tools, democratizing app development for both experienced and novice developers. Apps are developed using Kotlin and Google’s Jetpack Compose toolkit, with support for various hardware sensors. An embedded Android Emulator enables real-time preview and interaction with apps, which can be installed on devices via USB. AI Studio also offers features for creating app records, package bundles, and uploading to the Google Play Console for internal testing. Developers can transfer projects to Android Studio for broader publishing, with future enhancements including app sharing and Firebase integrations. A new AI-powered overlay called "Ask Play" will assist users in discovering apps through natural conversations, while Gemini will help surface developers' apps and link users to movies, TV shows, and live sports streaming.