LinkedIn Archives

AppWizard

July 9, 2025

TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions

A new Android vulnerability named TapTrap allows malicious applications to bypass the operating system's permission system without requiring special permissions. It exploits activity transition animations to mislead users into granting sensitive permissions or executing harmful actions. Researchers from TU Wien analyzed 99,705 applications on the Google Play Store and found that 76.3% are susceptible to this attack. TapTrap uses low-opacity animations (approximately 0.01 alpha) to make sensitive permission dialogs nearly invisible while still registering touch events. The attack can last up to six seconds and can lead to unauthorized access to critical functionalities like the camera and microphone, and even device administrator privileges. TapTrap bypasses existing defenses against tapjacking in Android, affecting popular web browsers as well. A user study showed that all participants failed to detect at least one variant of the attack. As of June 2025, Android 15 remains vulnerable, with no timeline for a comprehensive fix. The vulnerability has been assigned two CVEs, and researchers disclosed their findings to Google in October 2024. They propose solutions to mitigate the risks, including blocking touch events during low-opacity animations and setting an opacity threshold of 0.2.

Winsage

July 9, 2025

Windows 11 25H2 adds tool to debloat the OS and remove built-in apps

Windows 11 version 25H2 introduces a feature called Remove Default Microsoft Store Packages, allowing users, particularly IT administrators, to remove preinstalled Microsoft applications such as Camera, Sound Recorder, Windows Media Player, Xbox, Windows Terminal, and Notepad. This feature is accessible under Computer Configuration > Administrative Templates > Windows Components > App Package Deployment and simplifies the uninstallation process compared to previous methods like PowerShell. Users may still see non-functional shortcuts in the Start menu after removal. The first preview build of version 25H2 was released recently, and a public release is expected later this year. Similar uninstall features will also be available in version 24H2, though disabled by default. Windows 11 has recently surpassed Windows 10 in user base, partly due to the upcoming end of Windows 10 support.

Winsage

July 8, 2025

Microsoft Deprecates PowerShell 2.0 in Windows 11 Over Security Flaws

Microsoft has rolled out Windows 11 Insider Preview Build 27891 to the Canary Channel, which includes the removal of Windows PowerShell 2.0. The update features several critical system fixes, including: - Correction of the “Reset this PC” feature under Settings > System > Recovery. - Resolution of an issue affecting the taskbar's acrylic material effect. - Fix for Windows Update downloads that stalled at 2%. - Correction of character rendering problems for languages like Vietnamese and Arabic. Enhancements in File Explorer include a dropdown menu in the address bar that shows the complete folder path. Stability improvements in Settings aim to prevent crashes when accessing microphone properties or Bluetooth settings, although a new known issue may cause crashes in Settings > System > Power & Battery. Task Manager now features updated CPU utility calculations. The Microsoft Store has been updated to allow users to install apps and games directly from the top featured sections. Known issues include potential loss of Windows Hello PIN on Copilot+ PCs, graphical distortion for Remote Desktop users on Arm64 PCs, and incomplete localization of some features. Transitioning out of the Canary Channel requires a clean installation of Windows 11.

AppWizard

July 8, 2025

Qwizzserial Android Malware Poses as Legit Apps to Steal Banking Info and Bypass 2FA via SMS Interception

A newly identified Android malware family, Qwizzserial, has emerged as a significant threat in Uzbekistan, disguising itself as legitimate financial and government applications. It spreads primarily through Telegram, using deceptive channels to impersonate authorities and financial institutions, luring victims with offers of financial assistance. Upon installation, Qwizzserial requests permissions related to SMS and phone state, prompting users to input sensitive information such as phone numbers and bank card details, which it exfiltrates via the Telegram Bot API or HTTP POST requests. The malware intercepts incoming SMS messages, including one-time passwords (OTPs) for two-factor authentication, and can extract financial information from messages. Analysts from Group-IB have tracked around 100,000 infections linked to Qwizzserial, with confirmed financial losses exceeding ,000,000 within three months. The malware's infection pattern follows a Pareto distribution, with a small subset of samples causing the majority of infections, particularly those impersonating financial institutions. Security solutions have developed detection rules for Qwizzserial, and organizations are encouraged to implement user education and monitoring to mitigate risks. End-users are advised against installing applications from untrusted sources and to scrutinize app permissions. Indicators of Compromise (IOC) include specific C2 domains and file hashes for both example and latest samples of Qwizzserial.

AppWizard

July 7, 2025

Google Gemini app gains automatic Android access to phone and messaging data

On July 7, 2025, Google Gemini app users experienced automatic activation of permissions for accessing phone calls, messaging services, WhatsApp, and system utilities on Android devices, following a privacy policy update on June 11, 2025. This change affects millions of users globally and allows user data to be reviewed by humans for AI training. Users can disable these permissions through the app's settings, but the option to opt-out is criticized for being difficult to find. Legal experts have raised concerns about compliance with GDPR regulations due to the lack of explicit user consent for these changes. The data collected supports machine-learning development and may be retained for up to three years, even after users delete their activity.

Winsage

July 7, 2025

Windows Update Revamp Gives Users More Control Over Security Alerts

Microsoft has rolled out update KB5001716, targeting Windows 10 (versions 21H2, 22H2) and Windows 11 (version 21H2) systems. This update refreshes the Windows Update Service components without introducing new features or security patches. It provides notifications about potential issues that may prevent devices from staying up-to-date, particularly regarding the end of support for Windows 10 on October 14, 2025. The update is automatically distributed via Windows Update and is designed to enhance user experience by not disrupting full-screen activities. Users may encounter installation failures associated with error code 0x80070643, which can be resolved by uninstalling the previous version and reinstalling the latest one. The update aims to encourage users to upgrade to Windows 11 or consider alternatives before support ends.

AppWizard

July 7, 2025

Romero Games have “completely” closed doors, but there’s still hope for the Doom creator’s new FPS

Romero Games has ceased operations after funding for their first-person shooter was withdrawn, affecting approximately 100 employees. An anonymous employee described the situation as a "big shock," noting that discussions with a publisher occurred just a day before the closure. The project was reportedly well-developed and had received positive feedback, but is now completely closed while the studio seeks alternative funding. The unnamed FPS had generated significant interest, and the Chief Technical Officer is advocating for former staff on LinkedIn. The game was announced in 2022 and was being developed using Unreal Engine 5. Prior to this, Romero and Carmack worked on a canceled game called Blackroom in 2016.

Tech Optimizer

July 5, 2025

Atlassian’s 4 Million PostgreSQL Database Migration: When Standard Cloud Strategies Fail

Atlassian migrated approximately 4 million Jira databases to Amazon Aurora to enhance the reliability and cost-effectiveness of its Jira Cloud platform. The migration involved 2,403 RDS database instances, resulting in 2.6 million databases migrated and 1.8 million databases drained from source instances. Each Jira database corresponds to about 5,000 files on disk, leading to over 27.4 billion total database files utilized in Jira. The migration aimed for a service level agreement (SLA) of 99.99% and involved technical challenges due to the large number of databases and files. At its peak, Atlassian migrated up to 90,000 Jira databases daily, averaging around 38,000 databases per day. The team developed a custom orchestration tool and utilized AWS Step Functions to manage the migration process while minimizing tenant downtime and migration expenses.

Tech Optimizer

July 5, 2025

Critical PHP Vulnerabilities Expose Systems to SQL Injection & DoS Attacks

A security vulnerability identified as CVE-2025-1735 in the PHP pgsql extension has been disclosed, classified with moderate severity. It arises from inadequate error checking during input data escaping, specifically the failure to pass error parameters to the PQescapeStringConn() function and not verifying NULL values from PQescapeIdentifier(). This flaw affects PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, allowing potential SQL injection attacks and application crashes due to null pointer dereferences. The vulnerability is linked to a recent PostgreSQL vulnerability (CVE-2025-1094) related to invalid multibyte character handling. Developers are urged to upgrade to patched releases to mitigate risks.

AppWizard

July 4, 2025

Romero Games’ new shooter loses funding, the studio may be closing, and it looks like Microsoft is to blame

Romero Games, co-founded by Brenda and John Romero in 2015, announced that funding for their latest project has been abruptly terminated, resulting in layoffs within the company. CEO Brenda Romero stated that the publisher canceled funding for their game and other unannounced projects at various studios, a decision made at a high level within the publisher. While the specific publisher has not been disclosed, former employees suggest Microsoft may be responsible, coinciding with Microsoft's layoffs affecting 9,000 employees and project cancellations at several studios. The future of Romero Games is uncertain, with indications from some employees that the studio may close. The studio was previously working on a first-person shooter, which had been described as a significant new direction for them.