infrastructure Archives

Winsage

April 17, 2026

Microsoft’s April patch puts Windows domain controllers into reboot loops — third known issue from KB5082063 is affecting Windows Server 2016 through 2025

Microsoft has acknowledged that the April 2026 security update for Windows Server, patch KB5082063, has caused significant disruptions for some enterprise domain controllers, leading to continuous reboot cycles in non-Global Catalog domain controllers used in Privileged Access Management (PAM) deployments. This has resulted in the unavailability of Active Directory authentication and directory services on affected servers. Additionally, the installation of KB5082063 may fail on some Windows Server 2025 systems. This issue marks the third consecutive year that April security updates have caused problems for Windows Server domain controllers. In previous years, Microsoft issued emergency fixes for similar issues, including crashes and complications with NTLM authentication. Administrators currently have limited options, including delaying the update, isolating a test domain controller, or engaging with Microsoft Support for tailored mitigation steps.

AppWizard

April 17, 2026

Meta announces date for 2026 Conversations event

Meta will host its 2026 Conversations messaging conference on June 3 in London, focusing on innovations for WhatsApp, Messenger, and IG Direct. The event will feature Meta executives discussing the future of messaging for businesses and the integration of AI tools. It will be live-streamed for global accessibility. This year's keynote will highlight innovations in business messaging, AI agents, and the potential for custom chatbots. Meta plans to invest over billion in AI infrastructure over the next three years. Messaging has become a key focus for Meta, with increased usage of private messaging and tools to enhance business interactions. The adoption of Click-to-Message ads is rising, and the conference will provide insights into the latest trends and tools in messaging.

Tech Optimizer

April 17, 2026

Why Postgres wants NVMe on the hot path, and S3 everywhere else

Efforts to merge storage roles into a single solution are ongoing, particularly with Amazon S3's durability and cost-effectiveness. In PostgreSQL, achieving a durable commit requires flushing the Write-Ahead Log (WAL) before signaling transaction completion, which can take tens of microseconds on high-performance NVMe drives but extend to milliseconds on slower storage. This latency impacts Online Transaction Processing (OLTP) systems and user response times. Benchmark studies show that systems with faster local storage outperform those with slower alternatives as workloads exceed memory capacity. The fsync operation in PostgreSQL is a commitment rather than a simple write, with enterprise-grade SSDs performing better due to power-loss protection. Read operations also face challenges, as PostgreSQL's need for small, latency-sensitive reads conflicts with S3's design for larger, higher-latency requests. As the working set exceeds memory, storage latency becomes a critical performance factor. Modern managed PostgreSQL systems typically do not place object storage in the critical commit path, instead maintaining a fast log or cache close to the database while relegating colder data to remote storage. Recent PostgreSQL developments, such as asynchronous I/O support in version 18, aim to leverage fast storage more effectively. S3 is valuable for tasks like WAL archiving and backups, but these should be kept separate from the commit path to avoid resource contention. The solution involves using both NVMe and S3, with fast storage managing commits and cache misses, while object storage handles archives and backups. PostgreSQL performs best when hot and cold storage functions are clearly delineated.

Tech Optimizer

April 17, 2026

EDB Spearheads the Year of the Agentic Workforce with Industry Recognition, Ecosystem Momentum, and Continued Postgres® Leadership

EnterpriseDB (EDB) announced that its product, EDB Postgres AI (EDB PG AI), won the "Data Management Innovation of the Year" at the 2026 Data Breakthrough Awards. EDB PG AI is recognized for transforming Postgres into a unified data and AI platform, facilitating hybrid management and observability across workloads. EDB contributes 30% to the open-source Postgres project, leading contributions among commercial entities. EDB PG AI was highlighted at the NVIDIA GTC 2026 and received multiple accolades, including recognition in CRN's 2026 AI 100 and Sustainability Innovation of the Year. EDB hosts a podcast, AI & Data Horizons, featuring industry experts discussing responsible AI use and data sovereignty. EDB PG AI is described as the first open, enterprise-grade sovereign data and AI platform, capable of unifying various workloads while ensuring compliance and security.

Winsage

April 16, 2026

Fake Proton VPN sites are pushing NWHStealer malware to Windows users

A malware campaign is utilizing counterfeit Proton VPN websites and other deceptive tactics to distribute a Windows infostealer known as NWHStealer. This malware extracts sensitive information, including browser credentials and cryptocurrency wallet details, and operates stealthily by injecting itself into legitimate processes. Two primary infection vectors have been identified: malicious ZIP archives on a free web hosting platform and trojanized installers from fake Proton VPN sites. The malware employs DLL hijacking and can exfiltrate data to a command-and-control server while ensuring persistence through scheduled tasks and disguising payloads as legitimate system processes. It also exploits the Windows cmstp.exe utility to bypass User Account Control. Users are advised to avoid downloading software from unofficial sources and to verify file signatures and publisher information.

Winsage

April 16, 2026

A zero-day BlueHammer Windows exploit was leaked by a researcher fed up with Microsoft’s Security Response Center — and the rushed fix isn’t perfect

On April 2, 2026, a security researcher named Chaotic Eclipse announced a zero-day Windows exploit called BlueHammer, which allows attackers to gain SYSTEM privileges. Will Dormann, a principal vulnerability analyst, confirmed the exploit's functionality. Chaotic Eclipse criticized the Microsoft Security Response Center (MSRC) for its perceived incompetence, suggesting that prior attempts to resolve the issue privately were ignored. Dormann indicated that budget cuts at Microsoft may have led to a decline in the quality of the MSRC. BlueHammer was neutralized in the Windows 11 CVE-2026-33825 update released on April 14, 2026, but some components may still exist.

Winsage

April 16, 2026

CISA flags Windows Task Host vulnerability as exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in the Windows Task Host, identified as CVE-2025-60710, which poses a risk of privilege escalation, potentially allowing attackers to gain SYSTEM privileges. This flaw affects devices running Windows 11 and Windows Server 2025 and arises from a weakness in link following. Microsoft released a patch for this issue in November 2025. CISA has added CVE-2025-60710 to its list of actively exploited vulnerabilities and mandated that Federal Civilian Executive Branch agencies secure their systems within two weeks. CISA encourages all organizations, including those in the private sector, to implement necessary patches and improve network security. CISA also advised organizations to follow vendor instructions for mitigations or discontinue use of the affected product if mitigations are unavailable.

Tech Optimizer

April 15, 2026

Postgres to Iceberg in 13 minutes: How Supermetal compares to Flink, Kafka Connect, and Spark

Supermetal introduced Iceberg sink support, allowing for data transfer from Postgres to Iceberg. In a performance comparison, Supermetal completed snapshotting in 13 minutes, while Flink took 90 to 116 minutes, Kafka Connect required 120 minutes, and Spark exceeded 3 hours. The tests focused on throughput during the snapshotting phase rather than latency. The setup used the TPC-H dataset with a scale factor of 50 and involved AWS infrastructure. Supermetal operates independently of Kafka, enabling direct data delivery from source to sink. It utilizes a JSON configuration file for deployment, supporting various catalogs and advanced configuration options. Supermetal's Iceberg writer can adjust settings based on the CDC source phase. Throughout the tests, Supermetal maintained low CPU and memory usage, while other tools faced challenges with performance and resource management. Data synchronization was validated across all tools, with Supermetal achieving at least 7x faster snapshotting performance without tuning.

Winsage

April 15, 2026

Why is France moving from Microsoft Windows to Linux

The government aims to reduce reliance on non-European digital solutions by transitioning from Windows to Linux-based systems for state operations. The national health insurance body is migrating 80,000 employees to state-approved digital tools, including secure messaging and file transfer platforms, with plans to transition the health data platform to a sovereign solution by the end of 2026. Ministries will submit roadmaps by autumn to outline strategies for reducing dependence on non-European technologies in areas such as workplace software, collaboration tools, cybersecurity, artificial intelligence, database management, and network equipment. A centralized strategy will oversee these initiatives, with industry meetings planned for June to formalize public-private partnerships. Additionally, Japan and France have agreed to enhance cooperation on critical mineral supply chains.

Tech Optimizer

April 13, 2026

Fake Claude site installs malware that gives attackers access to your computer

Claude, an AI tool developed by Anthropic, receives nearly 290 million web visits monthly and has become a target for cybercriminals. A fake website has been found that impersonates Claude, distributing a trojanized installer named Claude-Pro-windows-x64.zip. This installer, while appearing legitimate, deploys PlugX malware, granting attackers remote access to users' systems. The fraudulent site mimics the official download page and uses passive DNS records linked to commercial bulk-email platforms, indicating active maintenance by the operators. The ZIP file contains an MSI installer that incorrectly spells "Claude" as "Cluade" and creates a desktop shortcut that launches a VBScript dropper. This script runs the legitimate claude.exe while executing malicious activities in the background, including copying files to the Windows Startup folder to ensure persistence after reboot. The attack utilizes a DLL sideloading technique recognized by MITRE as T1574.002, where a legitimate G DATA antivirus updater is exploited with a malicious DLL. Within 22 seconds of execution, the malware establishes a connection to an IP address associated with Alibaba Cloud, indicating control over the compromised system. The dropper script also employs anti-forensic measures to delete itself and the VBScript after deployment. Indicators of compromise include the filenames Claude-Pro-windows-x64.zip, NOVUpdate.exe, avk.dll, and NOVUpdate.exe.dat, along with the network indicator 8.217.190.58:443 (TCP) as the command and control destination. Users are advised to download Claude only from the official site and to remain vigilant against potential compromises.