NewApp Digest
search bot

information

Google expands Android Binary Transparency to counter supply chain attacks
AppWizard
May 6, 2026

Google expands Android Binary Transparency to counter supply chain attacks

Supply chain attacks targeting mobile software have increased due to the reliance on smartphones for essential functions. In response, Google has launched an enhanced Binary Transparency program for Android, which includes a public ledger that records cryptographic entries for production applications. This program initially covers two software layers: Google Applications and Mainline Modules. For Pixel device owners, it complements the Pixel System Image Transparency feature introduced in 2023, allowing users to verify the authenticity of system images and Google applications. The program aims to address the gap in software trust by distinguishing between digital signatures, which confirm the identity of the binary's creator, and binary transparency, which indicates the intent for public release. If a Google-signed application released after May 1, 2026, is not listed in the ledger, it means Google did not authorize it as production software. Verification tools are available on GitHub for assessing software against the ledger. Google employs "defense-in-depth" protocols to mitigate insider risks, ensuring that no single individual can publish a binary without triggering cryptographic verification. The ledger acts as a public record to deter unauthorized modifications. Google is also working to extend Binary Transparency to third-party developers to enhance the security of the global software supply chain.
A rigged game: ScarCruft compromises gaming platform in a supply-chain attack
BetaBeacon
May 6, 2026

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack

- ScarCruft, also known as APT37 or Reaper, is a North Korean espionage group targeting government, military organizations, and companies in Asia. - BirdCall is a Windows backdoor attributed to ScarCruft, with spying capabilities such as taking screenshots and logging keystrokes. - The Android version of BirdCall collects contacts, SMS messages, call logs, and media files, and was actively developed over several months. - The BirdCall backdoor was discovered in a trojanized card game on a gaming platform tailored for ethnic Koreans living in Yanbian, China. - The attack was likely aimed at collecting information on individuals from the Yanbian region deemed of interest to the North Korean regime, such as refugees or defectors.
May 2026's Pixel update is here to fix charging speeds and camera app freezes
AppWizard
May 6, 2026

May 2026’s Pixel update is here to fix charging speeds and camera app freezes

Google is rolling out the May 2026 software update for all supported Pixel devices running Android 16, which includes the Pixel 7a, Pixel 8 series, Pixel 8a, Pixel 9 series, Pixel 9a, Pixel 10 series, Pixel Tablet, and Pixel Fold, under the build number CP1A.260505.005. The update addresses known issues and brings enhancements to the devices listed. However, for Pixel 10, 10 Pro, 10 Pro XL, and 10 Pro Fold users, the update includes a bootloader change that prevents rolling back to previous versions of the bootloader after installation.
Open Source Tamper-Proof Database Adds Immutable Audit Logging and Expands PostgreSQL Compatibility
Tech Optimizer
May 5, 2026

Open Source Tamper-Proof Database Adds Immutable Audit Logging and Expands PostgreSQL Compatibility

Codenotary has released immudb 1.11, an open-source database that enhances immutable audit logging and compatibility with PostgreSQL. This version features integrated audit logging that captures database activities in a tamper-proof manner, eliminating the need for external logging systems. It allows organizations to create unalterable audit trails, streamline compliance processes, and maintain a reliable history of data interactions. Immudb 1.11 is compatible with existing PostgreSQL code, enabling seamless integration with various applications and tools. The database is particularly beneficial for sectors requiring trust and accountability, such as finance, software development, cybersecurity, regulated industries, AI systems, and supply chain management. Immudb has over 50 million downloads and supports a zero-trust approach to data management. The open-source version is available on GitHub.
Microsoft confirms Windows 11 may restart multiple times after updates and your PC isn't broken, as it's due to Secure Boot 2023
Winsage
May 5, 2026

Microsoft confirms Windows 11 may restart multiple times after updates and your PC isn’t broken, as it’s due to Secure Boot 2023

Upon installing the April 2026 Patch Tuesday update, some users experienced two or three reboots, which Microsoft confirmed is intentional due to the installation of Secure Boot 2023 certificates. This behavior is expected for a limited number of devices and is part of the Secure Boot update process. The Secure Boot certificates are replacing older ones issued in 2011, set to expire in June 2026. Users can check their Secure Boot status in the Windows Security app, which indicates the status with green, yellow, or red badges. A green badge means the system is up to date, while yellow and red badges indicate issues with certificate updates. Microsoft is managing Secure Boot certificates on modern PCs, but older machines without OEM support may struggle to receive updates due to firmware limitations.
Выпуск qBittorrent 5.2.0
TrendTechie
May 5, 2026

Выпуск qBittorrent 5.2.0

qBittorrent 5.2.0 was released on May 3, 2026, as an open-source torrent client developed with the Qt toolkit. It is available for Linux, Windows, and macOS, and its source code is on GitHub under the GPLv2+ license. The project started with version 4.0 in November 2017, followed by versions 5.0 in September 2024 and 5.1 in April 2025. Key features include an integrated search engine, RSS feed subscription, remote management, and advanced torrent settings. Version 5.2.0 includes enhancements such as an advanced tracker status filter, removal of subcategory restrictions, asynchronous block calculations, reduced resume times for paused downloads, configurable RSS feed refresh times, SOCKS4/SOCKS4a proxy support for the search engine, and various improvements to the web interface and user customization options. Support for builds with Qt 6.5 has been discontinued.
AI finds 20-year-old bugs in PostgreSQL and MariaDB
Tech Optimizer
May 5, 2026

AI finds 20-year-old bugs in PostgreSQL and MariaDB

Patches have been released for all identified vulnerabilities in PostgreSQL and MariaDB, with strong recommendations for users to upgrade to the latest fixed versions. A zero-day flaw in PostgreSQL, classified as CVE-2026-2005, is a heap-based buffer overflow issue in the "pgcrypto" extension. This vulnerability allows attackers to exploit specially crafted input, leading to out-of-bounds writes and potential remote code execution on the database server. It affects all supported versions of PostgreSQL and has been addressed in updates v18.2, v17.8, v16.12, v15.16, and v14.21. The flaw has a high-severity rating of CVSS 8.8 out of 10 and has existed since 2005.
Microsoft is finally ditching the junk MSN feed in Windows widgets
Winsage
May 5, 2026

Microsoft is finally ditching the junk MSN feed in Windows widgets

Microsoft will eliminate the MSN news feed from the widgets panel in Windows 11, shifting to a "quiet by default" experience. This change includes disabling the automatic opening of the widgets panel when hovering over its taskbar icon and turning off distracting taskbar badges by default. Users will now see a more personalized set of information in the widgets panel instead of notifications related to stocks, weather, or news. These updates aim to create a less distracting interface and improve the overall user experience in Windows 11, with further enhancements expected throughout 2026.
Search