memory Archives

Winsage

July 11, 2025

Windows 11 24H2 standardizes its scripting engine

Microsoft has announced that starting with Windows 11 version 24H2, the JScript9Legacy engine will be enabled by default for all scripting processes that previously relied on the classic JScript engine. This new engine offers improved protection against threats like cross-site scripting (XSS) and enhances performance. Users will not need to take any action, as existing scripts will continue to function normally. In case of compatibility issues, organizations can revert to the previous engine temporarily. The transition marks the retirement of JScript, which has been part of Windows since 1996, as it is now considered outdated and vulnerable. Microsoft has decided to discontinue support for JScript due to the retirement of Internet Explorer and the adoption of the Edge browser. This update applies only to Windows 11 version 24H2 and later, while older versions will still use the original JScript engine.

AppWizard

July 11, 2025

Gemini’s new photo-to-video breathes animated life into your memories

Google has introduced a new feature in the Gemini app that allows users to convert still images into dynamic videos using Veo 3 technology. Subscribers of Google AI Pro or Ultra can upload a photo and provide a text description for the video output, including specifying soundscapes. Earlier, Google Cloud launched a similar feature for Honor's 400 series with Veo 2, which required a subscription after a trial period. Veo 3 was highlighted at the I/O 2025 event for its audio capabilities and lifelike video generation, and YouTube is considering integrating it into its Shorts platform. Google has also stated that it has implemented measures to ensure user safety with these AI tools.

Winsage

July 11, 2025

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft has replaced the default scripting engine JScript with JScript9Legacy in Windows 11, version 24H2 and beyond to enhance security against web threats, particularly cross-site scripting (XSS) vulnerabilities. JScript, which has been in use since 1996, has become outdated and non-compliant with modern security standards. JScript9Legacy is designed to meet legacy scripting needs while improving security and compatibility. The transition to JScript9Legacy will occur automatically for users, and existing scripts should continue to function without disruption. If compatibility issues arise, users can revert to the previous engine with support from Microsoft.

Winsage

July 10, 2025

ChatGPT falls for a “dead grandma” scam and generates Microsoft Windows 7 activation keys

In recent months, users have explored unconventional methods to manipulate AI chatbots like Microsoft Copilot and ChatGPT, including attempts to activate Windows 11 without purchasing a license, raising ethical concerns about software piracy. Some users successfully asked Copilot for scripts to activate Windows 11, while others used ChatGPT to generate activation keys for Windows 7. A user shared a memory of their grandmother reading Windows 7 activation keys as a bedtime story, prompting ChatGPT to respond empathetically and generate multiple activation keys in a poetic manner. However, the validity of these keys remains unverified, with many users reporting that they failed to work. OpenAI's CEO, Sam Altman, has warned users about the chatbot's tendency to "hallucinate." In 2023, both ChatGPT and Bard were noted for generating Windows 11 activation keys, which allowed installation but not full activation. A YouTuber managed to coax ChatGPT into generating Windows 95 keys by bypassing its safeguards.

Winsage

July 10, 2025

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Microsoft released patches for 130 vulnerabilities in the July 2025 Patch Tuesday update. Notable vulnerabilities include CVE-2025-49719, an uninitialized memory disclosure in Microsoft SQL Server, and CVE-2025-47981, a wormable remote code execution flaw in Windows. CVE-2025-49719 is assessed as having "unproven" exploit code, while CVE-2025-47981 has a high likelihood of exploitation within 30 days. Other vulnerabilities include CVE-2025-49717, a buffer overflow in SQL Server, and CVE-2025-49704, which allows code injection in SharePoint. Additionally, updates address vulnerabilities in Windows Routing and Remote Access Service (RRAS) and Microsoft Edge, including CVE-2025-6554, which has been actively exploited. Administrators are advised to prioritize patching internet-facing assets and consider additional mitigations for RRAS vulnerabilities.

Winsage

July 9, 2025

Microsoft Patch Tuesday, July 2025 Edition

Microsoft has released updates addressing 137 vulnerabilities across its Windows operating systems and supported software, with 14 classified as "critical." CVE-2025-49719 is a publicly disclosed information disclosure flaw affecting all SQL Server versions since 2016, posing a supply-chain risk due to its potential exploitation without authentication. SQL Server 2012 has reached its end of life, meaning no future security patches will be available. CVE-2025-47981 is a critical remote code execution vulnerability with a CVSS score of 9.8, affecting Windows clients and Windows Server. Microsoft also addressed four critical remote code execution vulnerabilities in its Office suite, including CVE-2025-49695 and CVE-2025-49696, which can be triggered through the Preview Pane. Other high-severity vulnerabilities include CVE-2025-49740, which could bypass Microsoft Defender SmartScreen, and CVE-2025-47178, allowing attackers to execute arbitrary SQL queries with minimal privileges. Adobe has also released security updates for various software, and users are advised to back up data before installing patches.

Winsage

July 9, 2025

Zero Day Initiative — The July 2025 Security Update Review

In July 2025, Adobe released 13 bulletins addressing 60 unique CVEs across various applications, including ColdFusion, After Effects, and Illustrator. ColdFusion received a Priority 1 patch for 13 CVEs, five of which are Critical. FrameMaker's patch fixed 15 CVEs, including 13 Critical vulnerabilities. Illustrator's update addressed 10 bugs, with the most severe enabling code execution. Other applications like InCopy and InDesign also had Critical vulnerabilities fixed. Microsoft released 130 new CVEs across its products, with 10 rated Critical. Notable vulnerabilities include CVE-2025-47981, a heap-based buffer overflow in Windows SPNEGO, and CVE-2025-49717 affecting Microsoft SQL Server. CVE-2025-49704 allows code injection in SharePoint, while CVE-2025-49695 highlights an attack vector in Microsoft Office's Preview Pane.

Winsage

July 9, 2025

Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited

Microsoft addressed a total of 130 vulnerabilities in its latest Patch Tuesday initiative. A significant vulnerability in SQL Server, identified as CVE-2025-49719, has a CVSS score of 7.5 and is due to improper input validation, potentially allowing unauthorized access to sensitive data. It affects SQL Server versions from 2016 to 2022. Another critical vulnerability, CVE-2025-47981, has a CVSS score of 9.8 and allows unauthenticated remote code execution without user interaction. This vulnerability poses a high risk due to its low attack complexity and potential for lateral movement within networks. Additionally, the update includes 16 vulnerabilities affecting Microsoft Office, with four categorized as more likely to be exploited.

AppWizard

July 8, 2025

This brilliant dark and moody cyberpunk city builder is my kind of cosy game—and for less than $7 you might as well see if it’s yours too

Dystopika is a low-pressure city-building game that challenges traditional cozy aesthetics by offering a darker, more complex experience. Players construct megacities filled with towering structures and vibrant holograms, evoking a unique sense of coziness amid a harsh environment. The game features a simple interface, allowing players to focus on creativity with customization options for colors, sizes, and personal images. It incorporates procedural generation, enabling smaller buildings to emerge organically, creating a vibrant ecosystem. The developer, Voids Within, has released updates that introduce new districts, props, and a synth soundtrack. Dystopika is priced under £6, providing an accessible and uncomplicated escape for players.

AppWizard

July 8, 2025

Jack Dorsey quietly dropped a game-changing chat app and it’s already full: All about it

Tech entrepreneur Jack Dorsey has launched a decentralized messaging application called Bitchat, designed to function independently of the internet and without the need for personal information. The app facilitates peer-to-peer messaging through Bluetooth Low Energy (BLE) mesh networks, allowing communication over distances greater than 300 meters without cellular or Wi-Fi connectivity. It is currently in beta testing via Apple’s TestFlight. A whitepaper on GitHub details its functionality, with each phone acting as both sender and receiver for multi-hop message transfers. Bitchat prioritizes user privacy by not requiring a phone number or email address. Messages are temporarily stored on devices, with an automatic caching system to ensure delivery when the recipient reconnects to the network. The app features a tiered message retention system, where standard messages are deleted after 12 hours and “favourites” are kept indefinitely. It uses end-to-end encryption with Curve25519 and AES-GCM for data protection. The app includes user mentions, topic-based rooms, and password protection for secure communications, positioning itself as an alternative to traditional centralized messaging platforms.