leak Archives

Winsage

May 30, 2025

Still on Windows 11 23H2 because you’re worried 24H2 is a disaster for PC gaming? Microsoft’s latest update could persuade you to finally upgrade

The latest optional patch for Windows 11, identified as KB5058499, addresses critical issues affecting PC games, particularly those using Nvidia GPUs. It resolves problems such as games freezing upon launch and specific titles becoming unresponsive after upgrading to version 24H2. The patch also targets a memory leak within the ‘Input Service,’ which may contribute to input lag and blue screen crashes linked to ‘memory management’ errors. The root cause of the game lock-up problem was found to be within the Windows 11 kernel, not Nvidia's graphics drivers. Users can install the patch to potentially restore functionality to their games or wait for the full cumulative update scheduled for June 10.

AppWizard

May 15, 2025

Valve refutes reports of massive Steam hack

Valve addressed concerns about alleged breaches of user data, refuting claims of a significant hack involving Steam account information. The company clarified that reports of leaked two-factor authentication text messages do not indicate any compromise of its internal systems. The source of the leak is under investigation, and it involved older text messages containing one-time codes valid for 15 minutes, without linking phone numbers to Steam accounts or exposing sensitive information like passwords or payment details. Valve emphasized that old text messages cannot compromise account security and that attempts to change account details via SMS will trigger additional confirmation steps. Allegations from Underdark.ai about a dataset containing over 89 million Steam user records are questioned due to the low asking price for the data.

Winsage

May 15, 2025

Microsoft Copilot+ Recall: who should disable it, and how

Microsoft's Recall feature for Copilot+ PCs was initially announced a year ago but delayed due to privacy concerns raised by cybersecurity experts. The updated version was released in April 2025 for Windows Insider Preview builds and rolled out more broadly in May. Key updates include requiring user permission for activation, encrypting database files with hardware-based Trusted Platform Module (TPM), and implementing a filter to prevent saving sensitive information. Recall is enabled on a per-user basis, can be uninstalled, does not require a Microsoft account, and processes data locally. However, it still has vulnerabilities, such as allowing access with a regular Windows PIN after initial biometric authentication and failing to consistently filter sensitive data. Recall can log interactions during calls and capture self-destructing messages, posing privacy risks. It can impact performance and battery life, especially during gaming. Users handling sensitive data or frequently using video conferencing may want to disable or remove Recall. Instructions for disabling or removing Recall are provided, along with precautions for those who choose to use it.

AppWizard

May 15, 2025

No, your Steam info isn’t being sold on the dark web: Valve confirms the Steam leak was just a bunch of old, harmless texts and “you do not need to change your passwords”

Valve addressed concerns about a potential data leak affecting Steam accounts, confirming that while a data leak did occur, it was limited to outdated text messages containing one-time validation codes that expire after 15 minutes. The only information potentially accessed was the phone numbers to which these messages were sent, which poses minimal risk. Valve stated that users do not need to change their passwords or phone numbers due to this event.

AppWizard

May 14, 2025

PC gamers urged to change Steam password following breach of 89 million users’ data

Steam is facing a potential data breach that may affect millions of users, reportedly linked to a third-party company associated with Valve, its parent organization. Discussions indicate that Two-Factor Authentication (2FA) data may have been leaked, with a user claiming to sell over 89 million user records on a dark web forum for ,000. Twilio, a company mentioned in connection with the breach, has denied any wrongdoing, stating there is no evidence of a breach on their end. Users are advised to enable 2FA, change passwords, and monitor email accounts for suspicious activity to protect against potential phishing attacks and account takeovers.

AppWizard

May 12, 2025

Stellar Blade gets PC release date thanks to leaked PlayStation trailer

Korean developer Shift Up has confirmed the release date of their action game, Stellar Blade, for Windows PC on June 11, 2025. The PC version will feature enhancements such as ultrawide monitor support, advanced graphics technologies including DLSS 4 and FSR 3, and higher-resolution textures. Preorders are expected but not yet available. Stellar Blade was originally released as a PlayStation 5 exclusive in April 2024, selling over a million copies and featuring crossover DLC with NieR: Automata. The PC version will also be published by PlayStation.

Winsage

May 12, 2025

Microsoft Defender Discovers Zero-Day Vulnerability in Windows CLFS

The deployment of PipeMagic preceded a sophisticated exploit targeting the Common Log File System (CLFS) kernel driver, initiated from a dllhost.exe process. The exploit began with the NtQuerySystemInformation API, which leaked kernel addresses to user mode. In Windows 11, version 24H2, access to specific System Information Classes within this API was restricted to users with SeDebugPrivilege, rendering the exploit ineffective on this version. The exploit then used a memory corruption technique with the RtlSetAllBits API to overwrite its process token with 0xFFFFFFFF, granting it all available privileges and enabling process injection into SYSTEM-level operations. A CLFS BLF file was created at C:ProgramDataSkyPDFPDUDrv.blf, marking the exploit's activity.

AppWizard

May 11, 2025

Scrutinizing the security of messaging apps continues.

Customs and Border Protection (CBP) and the White House are facing scrutiny over security vulnerabilities in their messaging application. Hacktivists breached GlobalX, the airline handling U.S. deportation flights, exposing sensitive flight manifests. The FBI warned about threats exploiting outdated routers. Pearson confirmed a cyberattack compromising customer data. Research shows cybercriminals are using Windows Remote Management (WinRM) for lateral movements in Active Directory environments. A new email attack campaign is delivering a Remote Access Trojan (RAT) via malicious PDF invoices. A zero-day vulnerability in SAP NetWeaver allows remote code execution, affecting multiple sectors. An Indiana health system reported a data breach affecting nearly 263,000 individuals.

AppWizard

May 8, 2025

Waltz used Signal-like app at White House day before ouster as national security advisor

U.S. National Security Advisor Mike Waltz was seen using a modified version of the messaging app Signal during a Cabinet meeting, despite President Donald Trump's prior discouragement of its use after the "Signalgate" controversy. A photograph showed Waltz with the app active and conversations involving at least six officials, including Vice President JD Vance and Secretary of State Marco Rubio, indicating ongoing discussions. White House spokeswoman Anna Kelly confirmed that Signal is an approved application for government use, and the modified version appeared to be associated with TeleMessage, a company that provides archiving services for messaging applications. This adaptation raises concerns about the integrity of Signal's end-to-end encryption due to potential external storage of messages, which could compromise privacy. TeleMessage has ties to military intelligence and was recently acquired by Smarsh. The use of Signal by Trump administration officials has been controversial in the past, particularly regarding military discussions that inadvertently involved a journalist.

AppWizard

May 1, 2025

Android 16’s UI redesign reportedly shows its face in massive leak

A recent leak reveals potential redesign features for Android 16, including a blurred and transparent notification panel, a revamped lock screen with a new font and repositioned date/temperature, and geometric app icon options in the Pixel Launcher. The volume sliders will change from a pill shape to a rectangular design, and there will be updates to the Settings menu with colored icons and a new horizontal battery icon format. Android 16 is expected to debut in Q2 2025, with more details likely to be revealed at Google's I/O 2025 event. The Android 16 Beta 4 update has reached "Platform Stability," indicating that final adjustments are being made before the official rollout.