NewApp Digest
search bot

monitor

Active Exploitation of Critical CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE via PostgreSQL Sidecar Service
Tech Optimizer
June 23, 2026

Active Exploitation of Critical CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE via PostgreSQL Sidecar Service

A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.
I tested Android 17 on my Pixel 9 Pro - its app bubbles are a multitasker's dream
AppWizard
June 22, 2026

I tested Android 17 on my Pixel 9 Pro – its app bubbles are a multitasker’s dream

Android 17 has been released for Pixel devices, introducing several new features: 1. Desktop Mode allows users to connect their phones to an external monitor for a desktop-like experience with a Bluetooth mouse and keyboard. 2. App Bubbles enable seamless multitasking by allowing users to bubble apps for quick access from the home screen. 3. The selfie camera can be enabled during screen recordings, allowing users to narrate actions while appearing on screen. 4. The recent apps page now displays full app names and includes a drop-down menu for options like pinning, splitting the screen, taking screenshots, or clearing recent apps. 5. Early support for running GUI Linux applications is introduced, paving the way for future advancements in Linux environments on devices. 6. Enhanced HDR brightness allows users to customize the display of HDR content for a more dynamic viewing experience. The update process for Pixel 9 Pro took approximately 30 minutes, and the rollout for other Pixel devices is expected soon. Other Android users will need to wait for their respective device updates.
The Steam Machine is the most ambitious game console I’ve ever played
AppWizard
June 22, 2026

The Steam Machine is the most ambitious game console I’ve ever played

The Steam Machine retails starting at ,049 without a gamepad and ,128 bundled with one. Its performance does not significantly exceed that of the 5.5-year-old PS5, which offers sharper visuals in certain games. The Steam Machine operates more like a console than previous iterations, featuring a compact design and compatibility with modern gamepads. Valve claims to sell its components at cost, having negotiated with suppliers during a memory supply crisis. Users have reported technical issues, such as problems with the Steam Controller, sound output, and game downloads. The device requires manual adjustments for settings, lacks user-friendly configurations, and has questionable reliability with its sleep function. Valve plans to support AMD’s FSR 4 upscaling and is working on graphics driver updates. The Steam Machine is positioned as a versatile gaming and computing solution, but its limitations highlight the need for further refinement.
The database that refused to die: How Postgres survived its own creators
Tech Optimizer
June 22, 2026

The database that refused to die: How Postgres survived its own creators

Postgres, originally developed by Michael Stonebraker in the early 1980s, is an open-source database system that evolved from Ingres. It was designed to handle complex data types and introduced user-defined data types, operators, and functions, leading to the support for abstract data types (ADTs). The initial commercialization of Postgres occurred through a startup named Illustra, later acquired by Informix. In 1995, graduate students Andrew Yu and Jolly Chen revived Postgres, transitioning it from QUEL to SQL, resulting in Postgre95, which evolved into PostgreSQL. Today, Postgres is one of the most popular database systems globally, known for its extensibility and high code quality. However, it currently lacks features like file-level encryption (TDE), which are standard in commercial systems, relying instead on the operating system for encryption. Efforts to implement TDE have faced challenges due to the complexity of required code changes.
Malware Has Gotten Smarter. Here's How Your Antivirus Has, Too
Tech Optimizer
June 21, 2026

Malware Has Gotten Smarter. Here’s How Your Antivirus Has, Too

Antivirus software is evolving from relying on static databases of known malware signatures to employing behavioral monitoring and machine learning for threat detection. Traditional antivirus solutions focused on recognizing known threats through unique signatures, but this approach has become inadequate due to the rapid evolution of malware, including polymorphic and metamorphic types. Modern antivirus systems now monitor program behavior, looking for suspicious activities such as unexpected file encryption or unusual network communication. Machine learning models analyze large datasets to identify patterns associated with malware, allowing for the classification of files as safe, potentially unwanted, or malicious. Techniques like sandboxing and dynamic analysis are used to preemptively neutralize threats. However, advancements in AI also present challenges, as cybercriminals can exploit these technologies to create sophisticated malware that evades detection. Despite improvements in antivirus effectiveness, modern cyberattacks increasingly target individuals through methods like phishing and social engineering, necessitating a combination of robust antivirus solutions and good cybersecurity practices.
Acoustic mapping app uses thousands of networked old Android phones to hunt Shahed drones — crowd-sourced microphone network spots small, low-RCS military targets
AppWizard
June 21, 2026

Acoustic mapping app uses thousands of networked old Android phones to hunt Shahed drones — crowd-sourced microphone network spots small, low-RCS military targets

A Lithuanian startup has developed an Android application that allows verified users to monitor for the acoustic signatures of Shahed-type drones used by Russia. The app detects these drones and enables users to report their locations, contributing to a collective defense mechanism. It uses an embedded algorithm to isolate drone sounds from environmental noise and relays detection information to a public map, improving situational awareness. The effectiveness of the system increases with more users running the app. Shahed-type drones are favored in military operations due to their cost-effectiveness. Other nations are also developing countermeasures against drone threats, including microwave drone swarm killers and anti-drone laser systems.
Sideloading Android apps is great — until you have to update them. Here's my fix
AppWizard
June 21, 2026

Sideloading Android apps is great — until you have to update them. Here’s my fix

Obtainium is a free and open-source sideload manager designed to simplify the updating process for sideloaded Android applications. Users can add their sideloaded apps to Obtainium’s tracking list after a one-time setup, allowing the app to monitor these sources for updates in the background. Obtainium supports various sources, including GitHub, GitLab, F-Droid, APKMirror, and Uptodown. The app checks for updates every six hours and can either download and install updates automatically or notify the user. Setting up Obtainium involves downloading the APK, adding app source URLs, and ensuring the correct source is used for each app. However, it has limitations, such as relying on HTML scraping for websites without an API and potential API rate limits for GitHub apps. Additionally, Obtainium may have read-only access to certain sites, requiring users to manually update apps in some cases.
How Five PostgreSQL Optimizations Sped Up Our Dashboard
Tech Optimizer
June 20, 2026

How Five PostgreSQL Optimizations Sped Up Our Dashboard

The dashboard operates on a Django monolith with PostgreSQL and is transitioning to ClickHouse for denormalization. The initial p50 metric was 0.7 seconds, but the p95 was 8 seconds, which was reduced to 1 second. Observability tools were established to monitor performance, and slow HTTP requests were identified using OpenTelemetry traces. Optimization techniques included late joining, asynchronous counting, creating a PostgreSQL replica for read operations, and improving full-text search. Denormalization was explored to enhance filtering performance by creating composite indexes. The production stack was upgraded to PostgreSQL 18, which provided incremental performance improvements. The final p95 value achieved was 1 second, below the target of 3 seconds.
How Cybersecurity Services Have Evolved Beyond Antivirus and Firewalls
Tech Optimizer
June 19, 2026

How Cybersecurity Services Have Evolved Beyond Antivirus and Firewalls

Businesses traditionally relied on antivirus software and firewalls for cybersecurity, which were effective when threats were simpler and data was mostly stored on-site. However, the cybersecurity landscape has evolved, with cybercriminals employing advanced tactics that traditional methods cannot adequately address. Antivirus software is limited to detecting known threats, while modern malware can evade detection by altering its code or executing in memory. Firewalls also struggle when authorized users' credentials are compromised, allowing threats to infiltrate networks. Contemporary security strategies advocate for a multi-layered approach, incorporating tools like Endpoint Detection and Response (EDR), Multi-Factor Authentication (MFA), Zero Trust Architecture, Dark Web Monitoring, and Security Awareness Training. Compliance with regulatory standards is increasingly important, and cyber insurance providers now require businesses to demonstrate comprehensive security measures. Managed security providers are becoming essential for small and mid-sized businesses, offering expertise and resources to manage complex security tools and processes effectively. Organizations should assess their current security status and adopt a layered approach to address vulnerabilities, recognizing that traditional solutions alone are insufficient in today's threat landscape.
Search