Operation Archives

Winsage

May 23, 2026

Announcing new builds for 22 May 2026

The Windows Insider Program is rolling out changes across various channels, with new builds of Windows 11 Insider Preview available. The transition for devices in the Canary 29500 Series Channel to the new experience has not yet begun. New features include: 1. Screen Tint: An accessibility feature that applies a color overlay to reduce screen intensity. 2. Narrator: Enhanced support for HID-compatible braille displays, allowing for plug-and-play functionality via USB or Bluetooth. 3. Voice Isolation in Voice Access: A feature that improves voice recognition by filtering out background noise, processing occurs privately on the device.

Winsage

May 22, 2026

Microsoft Dismantles Fox Tempest: Ransomware Groups Paid Up to $9,500 to Fake Windows Software Signatures

Microsoft's Digital Crimes Unit has filed a lawsuit against Fox Tempest, a criminal enterprise selling fraudulently signed malware to ransomware groups, affecting hospitals, schools, and critical infrastructure in ten countries. The lawsuit was filed on May 19 in the U.S. District Court for the Southern District of New York. Fox Tempest created a portal at signspace[.]cloud, offering a user-friendly interface for uploading malicious files and generating over 580 fraudulent Microsoft accounts to bypass identity verification. The group provided pre-configured virtual machines for customers to upload malicious payloads in exchange for signed binaries. Fox Tempest's operations were linked to a ransomware attack chain involving a counterfeit Microsoft Teams installer that deployed the Rhysida ransomware. This ransomware strain has caused significant breaches, including an October 2023 attack on the British Library, which resulted in a data exfiltration of about 600GB and recovery costs of £6 to £7 million, and a September 2024 attack on Seattle-Tacoma International Airport with a ransom demand of .8 million. Microsoft's civil litigation approach allowed for a quicker legal process, leading to the seizure of the signspace[.]cloud domain and the suspension of around 1,000 Fox Tempest accounts. Despite these actions, Fox Tempest has begun shifting to alternative code-signing services, highlighting the evolving nature of cybercrime and the need for users to verify software through independent channels. The confirmed targets of Fox Tempest included organizations in the United States, France, India, China, Brazil, Germany, Japan, the United Kingdom, Italy, and Spain.

AppWizard

May 22, 2026

Valorant’s new Vanguard update seems to be bricking cheaters’ PCs. Riot’s response? “Congrats on your $6k paperweights”

Riot Games' Vanguard anti-cheat system, introduced with Valorant and later integrated into League of Legends in 2024, operates at a kernel level, raising concerns about potential damage to players' PCs. Issues arose when streamer Nick 'LS' De Cesare experienced computer problems after a Vanguard update. The latest version of Vanguard reportedly made some cheaters' computers inoperable, requiring a complete operating system reinstall. Players must have Vanguard installed to access Riot's games, and the system now blocks most DMA firmware, which is used to mask cheats. Vanguard can activate even without Valorant installed, and if it detects DMA firmware, the only solution is a Windows reinstall. Riot Games acknowledged the complaints humorously, highlighting the frustrations of affected users. The kernel-level operation of Vanguard raises concerns about the risk of damaging personal computers due to misidentification, and legal discussions about its implications are ongoing. Players who do not want to use Vanguard cannot access Riot's games.

Winsage

May 21, 2026

Microsoft Defender Zero-Day Vulnerabilities RedSun and UnDefend Actively Exploited on Windows 10, 11, and Server (April 2026 CVE Analysis)

In April 2026, two zero-day vulnerabilities, RedSun and UnDefend, were discovered in Microsoft Defender, affecting Windows 10, Windows 11, and Windows Server platforms. These vulnerabilities allow attackers to escalate privileges to SYSTEM and bypass Defender’s protections. RedSun exploits a flaw in Defender's remediation process, enabling low-privileged users to overwrite critical system files. UnDefend allows attackers to disrupt Defender’s updates, keeping it outdated and ineffective. Both vulnerabilities are actively being exploited, with attackers leveraging them to gain persistent access and deploy ransomware. The primary targets are organizations using Windows systems with Defender enabled, particularly in sectors like finance, healthcare, and government. Mitigation strategies include applying updates for related vulnerabilities, monitoring for suspicious activities, and implementing additional security measures.

AppWizard

May 21, 2026

Space Marine 2 is shadowdropping a free campaign mission and giving Siege Mode progression some much-needed love

Space Marine 2 has launched a significant update called the Purgation Update, which includes a new free PvE Operation, an expanded Siege Mode, and new weapon and armor cosmetics. A free weekend trial is available from May 21 to May 25, allowing players to explore the game. The update features a new PvE mission in the Kadaku swamps, new enemies like the Hive Tyrant and Mutalith Vortex Beast, and introduces the Bolt Carbine Sidearm. A practice area aboard the Battle-Barge is available for players to test the new weapon. The update coincides with the Warhammer Skulls event and includes access to initial campaign missions and all PvP modes during the trial. A patch with balance changes for PvP gameplay is also set to go live on May 21.

AppWizard

May 21, 2026

Android 17 Adds Continue On Feature for Seamless App Handoff Between Devices

Android 17 will introduce a feature called Continue On, allowing seamless transitions of app activities across Android devices, similar to Apple's Handoff. This feature was announced through developer documentation rather than during the I/O 2026 keynote. Initially, Continue On will support handoffs between mobile devices and tablets, with plans for broader compatibility in the future. The feature enables users to resume activities on a nearby device by suggesting the app in the taskbar. It is bidirectional, allowing any compatible device to send and receive activity. Additionally, Continue On can transition from an app to the web version of a service if the app is not installed. The feature will debut with Android 17, which is currently in beta, and the developer documentation is available for implementation ahead of the launch.

AppWizard

May 20, 2026

Save 2% on Pimax Crystal VR headsets and get $150 of accessories for free, thanks to PCGamesN

Pimax is offering a 2% discount on its Crystal Light and Crystal Super VR headsets, along with a complimentary accessory bundle valued at 0. The Crystal Super has a resolution of 3,840 x 3,840 pixels per eye, while the Crystal Light has a resolution of 2,880 x 2,880 pixels per eye. The Crystal Super is priced at 9 (down from 9), and the Crystal Light is available for 9, with both discounts applicable using the code "pcgamesn." The offer is valid until the end of May and is available globally.

TrendTechie

May 20, 2026

Фанаты Minecraft тайно скопировали 24 терабайта данных с легендарного сервера 2b2t – архив миллиона блоков скоро раздадут через торрент

A group of Minecraft enthusiasts has completed a digital archaeology project, mapping and archiving the oldest anarchy server, 2b2t, resulting in 24 terabytes of data. This data will be released as a torrent in the coming weeks. The 2b2t server has been operational for 16 years and is known for its lack of rules and bans. The team successfully archived various areas of the server, including: - Overworld area of 1,024,000² blocks (December 25, 2025 – April 13, 2026) - Overworld area of 512,000² blocks (November 11, 2024 – December 12, 2024) - End area of 256,000² blocks (January 23, 2026 – February 15, 2026) - Nether area of 100,000² blocks (June 9, 2025 – June 14, 2025) The team plans to release high-resolution renders and data analysis tables alongside the archive. Open-source tools for the archive are available on GitHub, and updates can be followed via Discord and Patreon.

AppWizard

May 20, 2026

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Cybersecurity researchers have identified an ad fraud and malvertising operation called Trapdoor, targeting Android users with 455 malicious applications and 183 command-and-control domains. Users often download these disguised apps, which initiate malvertising campaigns and lead to further downloads of malicious applications. At its peak, Trapdoor generated 659 million bid requests daily, with over 24 million downloads of the associated apps, primarily from the United States. The operation exploits install attribution tools to activate malicious activities only for users acquired through fraudulent ad campaigns, while suppressing such behavior for organic downloads. Trapdoor employs advanced evasion techniques, including obfuscation and impersonation of legitimate software, to avoid detection. Google has removed the identified malicious apps from the Play Store in response to the threat.

Tech Optimizer

May 19, 2026

PoC Released for 20-Year Old PostgreSQL RCE Flaw

A public proof-of-concept exploit has been released for CVE-2026-2005, a critical heap-based buffer overflow vulnerability in PostgreSQL's pgcrypto extension, allowing full remote code execution and privilege escalation to the database superuser level. This vulnerability has existed since 2005 and was discovered by an AI-powered security tool during the ZeroDay.Cloud 2025 event in December 2025. An upstream patch was committed on February 8, 2026, and released on February 12, 2026. The vulnerability has a CVSS score of 8.8 and affects approximately 80% of cloud environments using PostgreSQL, with 45% accessible via the internet. The flaw is in the pgp_parse_pubenc_sesskey() function, which lacks bounds checking, allowing attackers to manipulate session key lengths. The pgcrypto extension can be installed by any database role with CREATE privileges, increasing the risk of exploitation. The proof-of-concept exploit involves an information leak, arbitrary write, and privilege escalation to remote code execution. The vulnerability affects all major versions of PostgreSQL prior to the February 2026 releases, which include versions 18.2, 17.8, 16.12, 15.16, and 14.21. Mitigation steps include upgrading to patched versions, restricting CREATE privileges, blocking direct internet exposure, rotating database credentials, auditing the usage of COPY FROM PROGRAM, and verifying patched engine versions for cloud-managed PostgreSQL users.