kernel Archives

AppWizard

March 19, 2026

Android 16 Bug Silently Breaks VPNs, Say Providers

Multiple VPN providers, including Proton VPN, Mullvad, WireGuard, and TunnelBear, are experiencing a persistent bug in Android 16 that causes their services to disconnect unexpectedly after app updates. Google has acknowledged the issue but has not provided a timeline for a fix. The bug occurs when the network stack enters a problematic state during a VPN app update while still connected, leading to a "connecting" loop and potential loss of internet connectivity or exposure of non-VPN traffic. Restarting the VPN app does not resolve the issue; a device reboot or app reinstallation is required. This bug undermines Android's safety features like Always-on VPN and "Block connections without VPN." The issue affects a significant number of users, given Android's 70% market share and the 30-35% of internet users utilizing VPNs. Temporary workarounds include rebooting the device, manually disconnecting the VPN before updates, and pausing auto-updates. The bug poses operational risks for organizations enforcing always-on VPN policies, and developers are seeking app-side mitigations while emphasizing the need for a platform-level fix. Users are advised to monitor their VPN status after updates and report issues to assist in troubleshooting.

Tech Optimizer

March 19, 2026

How AI And Hacking Professionalism Are Overwhelming Endpoint Security

The digital landscape is transforming due to the professionalization of cybercrime, which is now a significant part of organized crime, second only to drug trafficking. Malware includes various types such as viruses, browser hijackers, password stealers, Trojans, botnet malware, and ransomware. Traditional antivirus solutions rely on signature-based detection, heuristic analysis, and behavior monitoring, but these methods can lead to false positives and negatives. The evolution of cybersecurity has seen the rise of "Ransomware-as-a-Service" (RaaS) and the use of polymorphic malware that changes its signature, making traditional defenses ineffective. Hackers are also using AI and machine learning to evade behavioral monitoring. New defense strategies include Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR), which focus on monitoring for breaches rather than preventing them. Leading vendors in this space include CrowdStrike, SentinelOne, Microsoft, and Palo Alto Networks. The zero trust security framework treats all access attempts as potentially hostile and emphasizes the integration of various security technologies. Emerging startups like FinalAV Security are developing zero trust solutions for consumers and small businesses, focusing on prevention rather than detection.

Winsage

March 19, 2026

Windows 11 is quietly testing 10 upgrades you’ll actually notice

Microsoft has introduced several enhancements to Windows 11 through its Windows Insider Program in March 2026. Key updates include: - Users can now customize the profile folder name during the initial setup process. - The debloat policy for Enterprise and Education editions has been improved, allowing administrators to remove additional apps using MSIX and APPX packages. - The Point-in-time restore feature has been updated to allow users to view and edit restore point settings and specify reserved storage for restore points. - A new enforcement policy in the kernel will no longer trust cross-signed drives by default, enhancing security by ensuring only verified drivers are trusted. - An upgrade option for Microsoft 365 Family subscribers has been added to the Accounts page, which can be disabled if desired. - The Drag Tray feature has been renamed to "Drop Tray" and relocated within the "Multitasking" settings, with improvements to the peek view. - Pen settings now include an option for the pen tail button to launch the same app as the "Copilot" key. - The Administrator Protection feature has been re-enabled, creating a temporary, isolated account for elevation requests to enhance security. - File Explorer now supports Voice Typing for renaming files. - The "Cameras" settings have been updated in the Canary Channel to include new controls for pan and tilt, along with performance improvements.

Tech Optimizer

March 16, 2026

What Is a Crypto Miner Virus?

A crypto miner virus, or cryptojacking malware, secretly uses a device’s CPU or GPU to mine cryptocurrency for an attacker, leading to increased electricity costs and potential hardware damage for the victim. It typically infects devices through phishing emails, pirated software, compromised websites, and malicious browser extensions. Monero is the preferred cryptocurrency for mining due to its efficiency on standard CPUs and privacy features. Signs of infection include overheating, high CPU usage, and increased electricity bills. Detection involves monitoring system performance and running antivirus scans. Prevention includes using antivirus software, keeping systems updated, and avoiding pirated software. Notable incidents include attacks on a European water utility and the Los Angeles Times website.

Winsage

March 14, 2026

Announcing Windows 11 Insider Preview Build 26220.8062 (Beta Channel)

Windows 11 Insider Preview Build 26220.8062 (KB 5079458) has been released to the Beta Channel, introducing various changes and improvements. 1. Policy-Based Removal of Preinstalled Microsoft Apps: IT administrators can now use a dynamic app removal list to remove MSIX/APPX apps by adding their package family names through Group Policy. The dynamic list is not yet available in Intune CSP. 2. Windows Setup Experience: Users can select a custom name for their user folder during the Windows setup process, which must adhere to standard naming conventions. 3. Windows Driver Policy Update: A new policy removes default trust for cross-signed drivers, allowing third-party drivers from the Windows Hardware Compatibility Program (WHCP) by default. The feature will initially operate in audit mode for at least 100 hours. 4. Point-in-Time Restore Updates: Local administrators will see a settings dialog to view or modify default restore settings, including a list of available restore points. Updated messaging has been added to the restore experience. 5. Drag Tray Rebranding: The Drag Tray has been rebranded as Drop Tray, with settings relocated to System > Multitasking. 6. Pen Settings: Refinements have been made to the Pen settings page, including an option for the pen tail button to launch the same app as the Copilot key. 7. File Explorer and Other Enhancements: Improvements have been made to the reliability of setting the preferred display language, and unexpected errors from the sfc/scannow command have been removed. Updates are gradually rolled out to Insiders who opt in via Settings > Windows Update, and features may evolve or be removed based on feedback.

Winsage

March 13, 2026

Announcing Windows 11 Insider Preview Build 26300.8068 (Dev Channel)

Windows 11 Insider Preview Build 26300.8068 (KB 5079464) has been released to the Dev Channel. Key changes include: - Enhanced policy for removing preinstalled Microsoft Store apps for Windows ENT/EDU, allowing IT administrators to use a dynamic app removal list via Group Policy. - Users can now select a custom name for their user folder during the Windows setup process. - A new policy removes default trust for cross-signed drivers, allowing third-party drivers from the Windows Hardware Compatibility Program (WHCP) by default, initially operating in audit mode. - Point-in-time restore now includes a settings dialog for local administrators and displays available restore points. - Microsoft 365 Family subscribers can upgrade their plan directly from the Accounts page in Settings. - The Drag Tray feature has been rebranded to Drop Tray, with settings relocated. - Updates to Pen settings include a new option for the pen tail button. - Enhanced reliability for preferred display language settings and removal of an unexpected error from sfc/scannow. Updates are gradually rolled out to users who opt in through the Settings menu under Windows Update.

AppWizard

March 11, 2026

Google is optimizing Android’s core to make your phone feel faster

Google is implementing Automatic Feedback-Directed Optimization (AutoFDO) within the Android kernel to enhance the performance of Android devices. The Android kernel accounts for approximately 40% of CPU time, and improvements in this area can significantly boost overall performance. AutoFDO uses real-world data to optimize code based on actual smartphone usage patterns, rather than general assumptions. Tests conducted on Pixel phones analyzed kernel usage with the top 100 popular Android applications, identifying frequently accessed code segments for targeted optimization. This approach is expected to lead to faster app launches, smoother transitions, and improved battery life. The kernel AutoFDO is currently being deployed in the android16-6.12 and android15-6.6 branches, with plans to extend optimizations to additional kernel components and hardware drivers.

Winsage

March 6, 2026

FRANK OS 1.0 Launches With a Retro Windows 95-Like Desktop

FRANK OS is a newly launched open-source graphical desktop operating system specifically designed for microcontrollers, with its first official version, 1.0, now available. It is built on FreeRTOS rather than the Linux kernel, optimized for the RP2350 microcontroller, which has approximately 520 KB of SRAM and dual CPU cores. The operating system features a desktop environment reminiscent of Windows 95, including overlapping windows, a taskbar, and a start-menu-style launcher. It supports standard desktop behaviors and allows users to switch between applications using an Alt+Tab-style interface. FRANK OS comes preloaded with nine lightweight applications, such as an interactive terminal, a C compiler, classic games, and a ZX Spectrum emulator. Programs can be compiled as ARM ELF binaries and loaded from an SD card. The system is aimed at hobbyists and experimental use.

Winsage

February 26, 2026

PoC Published for Microsoft Windows Flaw That Allows Low-Privileged Users to Force Irrecoverable BSODs

Security researchers have developed a working Proof of Concept (PoC) exploit for a vulnerability in the Windows kernel, identified as CVE-2026-2636, which allows low-privileged users to induce a Blue Screen of Death (BSoD), resulting in a Denial of Service. This vulnerability is linked to the Windows Common Log File System (CLFS) driver, specifically the CLFS.sys component, and arises from improper handling of invalid or special elements within CLFS (CWE-159). The PoC demonstrates that a non-administrative user can trigger the bug by executing a crafted ReadFile operation on a handle linked to an opened .blf log file without the expected I/O Request Packet (IRP) flags set. This leads to a critical inconsistency in the driver, causing Windows to invoke the kernel routine KeBugCheckEx, which results in a BSoD. The CVE-2026-2636 has a CVSS score of 5.5 (Medium) and poses a high impact on availability, allowing any authenticated user to crash the host reliably. Microsoft addressed this vulnerability in the September 2025 cumulative update, protecting systems running Windows 11 2024 LTSC and Windows Server 2025 by default. However, older or unpatched builds remain vulnerable. Organizations are advised to verify the deployment of the September 2025 updates, prioritize patching multi-user systems, and monitor for unusual spikes in BSoD events.

Tech Optimizer

February 25, 2026

Fix “kernel security check failure”: Step-by-step guide

The "kernel security check failure" error on Windows indicates corruption in critical system memory or internal data structures, triggering a bug check to prevent further damage. It is marked by the Blue Screen of Death (BSOD) displaying the message “KERNELSECURITYCHECK_FAILURE” and stop code 0x139. Causes include outdated or incompatible drivers, corrupted system files, faulty RAM, disk errors, third-party software conflicts, faulty Windows updates, overclocking, and malware threats. Common fixes involve updating Windows and drivers, scanning for corrupted files, using Check Disk (CHKDSK), running Windows Memory Diagnostic, and performing System Restore. If unresolved, a clean installation of Windows may be necessary. Regular updates and avoiding unnecessary software installations can help prevent future occurrences.