interaction Archives

Winsage

April 28, 2026

Incomplete Windows Patch Creates New Zero-Click Attack Risk

A new vulnerability in Microsoft Windows, designated as CVE-2026-32202, has been discovered due to an incomplete security patch for a previous flaw (CVE-2026-21510). This new vulnerability allows attackers to execute zero-click attacks by processing specially crafted shortcut files, enabling automatic authentication requests without user interaction. The vulnerabilities are linked to another flaw (CVE-2026-21513) in Microsoft’s MSHTML framework, and cybercriminals, specifically the APT28 group, have exploited these issues in attacks against Ukraine and the European Union. Microsoft has released a fix for the new vulnerability in its April 2026 security updates.

Winsage

April 27, 2026

Using Windows or Microsoft Office? India issues high-severity cyber alert, how to stay safe

India’s cybersecurity agency, CERT-In, has issued an advisory regarding high-severity vulnerabilities in various Microsoft products, including multiple versions of Windows, Windows Server, Microsoft Office, and the Chromium-based Microsoft Edge browser. These vulnerabilities can allow attackers to execute malicious code, elevate system privileges, access sensitive data, or disrupt services. They arise from issues such as improper input validation, memory corruption, insufficient access control, and inadequate memory object handling. Exploitation can occur remotely or locally, sometimes requiring user interaction. CERT-In advises users and organizations to apply the latest security updates from Microsoft to mitigate these risks.

Winsage

April 27, 2026

Microsoft drops Copilot branding in Notepad for Windows 11 for everyone, but it’s really just a rename

Microsoft is refining the integration of its AI features in Windows 11 applications, specifically Notepad and the Snipping Tool. On March 20, Microsoft announced plans to streamline Copilot integration, focusing on useful experiences and reducing unnecessary entry points in apps like Notepad, Snipping Tool, Photos, and Widgets. In the latest version of Notepad, 'Copilot' has been rebranded as 'Writing Tools,' which includes AI functionalities such as rewriting, summarizing, and generating new content. These tools are accessible through the Writing Tools menu or the right-click context menu, and users can toggle them off under 'Advanced Features' in Settings. Conversely, the Snipping Tool has completely removed AI functionality, with the Copilot button eliminated for users in the production channel. This indicates a shift in Microsoft's approach to AI integration, retaining it in some applications while removing it from others.

Winsage

April 26, 2026

Microsoft Replaces Copilot in Windows 11 Notepad With Writing Tools Update

Microsoft has updated the Notepad application in Windows 11, renaming the Copilot feature to "Writing tools." The Copilot button has been removed and replaced with a small pen icon that accesses the Writing tools menu. This update is being gradually rolled out to users, aiming to enhance the interface while retaining existing AI capabilities for writing tasks.

Winsage

April 25, 2026

New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions

PhantomRPC is a significant architectural vulnerability in the Windows Remote Procedure Call (RPC) framework that allows local privilege escalation to SYSTEM-level access across all Windows versions. Discovered by Kaspersky's Haidar Kabibo at Black Hat Asia 2026, this vulnerability stems from the RPC runtime's failure to verify the legitimacy of a responding server during calls to offline or disabled servers. Attackers can exploit this by setting up a malicious RPC server that impersonates a legitimate endpoint, using the RpcImpersonateClient API to escalate privileges from low-privileged accounts to SYSTEM or Administrator levels. Five distinct exploitation paths have been identified: 1. gpupdate.exe coercion: An attacker can intercept an RPC call made by the Group Policy Client service when executing gpupdate /force, granting SYSTEM-level access if TermService is disabled. 2. Microsoft Edge startup: Launching msedge.exe triggers an RPC call to TermService, allowing privilege escalation from Network Service to Administrator via a spoofed endpoint. 3. WDI background service: The Diagnostic System Host polls TermService regularly, enabling an attacker to exploit this without user interaction. 4. ipconfig.exe and DHCP Client: Running ipconfig.exe initiates an RPC call to the DHCP Client service, allowing a Local Service attacker to elevate privileges if DHCP is disabled and a fake server is present. 5. w32tm.exe and Windows Time: An attacker can expose a named pipe endpoint, allowing them to impersonate any privileged user executing the Windows Time executable. The vulnerability was reported to Microsoft on September 19, 2025, but Microsoft categorized it as moderate severity and closed the case without a patch, as the attack requires SeImpersonatePrivilege, which is granted by default to certain accounts. Organizations are advised to implement defensive measures such as enabling RPC monitoring, ensuring legitimate services are running, and restricting SeImpersonatePrivilege. Kaspersky has provided tools for auditing environments for exploitable RPC call patterns through the PhantomRPC GitHub repository.

AppWizard

April 25, 2026

New on Java Realms: Catch me outside

BEACONATORS has introduced a new locator bar and several items to enhance gameplay. PERCY’S PARK has added a mermaid lagoon, a sea tour, Percy’s Popsicle van, an Enchanted Train Station, and balloon vendors. RHYTHM BREAK now has a Russian translation. SPRINT RACER has five new custom tracks created by Goodbros148 and ReflectedMantis. TRIDENT DOME has been overhauled with a new lobby, NPCs, an updated map, and a supers mechanic. Bug fixes have been implemented across various games. Popular titles like Antitheist, Pizza Time!, Snowy Skirmish 2: Avalanche, and Witch Doesn’t Belong have returned to Realms. New users can try Realms free for 30 days. Guidance for loading content into Java Realms is available, and those interested in showcasing creations can visit the Java Realms Content Creator Program page.

Tech Optimizer

April 24, 2026

Fileless Malware and Email Authentication Gaps

Fileless malware operates stealthily within networks, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute malicious code in memory without leaving traces on disk. Traditional antivirus solutions struggle to detect these threats due to their reliance on file signatures. The primary vector for fileless malware is email, where attackers use spoofed messages to trick users into activating malicious scripts. Misconfigurations in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records create vulnerabilities that attackers exploit to deliver spoofed emails. Traditional endpoint protection mechanisms are inadequate against fileless attacks, necessitating a shift towards behavioral analysis for detection. Organizations must assess their preparedness by ensuring proper email authentication configurations and enhancing endpoint security capabilities. Integration among security teams and updated employee security awareness programs are also essential. Sendmarc helps organizations mitigate vulnerabilities by providing visibility into SPF, DKIM, and DMARC configurations and enforcing DMARC to block unauthenticated messages.

AppWizard

April 24, 2026

AsiaOne

Minecraft Experience: Villager Rescue is taking place at Mandai Wildlife Reserve in Singapore from April 24 to September 13. The experience features eight rooms inspired by the Minecraft universe, where participants work in groups to save a village from zombies. Each participant uses an Orb of Interaction to mine materials and craft items. The crafting room is a new addition exclusive to Singapore. Ticket prices vary, with adults and children aged three to twelve charged different rates on weekdays and weekends, while children under three enter for free. An Obsidian Kit - Ultimate Minecraft Collector’s Bundle is available for purchase. The address is 80 Mandai Lake Road, Singapore 729826, with opening hours from 11 am to 7 pm on weekdays and 10 am to 8 pm on weekends. Admission is by allocated timeslots.

Winsage

April 24, 2026

Microsoft beefs up Remote Desktop security with … hard-to-read messages

Microsoft has released an update to improve the security of its Remote Desktop feature, which includes a warning for users opening Remote Desktop (.rdp) files. However, this warning is not displaying correctly for some users due to a bug identified in the Known Issues list after the April 14 update. The issue primarily affects users with multiple monitors set to different display scaling, leading to overlapping text or obscured buttons. Microsoft has advised users to synchronize their display scaling settings or use keyboard navigation as a workaround. The company plans to address this issue in a future Windows update but is not issuing an Out-of-Band update specifically for it. Additionally, a serious vulnerability (CVE-2026-40372) was discovered in the .NET framework, affecting versions 10.0.0 to 10.0.6, which requires immediate attention. This vulnerability impacts all Windows versions that received the update, including Windows 11 26H1.

AppWizard

April 24, 2026

Google rolls out verified email feature for Android apps, removing need for OTPs

Google has introduced a verified email feature for Android applications via its Credential Manager API, allowing users to access their verified email addresses directly from their devices without traditional verification steps like OTPs or email links. Users receive a system-level prompt to share their verified email with a single tap, improving the user experience by eliminating the need to switch between apps. This feature simplifies the onboarding process for developers, reducing user drop-offs during registration and potentially improving conversion rates. Currently, it supports consumer Google Accounts, with plans for broader adoption pending support from other credential issuers. The system is intended for various use cases, including account creation, re-authentication, and recovery, while maintaining existing verification methods for non-Google accounts. This initiative is part of Google's effort to enhance authentication integration into the operating system and reduce reliance on passwords and multi-step verification.