We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Injection

Researchers Trick ChatGPT into Disclosing Windows Product Keys
Winsage
July 10, 2025

Researchers Trick ChatGPT into Disclosing Windows Product Keys

Researchers have successfully bypassed ChatGPT's guardrails, allowing the AI to disclose valid Windows product keys by disguising requests as a guessing game. The technique involved using HTML tags to hide sensitive terms from filters while still enabling AI comprehension. They extracted real Windows Home/Pro/Enterprise keys by establishing game rules and using the phrase "I give up" to trigger disclosure. This vulnerability highlights flaws in keyword-based filtering and suggests that similar techniques could expose other restricted content. The attack exploits weaknesses in AI's contextual interpretation and emphasizes the need for improved content moderation strategies, including enhanced contextual awareness and detection of deceptive framing patterns.
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)
Winsage
July 10, 2025

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Microsoft released patches for 130 vulnerabilities in the July 2025 Patch Tuesday update. Notable vulnerabilities include CVE-2025-49719, an uninitialized memory disclosure in Microsoft SQL Server, and CVE-2025-47981, a wormable remote code execution flaw in Windows. CVE-2025-49719 is assessed as having "unproven" exploit code, while CVE-2025-47981 has a high likelihood of exploitation within 30 days. Other vulnerabilities include CVE-2025-49717, a buffer overflow in SQL Server, and CVE-2025-49704, which allows code injection in SharePoint. Additionally, updates address vulnerabilities in Windows Routing and Remote Access Service (RRAS) and Microsoft Edge, including CVE-2025-6554, which has been actively exploited. Administrators are advised to prioritize patching internet-facing assets and consider additional mitigations for RRAS vulnerabilities.
Zero Day Initiative — The July 2025 Security Update Review
Winsage
July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.
XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses
Tech Optimizer
July 7, 2025

XWorm RAT Deploys New Stagers and Loaders to Bypass Defenses

The XWorm Remote Access Trojan (RAT) has evolved its attack strategies by incorporating advanced stagers and loaders to evade detection. It is known for its capabilities, including keylogging, remote desktop access, data exfiltration, and command execution, and is particularly targeted at the software supply chain and gaming sectors. Recent campaigns have paired XWorm with AsyncRAT for initial access before deploying ransomware using the leaked LockBit Black builder. XWorm utilizes various file formats and scripting languages for payload delivery, often through phishing campaigns with deceptive lures like invoices and shipping notifications. It employs obfuscation techniques, including Base64 encoding and AES encryption, and manipulates Windows security features to avoid detection. Persistence mechanisms such as registry run keys and scheduled tasks ensure sustained access. XWorm conducts system reconnaissance, queries for antivirus software, and attempts to disable Microsoft Defender. It can propagate via removable media and execute commands from command-and-control servers. The Splunk Threat Research Team has developed detections for suspicious activities related to XWorm infections. Indicators of compromise include various file hashes for different scripts and loaders associated with XWorm.
I wouldn't be able to use my gaming PC without this one mod
AppWizard
July 5, 2025

I wouldn’t be able to use my gaming PC without this one mod

Special K is a versatile utility for PC gaming that enhances gameplay across various titles. It features a frame rate limiter that improves consistency, surpassing Nvidia's built-in limiter in minimum frame rates during tests. Special K allows users to force games into borderless or exclusive fullscreen modes, enable Nvidia Reflex, adjust DLSS settings, and link input devices to specific applications. It also addresses HDR support issues by enabling HDR injection in games that lack native support, with extensive customization options for HDR settings. Originally developed to fix problems in PC ports like Fallout 4 and Batman: Arkham Knight, it has evolved to optimize a wide range of games, including Elden Ring, Monster Hunter: World, and Final Fantasy VII Remake. Special K has limitations with online games due to anti-cheat concerns but is highly applicable for single-player titles. The introduction of the SKIF GUI has made it more accessible for users.
Critical PHP Vulnerabilities Expose Systems to SQL Injection & DoS Attacks
Tech Optimizer
July 5, 2025

Critical PHP Vulnerabilities Expose Systems to SQL Injection & DoS Attacks

A security vulnerability identified as CVE-2025-1735 in the PHP pgsql extension has been disclosed, classified with moderate severity. It arises from inadequate error checking during input data escaping, specifically the failure to pass error parameters to the PQescapeStringConn() function and not verifying NULL values from PQescapeIdentifier(). This flaw affects PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, allowing potential SQL injection attacks and application crashes due to null pointer dereferences. The vulnerability is linked to a recent PostgreSQL vulnerability (CVE-2025-1094) related to invalid multibyte character handling. Developers are urged to upgrade to patched releases to mitigate risks.
Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks
Tech Optimizer
July 5, 2025

Multiple PHP Vulnerabilities Allow SQL Injection & DoS Attacks

Critical security vulnerabilities in PHP, identified as CVE-2025-1735 and CVE-2025-6491, pose risks for SQL injection attacks and denial of service (DoS) conditions. These vulnerabilities affect PHP versions below 8.1.33, 8.2.29, 8.3.23, and 8.4.10. CVE-2025-1735 relates to the PostgreSQL extension, where insufficient error checking during string escaping can lead to SQL injection vulnerabilities and application crashes. This flaw is associated with PostgreSQL's CVE-2025-1094. CVE-2025-6491 affects the SOAP extension, causing segmentation faults when a SoapVar instance has a namespace prefix exceeding 2GB, which can lead to application termination. This issue is linked to limitations in libxml2 versions prior to 2.13. Patches are available for all affected PHP versions to mitigate these vulnerabilities. CVE-2025-1735 has a CVSS score of 9.1 (Critical), while CVE-2025-6491 has a CVSS score of 5.9 (Moderate).
Introducing Mu language model and how it enabled the agent in Windows Settings
Winsage
June 23, 2025

Introducing Mu language model and how it enabled the agent in Windows Settings

Mu is a small language model designed to run locally on Copilot+ PCs, specifically optimized for Neural Processing Units (NPUs). It is a 330M encoder-decoder model that translates natural language queries into actionable settings function calls, enhancing user experience. Mu achieved approximately 47% lower first-token latency and 4.7× higher decoding speed compared to a decoder-only model on a Qualcomm Hexagon NPU. The model incorporates advanced techniques such as Dual LayerNorm, Rotary Positional Embeddings, and Grouped-Query Attention to improve performance while maintaining a compact size. It was trained using A100 GPUs on Azure, pre-training on hundreds of billions of educational tokens and fine-tuning on tasks like SQUAD, CodeXGlue, and the Windows Settings agent. Mu's quantization techniques converted model weights from floating-point to integer representations, optimizing performance on edge devices. The Settings agent was fine-tuned with a dataset of 3.6 million samples to achieve response times under 500 milliseconds, effectively managing user queries related to Windows settings.
Counterfeit Minecraft mods deliver malware
AppWizard
June 22, 2025

Counterfeit Minecraft mods deliver malware

A series of sophisticated cyberattacks using ACR Stealer-based Amatera Stealer malware have been executed as part of ClearFake web injection campaigns between April and May. These campaigns utilize advanced techniques, including EtherHiding to obscure malicious activities, targeting smart contracts on the Binance Smart Chain for unauthorized access, and ClickFix Exploitation to manipulate user interactions for executing harmful scripts.
Microsoft boosts default security of Windows 365 Cloud PCs
Winsage
June 20, 2025

Microsoft boosts default security of Windows 365 Cloud PCs

Microsoft is enhancing its Windows 365 Cloud PCs with new security features starting in May 2025. All newly provisioned and reprovisioned Cloud PCs using a Windows 11 gallery image will have Virtualization-Based Security (VBS), Credential Guard, and Hypervisor-Protected Code Integrity (HVCI) enabled by default. VBS creates a secure environment to protect system processes, Credential Guard secures authentication credentials, and HVCI ensures only verified code runs at the kernel level. Additionally, beginning in the latter half of 2025, clipboard, drive, USB, and printer redirections will be disabled by default on newly provisioned and reprovisioned Cloud PCs to mitigate security risks, although IT administrators can re-enable these features if needed.
Search