mitigation Archives

Tech Optimizer

June 23, 2026

Active Exploitation of Critical CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE via PostgreSQL Sidecar Service

A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.

TrendTechie

June 20, 2026

Выпуск qBittorrent 5.2.2

On May 15, 2026, qBittorrent version 5.2.2 was released. It is an open-source torrent client developed using the Qt toolkit, with source code available on GitHub under the GPLv2+ license. The software supports Linux, Windows, and macOS. The project started with version 4.0 in November 2017, followed by versions 5.0 in September 2024 and 5.1 in April 2025. The 5.2.2 update focuses on bug fixes and stability improvements, including D-Bus utilization for file display, header mismatch correction in Safari, magnet link sending issue fix, correct string identifier implementation for RSS Downloader, 64-bit binary installation on ARM64 systems, prevention of SSRF attacks, and mitigation of proxy interference in multi-threaded processing. Key features include an integrated search engine, RSS feed subscription, support for BEP extensions, remote management, sequential downloading, advanced torrent settings, bandwidth scheduling, IP filtering, torrent creation interface, and UPnP/NAT-PMP support.

Winsage

June 17, 2026

Windows update leaves third-party Office document launches in limbo

Microsoft's June Windows update has caused issues for users of third-party applications that use Object Linking and Embedding (OLE) automation to interact with Office applications, leading to failed document launches without error messages. Affected applications include CCH Engagement, Workpaper Manager, Dentrix, Softdent, and Zotero. Microsoft has suggested a workaround of opening documents directly, but has stated that the responsibility for these issues lies with third-party developers, asserting no warranty on their performance. Users unable to resolve issues by opening files directly must wait for a fix in a future update, and organizations can contact Microsoft support for assistance. This is the first issue Microsoft has publicly acknowledged in the recent patch, amid ongoing complaints about other functionalities like OneDrive and BitLocker.

Winsage

June 12, 2026

Hackers Use Fake Windows Update Installers to Deliver OnyxC2 Credential Stealer

OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.

Tech Optimizer

June 11, 2026

9 Best Antivirus Software On G2: My Top Picks

Antivirus software can become overwhelming for organizations due to alert fatigue shortly after deployment. Analysts often struggle to prioritize notifications, leading to the mismanagement of legitimate tools and unclear incident timelines. A review of nine antivirus solutions based on G2's Winter 2026 Grid® Report identified the following top performers: 1. ESET PROTECT: Best for machine learning-driven endpoint protection; offers enterprise-grade security with a free trial available. 2. Sophos Endpoint: Best for ransomware prevention; provides centralized policy control with a free trial available. 3. ThreatDown: Cost-effective EDR with MDR flexibility; combines antivirus and endpoint detection with a free trial available. 4. CrowdStrike Falcon: Best for large-scale enterprise threat prevention; cloud-native platform with subscription-based pricing and a free trial available. 5. Check Point Harmony Endpoint: Best for unified endpoint and zero-trust protection; integrates malware prevention and phishing defense with a free trial available. 6. Microsoft Defender for Endpoint: Best for Microsoft-native environments; deeply integrated with Microsoft 365, licensed through enterprise agreements. 7. Kaspersky AntiVirus: Best for traditional malware protection; provides real-time protection against various threats. 8. SentinelOne: Best for autonomous AI-driven endpoint response; features automated remediation and ransomware rollback with a free trial available. 9. FortiClient: Best for Fortinet-centric environments; offers VPN access and security policy enforcement with a free basic client available. The analysis highlighted that effective antivirus solutions prioritize behavioral analysis over traditional signature-based detection, minimize false positives, and maintain low system impact during operation. Key factors for evaluating antivirus software include threat detection accuracy, centralized visibility, response capabilities, and deployment stability.

Winsage

June 10, 2026

Windows 11’s June update shuts down an intentional BitLocker backdoor with full file access

Microsoft addressed three zero-day vulnerabilities identified by security researcher Nightmare-Eclipse, named YellowKey, GreenPlasma, and MiniPlasma. The YellowKey vulnerability allows access to BitLocker-protected drives on Windows 11 using a USB key, leading to allegations that Microsoft may have left a backdoor in BitLocker. Microsoft implemented a mitigation strategy included in the June 2026 Patch Tuesday updates, which addressed over 200 security flaws. Tensions arose between Microsoft and Nightmare-Eclipse regarding vulnerability reporting protocols and researcher compensation, with Microsoft initially threatening legal action against the researcher. Following backlash, Microsoft retracted the threat but tensions persisted. Nightmare-Eclipse claimed retaliation from Microsoft, including the banning of their GitHub account and deletion of their Microsoft account, which Microsoft denied. The situation highlights the ongoing challenges in cybersecurity and the relationship between tech companies and security researchers.

Winsage

June 10, 2026

Microsoft: Some Windows PCs fail to install latest monthly updates

Microsoft has warned customers about potential installation complications with the latest monthly updates on certain Windows devices upgraded to Windows 11 versions 24H2 or 25H2. Users may encounter error codes 0x80073712 or 0x800f0993 when attempting to install cumulative updates for June 2026. Affected devices include a small fraction of those running Windows 10 versions 22H2 and 21H2, as well as Windows 11 version 23H2. Users may find that updates have failed, and the specified error codes will appear in the Windows Update log files. Microsoft plans to deploy a resolution for unmanaged enterprise devices and personal PCs after a system restart, with no new devices in these categories affected starting from May 19, 2026. For impacted devices, Microsoft has released specific updates as part of its June 2026 Patch Tuesday to prevent the issue. However, the problem will not be fixed for systems already upgraded to Windows 11 versions 24H2 or 25H2, and users are advised to remove the affected package using a command in an elevated Command Prompt. If this does not resolve the issue, users may need to perform a Windows 11 in-place upgrade. Microsoft has previously addressed similar challenges related to Windows update installations, including issues from the March 2026 non-security preview update and the January 2026 optional non-security preview updates.

Tech Optimizer

June 5, 2026

Microsoft quietly deletes Windows 11 guide that claimed you don’t need third-party antivirus

In April 2026, a blog post from Microsoft's Windows Learning Center claimed that most Windows 11 users could rely solely on Windows Security (Defender) for antivirus protection, citing features like Microsoft Defender Antivirus, SmartScreen, and ransomware mitigation. The blog was later removed without explanation, leading to speculation about its definitive claims. Microsoft stated that Windows Defender was sufficient for typical users with default settings and regular updates, while cautioning against using multiple antivirus engines. Independent testing from AV-Test consistently ranks Microsoft Defender highly, but AV-Comparatives noted limitations in offline protection and the reliance on cloud-based intelligence. The blog's removal was viewed by some as a constructive step towards realistic security guidance. Microsoft continues to provide third-party antivirus vendors with significant access to Windows, and the rise of AI-generated threats is complicating the cybersecurity landscape. Despite the controversies, Microsoft has made significant advancements in Windows Security, making it a viable option for many users.

Tech Optimizer

June 2, 2026

Microsoft no longer claims that Windows 11 has all the protection that you need

In April, Microsoft published a blog post discussing the security features of Windows 11, emphasizing that its built-in protections, such as Microsoft Defender Antivirus and SmartScreen, may eliminate the need for third-party antivirus solutions for many users. The blog highlighted that adequate security could be maintained with default settings, regular updates, and intentional software downloads. However, it also noted that users with specific needs, like managing multiple devices or requiring additional features, might still consider third-party software. The blog post was removed from the Microsoft Learning Center without formal announcement, raising questions about the company's communication strategy.

AppWizard

June 2, 2026

Subnautica 2’s no-killing policy isn’t because it’s ‘a game about pacifism’, says design lead, but because players would ‘master the crappy combat’ over anything else

Subnautica 2 has sparked controversy due to comments suggesting it lacks traditional combat elements. Design lead Anthony Gallegos explained that the decision to minimize combat is not based on a non-violent ethos but stems from the studio's modding culture origins. He referenced the developers of SOMA, highlighting that combat options could detract from the intended atmosphere of dread and exploration. By removing combat, Subnautica 2 aims to maintain tension and immersion in the underwater world. Gallegos also mentioned the possibility of new mitigation systems in future updates, as the episodic release schedule allows for the introduction of additional gameplay mechanics.