physical Archives

AppWizard

June 16, 2026

Honda Civics And Installing Software With Android Test Keys

Eric McDonald conducted reverse-engineering on the Android-based infotainment system in a 2021 Honda Civic, revealing a significant vulnerability. The head unit can be updated via USB using accessible standard Android Open Source Project (AOSP) test keys. This exploit, named the EvilValet attack, allows anyone with physical access to the car's USB port to execute arbitrary code signed with these test keys. While confirmed only in the 2021 Honda Civic, similar Android-based systems may also be at risk due to shared technology across different vehicle models. This vulnerability raises concerns about vehicle security as it allows unauthorized users to manipulate the system through a USB connection.

AppWizard

June 15, 2026

Minecraft 26.2 Chaos Cubed Drops Tomorrow: Hardcore Exploit Closed, Vulkan Renderer Ships

Minecraft Java Edition 26.2, titled Chaos Cubed, will be released on June 16, 2026, featuring a new underground biome called sulfur caves, a unique mob named sulfur cube, and an experimental Vulkan graphics renderer. The sulfur caves introduce pale-yellow sulfur blocks and deep-red cinnabar, along with geysers that erupt every 50 seconds and sulfur spikes that can inflict damage. The sulfur cube is a passive mob that absorbs blocks, altering its behavior, and can transform into a mobile explosive when it absorbs TNT. The Vulkan renderer allows players to switch between OpenGL and Vulkan for improved performance, utilizing multiple CPU cores. A friends list feature will be added, enabling players to send friend requests and check online statuses, but peer-to-peer world hosting will not be included. Hardcore mode will now enforce permadeath by disabling certain options in the Open to LAN menu. The update also includes six new music tracks and the /unpublish command.

Winsage

June 15, 2026

New Windows Zero‑Day Flaws Target Defender and BitLocker

A cybersecurity researcher known as “Nightmare Eclipse” has revealed two zero-day exploits threatening Windows systems: RoguePlanet and GreatXML. RoguePlanet targets Microsoft Defender, allowing attackers to execute privileged actions and gain SYSTEM-level access on Windows machines. It is a local privilege escalation vulnerability that remains effective on fully updated systems. GreatXML claims to bypass BitLocker disk encryption by manipulating the Windows Recovery Environment, potentially granting access to protected files. However, its effectiveness may be overstated, as it might require administrator-level access. Microsoft advises organizations to implement security updates, treat lost or accessible devices as high-risk, enforce stricter policies, and monitor threat intelligence to mitigate exposure to these vulnerabilities.

AppWizard

June 15, 2026

Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores

A trojan named Android.MagicAd.1 has been identified as a significant threat to Android users, capable of delivering persistent background advertisements by circumventing built-in defenses. Detected in 2025, it has spread through over 50 infected games and utility applications, infiltrating both dubious download sites and official app stores like the Samsung Galaxy Store and Xiaomi’s GetApps. The malware employs a strategy of rotating applications to evade detection, remaining active on user devices after download. It uses hidden, encrypted components within native code libraries and conducts environment checks to avoid monitoring before launching its payload. Android.MagicAd.1 bypasses Android's restrictions by targeting trusted system applications, utilizing methods that vary by device manufacturer. For example, it uses a delayed system command on Xiaomi and Amazon devices, exploits Android Binder on Vivo devices, and employs a universal fallback method for other brands to gain priority for displaying ads. All identified malicious applications have been removed from official stores, but the campaign highlights the vulnerability of security software.

Winsage

June 15, 2026

There are too many Windows laptops, and I can’t blame Microsoft for confusing choices — but there are ways it could help us all

The author has experience building Windows desktops but has recognized the practicality of Windows laptops due to frequent travel. They have a shortlist of preferred models, including the ASUS Zenbook A14 and Lenovo Yoga Slim 7x, but acknowledge that many consumers opt for cheaper laptops available in stores. The introduction of entry-level models like the MacBook Neo has shifted the conversation around Windows laptops. There is confusion among consumers regarding specifications, such as RAM and battery longevity, which are often overwhelming. The author suggests that a certified 'Windows Pro' laptop could guarantee features like a 120Hz display and 32GB of RAM, while a budget-friendly 'Windows Core' option could focus on IPS screens with at least 16GB of memory. There are concerns about consumer perception of non-certified products and the need for better education in the market.

AppWizard

June 14, 2026

Hide-and-seek game where you paint your body to blend in sells a million copies in four days

Players in Meccha Chameleon control a featureless, white, blobby biped and use a color wheel to paint their bodies in real-time to blend into their surroundings. The game sold one million copies within four days of its release. The developer, lemorion_1224, announced this milestone on the Steam community blog and expressed gratitude to players. The game has gained popularity among streamers and YouTubers, and it supports public matches and streaming. Meccha Chameleon is a lobby-based PvP party game where players are divided into seekers and hiders, with seekers trying to locate all hiders before time runs out. The game features creative disguising techniques, such as blending into shadows or textures. It is priced at just under .

AppWizard

June 13, 2026

Dole expands Minecraft campaign with pineapple focus

Dole is launching a 15-week campaign starting June 21 across North America and Europe, focusing on pineapples and targeting younger audiences. This campaign includes in-game rewards for Minecraft players, such as a branded ‘pineapple hoodie.’ The previous campaign resulted in a 20-fold increase in website visits from QR code scans, generating 2 million landing page views and significant social media impressions. Over 60% of participants expressed increased intent to purchase Dole’s fruit after engaging with the campaign. This year's campaign will feature new recipes, digital puzzles, and offline engagement activities, along with QR-enabled stickers in retail environments to connect purchases to digital rewards.

AppWizard

June 11, 2026

Valve Is Killing Physical Steam Gift Cards, Blaming Scammers

Valve has announced the discontinuation of its physical Steam gift card program in retail stores globally due to ongoing issues with scammers exploiting these cards for fraudulent activities. All retail stock is expected to be depleted by the end of 2026. Scammers have been using these cards to siphon funds from victims, often impersonating officials or agencies. Valve has implemented measures to combat these scams but has decided to terminate the retail gift card program. Retailers will sell their remaining inventory but will not restock physical gift cards. Customers can still use existing gift cards on Steam, and digital gift cards will continue to be offered. Consumer protection agencies warn that fraudsters will continue to exploit gift cards from various brands.

AppWizard

June 11, 2026

Steam’s tired of gift card scams, so it’s killing them off for good

Valve will stop restocking Steam gift cards at retail locations due to increasing scams targeting consumers, particularly the elderly. The company estimates that these cards will no longer be available by the end of 2026, although unspent cards can still be redeemed after that date. Despite the discontinuation, Valve's guest checkout feature will allow digital gifting for gaming experiences.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.