interaction Archives

AppWizard

April 29, 2026

Routine is an intense Alien Isolation-style experience, and it is cheaper than ever

Routine is an indie horror game that has been in development since its announcement in 2012 and is now available. It features claustrophobic hallways and a lurking predator, creating a tense atmosphere similar to Alien Isolation. The game emphasizes stealth and has a tight level design that encourages a slow, deliberate approach. Players take on the role of a basic worker in a sci-fi universe, with environmental storytelling replacing a traditional narrative. Routine includes elements inspired by SOMA, such as terminals and puzzles, and features menacing foes like Type-05 security robots. Critics have praised the game, with a review rating of 9/10, and it has been included in Game of the Year 2025 lists. Routine is currently available for .74 at Fanatical, the lowest price to date.

AppWizard

April 29, 2026

New Android spyware Morpheus linked to Italian surveillance firm

Morpheus is a new spyware identified by the nonprofit organization Osservatorio Nessuno, which spreads through counterfeit Android applications that appear as legitimate updates. Attackers use SMS messages to direct victims to a fraudulent website mimicking an Internet Service Provider (ISP). The spyware installs a dropper app that deploys a concealed payload, which disguises itself as legitimate system components and manipulates users into granting dangerous permissions, including Accessibility access. Once granted, Morpheus initiates a Permission Workflow that creates a fake update overlay, disabling the touchscreen to prevent user interaction. It ensures persistence by restarting after device reboots and can request device administrator privileges. The spyware exploits overlay windows and Accessibility features to gain control of the device and bypass security measures, including disabling antivirus solutions without requiring root access. Analysis suggests Morpheus has Italian origins, with connections to an Italian firm, IPS Intelligence, known for lawful interception technologies. The spyware is capable of invasive actions such as recording audio and video, linking to WhatsApp, and compromising device security. The report highlights a network of dubious companies and shared contacts linked to the spyware's distribution.

AppWizard

April 29, 2026

Minecraft 26.2 Snapshot 5 Adds Sulfur Cube Explosive Archetype, Geysers and More

In Minecraft 26.2 Snapshot 5, Mojang introduced explosive Sulfur Cubes that can absorb TNT blocks, transforming into volatile entities. When ignited by fire or Redstone, they have a 6-second fuse, while explosions can trigger a random fuse time of 0.75 to 3 seconds. Once primed, they are immune to damage, and the TNT block cannot be harvested with shears. Additionally, Potent Sulfur blocks can interact with water and magma to produce geysers that launch water particles and nearby entities into the air. Hoglins have been reclassified as hostile and will no longer spawn in Peaceful mode. New sound effects accompany the geysers and Sulfur Spikes. To create an Explosive Sulfur Cube, a Sulfur Cube must absorb a TNT block, and geysers are produced when a Potent Sulfur block is placed above a Magma block or submerged under 1-4 water source blocks within a Sulfur Pool.

Winsage

April 28, 2026

‘Unlimited Attack Vectors’—All Windows Versions At Risk From New Flaw

Microsoft is facing a significant security vulnerability in its Windows operating system known as PhantomRPC, which allows for privilege escalation. Cybersecurity experts have expressed concern over the company's delayed response in issuing a patch for this flaw. The vulnerability resides within the Windows Remote Procedure Call (RPC) architecture and enables processes with impersonation privileges to elevate their permissions to SYSTEM level. Researcher Haidar Kabibo identified five distinct paths for exploitation, which require user interaction, coercion, or compromise of background services. Despite disclosing the vulnerability to Microsoft in September 2025, the company categorized it as moderately severe and did not issue a patch or a Common Vulnerabilities and Exposures (CVE) listing. Microsoft stated that the technique requires an already-compromised machine and emphasized the importance of following security best practices. Experts have criticized Microsoft's lack of action, arguing that it is operationally negligent and places the burden of risk management on users. In the absence of a patch, security professionals recommend focusing on access control and environmental hygiene to mitigate the risks associated with the vulnerability.

AppWizard

April 28, 2026

Google warns phone actions are getting cut from its smart home automations very soon

Starting in the first week of May, Google will remove "phone actions and automations" from its Nest devices, which include features like checking battery levels, toggling Do Not Disturb settings, and adjusting phone volume. While these phone-related actions will be phased out, core home automations will remain functional. Google has introduced a new feature for its Gemini platform called "Continued Conversations," allowing users to engage in extended dialogues without repeating context. Additionally, some Nest Hub users are experiencing a glitch where alarms set for PM are announced as AM.

Winsage

April 28, 2026

Incomplete Windows Patch Creates New Zero-Click Attack Risk

A new vulnerability in Microsoft Windows, designated as CVE-2026-32202, has been discovered due to an incomplete security patch for a previous flaw (CVE-2026-21510). This new vulnerability allows attackers to execute zero-click attacks by processing specially crafted shortcut files, enabling automatic authentication requests without user interaction. The vulnerabilities are linked to another flaw (CVE-2026-21513) in Microsoft’s MSHTML framework, and cybercriminals, specifically the APT28 group, have exploited these issues in attacks against Ukraine and the European Union. Microsoft has released a fix for the new vulnerability in its April 2026 security updates.

Winsage

April 27, 2026

Using Windows or Microsoft Office? India issues high-severity cyber alert, how to stay safe

India’s cybersecurity agency, CERT-In, has issued an advisory regarding high-severity vulnerabilities in various Microsoft products, including multiple versions of Windows, Windows Server, Microsoft Office, and the Chromium-based Microsoft Edge browser. These vulnerabilities can allow attackers to execute malicious code, elevate system privileges, access sensitive data, or disrupt services. They arise from issues such as improper input validation, memory corruption, insufficient access control, and inadequate memory object handling. Exploitation can occur remotely or locally, sometimes requiring user interaction. CERT-In advises users and organizations to apply the latest security updates from Microsoft to mitigate these risks.

Winsage

April 27, 2026

Microsoft drops Copilot branding in Notepad for Windows 11 for everyone, but it’s really just a rename

Microsoft is refining the integration of its AI features in Windows 11 applications, specifically Notepad and the Snipping Tool. On March 20, Microsoft announced plans to streamline Copilot integration, focusing on useful experiences and reducing unnecessary entry points in apps like Notepad, Snipping Tool, Photos, and Widgets. In the latest version of Notepad, 'Copilot' has been rebranded as 'Writing Tools,' which includes AI functionalities such as rewriting, summarizing, and generating new content. These tools are accessible through the Writing Tools menu or the right-click context menu, and users can toggle them off under 'Advanced Features' in Settings. Conversely, the Snipping Tool has completely removed AI functionality, with the Copilot button eliminated for users in the production channel. This indicates a shift in Microsoft's approach to AI integration, retaining it in some applications while removing it from others.

Winsage

April 26, 2026

Microsoft Replaces Copilot in Windows 11 Notepad With Writing Tools Update

Microsoft has updated the Notepad application in Windows 11, renaming the Copilot feature to "Writing tools." The Copilot button has been removed and replaced with a small pen icon that accesses the Writing tools menu. This update is being gradually rolled out to users, aiming to enhance the interface while retaining existing AI capabilities for writing tasks.

Winsage

April 25, 2026

New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions

PhantomRPC is a significant architectural vulnerability in the Windows Remote Procedure Call (RPC) framework that allows local privilege escalation to SYSTEM-level access across all Windows versions. Discovered by Kaspersky's Haidar Kabibo at Black Hat Asia 2026, this vulnerability stems from the RPC runtime's failure to verify the legitimacy of a responding server during calls to offline or disabled servers. Attackers can exploit this by setting up a malicious RPC server that impersonates a legitimate endpoint, using the RpcImpersonateClient API to escalate privileges from low-privileged accounts to SYSTEM or Administrator levels. Five distinct exploitation paths have been identified: 1. gpupdate.exe coercion: An attacker can intercept an RPC call made by the Group Policy Client service when executing gpupdate /force, granting SYSTEM-level access if TermService is disabled. 2. Microsoft Edge startup: Launching msedge.exe triggers an RPC call to TermService, allowing privilege escalation from Network Service to Administrator via a spoofed endpoint. 3. WDI background service: The Diagnostic System Host polls TermService regularly, enabling an attacker to exploit this without user interaction. 4. ipconfig.exe and DHCP Client: Running ipconfig.exe initiates an RPC call to the DHCP Client service, allowing a Local Service attacker to elevate privileges if DHCP is disabled and a fake server is present. 5. w32tm.exe and Windows Time: An attacker can expose a named pipe endpoint, allowing them to impersonate any privileged user executing the Windows Time executable. The vulnerability was reported to Microsoft on September 19, 2025, but Microsoft categorized it as moderate severity and closed the case without a patch, as the attack requires SeImpersonatePrivilege, which is granted by default to certain accounts. Organizations are advised to implement defensive measures such as enabling RPC monitoring, ensuring legitimate services are running, and restricting SeImpersonatePrivilege. Kaspersky has provided tools for auditing environments for exploitable RPC call patterns through the PhantomRPC GitHub repository.