review Archives

Tech Optimizer

June 23, 2026

Active Exploitation of Critical CVE-2026-20253 in Splunk Enterprise: Unauthenticated RCE via PostgreSQL Sidecar Service

A critical security vulnerability, SVD-2026-0603 (CVE-2026-20253), has been identified in Splunk Enterprise versions 10.0.0 through 10.0.6 and 10.2.0 through 10.2.3. This flaw allows unauthenticated, remote attackers to create or truncate arbitrary files on the host system by exploiting the PostgreSQL Sidecar Service endpoints. The vulnerability is actively exploited, with public proof-of-concept code available, and has been added to the CISA Known Exploited Vulnerabilities (KEV) list. Successful exploitation can lead to full remote code execution (RCE) as the Splunk user. The vulnerability arises from inadequate authentication controls on the PostgreSQL Sidecar Service endpoints, specifically /v1/postgres/recovery/backup and /v1/postgres/recovery/restore, which are accessible without authentication. It is classified under CWE-306: Missing Authentication for Critical Function and has a CVSS v3.1 base score of 9.8 (Critical). Attackers can exploit the vulnerability by sending crafted HTTP POST requests to the exposed endpoints, allowing them to create or truncate files and potentially execute malicious scripts. Indicators of compromise include unexpected files in directories such as /tmp/ or /opt/splunk/var/run/supervisor/pkg-run/, modified Splunk Python scripts, and unusual outbound connections from Splunk to unknown PostgreSQL servers. The vulnerability aligns with several MITRE ATT&CK techniques, including T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter). Active exploitation of CVE-2026-20253 has been confirmed, and it is likely that both opportunistic cybercriminals and sophisticated threat actors will use this exploit. The affected versions of Splunk Enterprise are 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6, with the issue resolved in versions 10.2.4 and 10.0.7. Organizations are advised to upgrade to fixed versions or disable the PostgreSQL Sidecar Service as a mitigation strategy.

AppWizard

June 22, 2026

Steam Machine review: Valve’s underwhelming living-room PC has a serious price problem

The Steam Machine is a compact gaming system measuring 16.5 × 15.5 × 15.3 cm, designed to run SteamOS and provide access to the Steam library while offering a user experience similar to consoles. It features a custom AMD CPU with six cores and twelve threads, 16 MiB of L3 cache, and a maximum clock speed of 4.86 GHz. The system includes 16 GiB of DDR5 memory and a discrete Radeon graphics unit with 8 GiB of GDDR6 video memory based on the Navi 33 architecture, operating with 28 compute units and a power budget of 110 watts. Storage consists of an NVMe drive with approximately 1.9 TB of space and a zram swap of around 7.6 GiB. The Steam Machine runs SteamOS 3.8.9 in its x86-64 version, allowing it to function as either a Linux PC or a gaming interface. Connectivity options include one HDMI 2.0 port, one DisplayPort 1.4 port, four USB-A ports, a USB-C port, Gigabit Ethernet, Wi-Fi 6E, and Bluetooth 5.3. Its hardware is aligned with PC architecture but lacks the customization options of a bespoke system.

AppWizard

June 22, 2026

The Steam Machine is the most ambitious game console I’ve ever played

The Steam Machine retails starting at ,049 without a gamepad and ,128 bundled with one. Its performance does not significantly exceed that of the 5.5-year-old PS5, which offers sharper visuals in certain games. The Steam Machine operates more like a console than previous iterations, featuring a compact design and compatibility with modern gamepads. Valve claims to sell its components at cost, having negotiated with suppliers during a memory supply crisis. Users have reported technical issues, such as problems with the Steam Controller, sound output, and game downloads. The device requires manual adjustments for settings, lacks user-friendly configurations, and has questionable reliability with its sleep function. Valve plans to support AMD’s FSR 4 upscaling and is working on graphics driver updates. The Steam Machine is positioned as a versatile gaming and computing solution, but its limitations highlight the need for further refinement.

AppWizard

June 21, 2026

Dishonored review (2012)

The review of Dishonored in PC Gamer issue #246 (December 2012) highlights the game's immersive experience, customization options, and technical execution. The reviewer describes a gameplay moment where they successfully eliminate an enemy after a miscalculated leap. The PC version offers extensive customization, including field-of-view adjustments and graphics settings. The game runs smoothly on a 2.8GHz Core i7 with a 2GB GeForce GTX 670 graphics card. Dishonored is noted for its originality as a major title that is neither a sequel nor a remake, and it avoids unskippable boss fights, enhancing player freedom and engagement.

BetaBeacon

June 20, 2026

Epic Games Store 2026: $400M Record, 317M Users [AU]

Total revenue from the Epic Games Store reached .16 billion in 2025, up 6 per cent from .09 billion in 2024 and 22 per cent from 0 million in 2023.

AppWizard

June 20, 2026

Google Messages Just Solved The Biggest Problem With Smart Replies

Google Messages has introduced a "Tap to draft" option within its Smart Replies feature, allowing users to review and edit suggested responses before sending them. This feature is part of app version 2026052200RC00 and can be enabled by updating to the latest version and adjusting settings in the app. Smart Replies use AI to generate quick response suggestions based on user interactions, while ensuring that no message content or data is transmitted to Google, thus maintaining user privacy.

Tech Optimizer

June 20, 2026

EDB Reports Growing Adoption of Postgres AI as Enterprises Build Sovereign AI Foundations

EnterpriseDB (EDB) reported increased global adoption of its EDB Postgres AI (EDB PG AI) platform for managing mission-critical workloads. Research by MIT Technology Review Insights found that organizations prioritizing AI and data sovereignty achieve five times the return on investment. The Industrial Bank of Korea (IBK) migrated 15 core systems to EDB PG AI, reducing licensing costs and enhancing operational flexibility. Shinhan EZ Insurance transitioned its core system to the public cloud using EDB PG AI, achieving 24/7 service and scalability for AI workloads. Other companies like MNTN, Euronext FX, and Kyobo Book Centre are also leveraging EDB PG AI for various applications. EDB has received industry recognition, including being named among the most innovative companies in data and awarded for its data management solutions. EDB PG AI integrates transactional, analytical, and AI workloads, providing a secure and scalable platform for enterprises.

Tech Optimizer

June 20, 2026

PostgreSQL 18 on Amazon Aurora and Amazon RDS: Security, monitoring, and developer enhancements

PostgreSQL version 18 has deprecated MD5 password authentication in favor of SCRAM-SHA-256, with a new parameter, md5_password_warnings, enabled by default to log deprecation warnings. It has enhanced monitoring capabilities by adding columns to pg_stat_database and pg_stat_statements to track parallel worker activity, with the default max_parallel_workers_per_gather set to 0 in Aurora PostgreSQL. The pg_stat_subscription_stats view now includes new columns for tracking conflict types in logical replication. Optimizer statistics are automatically transferred during upgrades, while uuidv7() generates timestamp-ordered UUIDs. The default streaming option for CREATE SUBSCRIPTION has changed to parallel, and the idle_replication_slot_timeout parameter automatically invalidates inactive replication slots. Enhancements to the COPY command include REJECT_LIMIT for error tolerance and a silent LOG_VERBOSITY level. OLD and NEW aliases have been introduced in RETURNING clauses for various DML commands.

AppWizard

June 20, 2026

Forza Horizon 6 Dethroned as #1 Selling Steam Game

Forza Horizon 6 has lost its position as the top-selling game on Steam to Meccha Chameleon, a hide-and-seek game released on June 9, which has sold five million copies in ten days. Meccha Chameleon is priced affordably and has an 85% approval rating from over 6,000 user reviews. The top five best-selling games between June 9 and June 16 are Meccha Chameleon, Forza Horizon 6, Path of Exile 2, EA Sports FC 26, and Final Fantasy 7 Remake Intergrade. The rankings for positions six through ten include 007 First Light, Gothic Remake, Burglin’ Gnomes, Rust, and Voidling Bound. Titles in spots ten through twenty are Dead by Daylight, Resident Evil 4, Road to Empress II, Subnautica 2, Hearts of Iron IV, Paralives, Monster Hunter Wilds, Witchspire, Gamble With Your Friends, and Resident Evil Requiem.

Winsage

June 19, 2026

Microsoft finally admits its default Windows 11 25H2, 24H2 action broke key legacy component

Microsoft released Patch Tuesday updates for Windows 11, specifically KB5094126 and KB5093998, along with dynamic updates KB5094149, KB5095971, and KB5094156. Two issues have been acknowledged: malfunctioning Office applications and complications with the Recycle Bin. In July 2025, Microsoft changed the default settings of Windows 11 to JScript9Legacy in versions 24H2 and later, continuing with version 25H2 in October 2025. This change aimed to enhance security by addressing vulnerabilities related to legacy scripting, particularly cross-site scripting (XSS). A support article details a compatibility issue arising from the transition from jscript9.dll to jscript9legacy.dll, which affects how JScript manages execution context. Functions and definitions established by one script are no longer accessible to subsequent scripts, leading to failures in legacy applications. To address this, Microsoft released the KB5077241 update, which requires manual activation of persistent JScript execution context through a Registry setting. The steps to implement this solution involve creating a feature control registry key and configuring a DWORD value for specific processes or all processes.