interaction Archives

Winsage

April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.

AppWizard

April 28, 2026

Google warns phone actions are getting cut from its smart home automations very soon

Starting in the first week of May, Google will remove "phone actions and automations" from its Nest devices, which include features like checking battery levels, toggling Do Not Disturb settings, and adjusting phone volume. While these phone-related actions will be phased out, core home automations will remain functional. Google has introduced a new feature for its Gemini platform called "Continued Conversations," allowing users to engage in extended dialogues without repeating context. Additionally, some Nest Hub users are experiencing a glitch where alarms set for PM are announced as AM.

Winsage

April 28, 2026

Incomplete Windows Patch Creates New Zero-Click Attack Risk

A new vulnerability in Microsoft Windows, designated as CVE-2026-32202, has been discovered due to an incomplete security patch for a previous flaw (CVE-2026-21510). This new vulnerability allows attackers to execute zero-click attacks by processing specially crafted shortcut files, enabling automatic authentication requests without user interaction. The vulnerabilities are linked to another flaw (CVE-2026-21513) in Microsoft’s MSHTML framework, and cybercriminals, specifically the APT28 group, have exploited these issues in attacks against Ukraine and the European Union. Microsoft has released a fix for the new vulnerability in its April 2026 security updates.

Winsage

April 27, 2026

Using Windows or Microsoft Office? India issues high-severity cyber alert, how to stay safe

India’s cybersecurity agency, CERT-In, has issued an advisory regarding high-severity vulnerabilities in various Microsoft products, including multiple versions of Windows, Windows Server, Microsoft Office, and the Chromium-based Microsoft Edge browser. These vulnerabilities can allow attackers to execute malicious code, elevate system privileges, access sensitive data, or disrupt services. They arise from issues such as improper input validation, memory corruption, insufficient access control, and inadequate memory object handling. Exploitation can occur remotely or locally, sometimes requiring user interaction. CERT-In advises users and organizations to apply the latest security updates from Microsoft to mitigate these risks.

Winsage

April 27, 2026

Microsoft drops Copilot branding in Notepad for Windows 11 for everyone, but it’s really just a rename

Microsoft is refining the integration of its AI features in Windows 11 applications, specifically Notepad and the Snipping Tool. On March 20, Microsoft announced plans to streamline Copilot integration, focusing on useful experiences and reducing unnecessary entry points in apps like Notepad, Snipping Tool, Photos, and Widgets. In the latest version of Notepad, 'Copilot' has been rebranded as 'Writing Tools,' which includes AI functionalities such as rewriting, summarizing, and generating new content. These tools are accessible through the Writing Tools menu or the right-click context menu, and users can toggle them off under 'Advanced Features' in Settings. Conversely, the Snipping Tool has completely removed AI functionality, with the Copilot button eliminated for users in the production channel. This indicates a shift in Microsoft's approach to AI integration, retaining it in some applications while removing it from others.

Winsage

April 26, 2026

Microsoft Replaces Copilot in Windows 11 Notepad With Writing Tools Update

Microsoft has updated the Notepad application in Windows 11, renaming the Copilot feature to "Writing tools." The Copilot button has been removed and replaced with a small pen icon that accesses the Writing tools menu. This update is being gradually rolled out to users, aiming to enhance the interface while retaining existing AI capabilities for writing tasks.

Winsage

April 25, 2026

New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions

PhantomRPC is a significant architectural vulnerability in the Windows Remote Procedure Call (RPC) framework that allows local privilege escalation to SYSTEM-level access across all Windows versions. Discovered by Kaspersky's Haidar Kabibo at Black Hat Asia 2026, this vulnerability stems from the RPC runtime's failure to verify the legitimacy of a responding server during calls to offline or disabled servers. Attackers can exploit this by setting up a malicious RPC server that impersonates a legitimate endpoint, using the RpcImpersonateClient API to escalate privileges from low-privileged accounts to SYSTEM or Administrator levels. Five distinct exploitation paths have been identified: 1. gpupdate.exe coercion: An attacker can intercept an RPC call made by the Group Policy Client service when executing gpupdate /force, granting SYSTEM-level access if TermService is disabled. 2. Microsoft Edge startup: Launching msedge.exe triggers an RPC call to TermService, allowing privilege escalation from Network Service to Administrator via a spoofed endpoint. 3. WDI background service: The Diagnostic System Host polls TermService regularly, enabling an attacker to exploit this without user interaction. 4. ipconfig.exe and DHCP Client: Running ipconfig.exe initiates an RPC call to the DHCP Client service, allowing a Local Service attacker to elevate privileges if DHCP is disabled and a fake server is present. 5. w32tm.exe and Windows Time: An attacker can expose a named pipe endpoint, allowing them to impersonate any privileged user executing the Windows Time executable. The vulnerability was reported to Microsoft on September 19, 2025, but Microsoft categorized it as moderate severity and closed the case without a patch, as the attack requires SeImpersonatePrivilege, which is granted by default to certain accounts. Organizations are advised to implement defensive measures such as enabling RPC monitoring, ensuring legitimate services are running, and restricting SeImpersonatePrivilege. Kaspersky has provided tools for auditing environments for exploitable RPC call patterns through the PhantomRPC GitHub repository.

AppWizard

April 25, 2026

New on Java Realms: Catch me outside

BEACONATORS has introduced a new locator bar and several items to enhance gameplay. PERCY’S PARK has added a mermaid lagoon, a sea tour, Percy’s Popsicle van, an Enchanted Train Station, and balloon vendors. RHYTHM BREAK now has a Russian translation. SPRINT RACER has five new custom tracks created by Goodbros148 and ReflectedMantis. TRIDENT DOME has been overhauled with a new lobby, NPCs, an updated map, and a supers mechanic. Bug fixes have been implemented across various games. Popular titles like Antitheist, Pizza Time!, Snowy Skirmish 2: Avalanche, and Witch Doesn’t Belong have returned to Realms. New users can try Realms free for 30 days. Guidance for loading content into Java Realms is available, and those interested in showcasing creations can visit the Java Realms Content Creator Program page.

Tech Optimizer

April 24, 2026

Fileless Malware and Email Authentication Gaps

Fileless malware operates stealthily within networks, utilizing legitimate system tools like PowerShell and Windows Management Instrumentation (WMI) to execute malicious code in memory without leaving traces on disk. Traditional antivirus solutions struggle to detect these threats due to their reliance on file signatures. The primary vector for fileless malware is email, where attackers use spoofed messages to trick users into activating malicious scripts. Misconfigurations in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records create vulnerabilities that attackers exploit to deliver spoofed emails. Traditional endpoint protection mechanisms are inadequate against fileless attacks, necessitating a shift towards behavioral analysis for detection. Organizations must assess their preparedness by ensuring proper email authentication configurations and enhancing endpoint security capabilities. Integration among security teams and updated employee security awareness programs are also essential. Sendmarc helps organizations mitigate vulnerabilities by providing visibility into SPF, DKIM, and DMARC configurations and enforcing DMARC to block unauthenticated messages.

AppWizard

April 24, 2026

AsiaOne

Minecraft Experience: Villager Rescue is taking place at Mandai Wildlife Reserve in Singapore from April 24 to September 13. The experience features eight rooms inspired by the Minecraft universe, where participants work in groups to save a village from zombies. Each participant uses an Orb of Interaction to mine materials and craft items. The crafting room is a new addition exclusive to Singapore. Ticket prices vary, with adults and children aged three to twelve charged different rates on weekdays and weekends, while children under three enter for free. An Obsidian Kit - Ultimate Minecraft Collector’s Bundle is available for purchase. The address is 80 Mandai Lake Road, Singapore 729826, with opening hours from 11 am to 7 pm on weekdays and 10 am to 8 pm on weekends. Admission is by allocated timeslots.