risk Archives

Tech Optimizer

May 7, 2026

How lakebase architecture delivers 5x faster Postgres writes

The lakebase architecture separates compute and storage, enhancing operational flexibility and performance. Traditional Postgres systems face durability challenges due to write-ahead logging (WAL) and full page writes (FPW), which can inflate WAL volume significantly in write-heavy scenarios. The lakebase solution eliminates the risk of torn pages by streaming WAL to a distributed storage system, avoiding local-disk dependencies. Image generation pushdown transfers the responsibility of generating full page images from the compute layer to the storage layer, maintaining read performance while reducing WAL overhead. Benchmarks show significant improvements in throughput and reduced WAL generation, with a 94% reduction in WAL size per transaction and a 3x increase in ingestion throughput for data-intensive tasks. This enhancement has been deployed globally without interruptions, marking a shift towards improved managed Postgres performance.

AppWizard

May 7, 2026

This week’s Epic Games freebie includes two gorgeous cozy games that will hook you in no time

The Epic Games Store is offering two free titles this week: Arranger, a puzzle-driven adventure, and Trash Goblin, a shopkeeping experience. Arranger has a Steam review score of 92% and features a unique gameplay mechanic where players shift rows and columns of the map to solve puzzles. Trash Goblin has a Steam review score of 88% and focuses on restoring and selling curiosities in a relaxed shopkeeping environment. Both games are available for free from May 7 to May 14.

Winsage

May 7, 2026

Microsoft admits Windows 11 is still built on 90s-era Win32, and no one saw it coming

Users engage with the Win32 API when right-clicking files or launching desktop applications in Windows 11, a technology that has persisted since Windows 95. Microsoft’s Chief Technology Officer, Mark Russinovich, noted that the longevity of Win32 was unexpected, as it was not part of the company's original vision for the future. Despite attempts to replace Win32 over the past two decades, many users still have more Win32 applications than modern alternatives. Microsoft has introduced several frameworks to replace Win32, including MFC, WinForms, WPF, WinRT, and UWP, but none have fully succeeded. Developers have shown a preference for RAM-intensive web applications over native ones due to concerns about the stability of Microsoft's frameworks. Microsoft has introduced WebView2 to embed web technologies in desktop applications, leading to increased memory usage. In response to user needs, Microsoft is shifting back to native applications with WinUI 3, aiming to modernize Windows 11 while retaining access to Win32 infrastructure. The company is gradually replacing legacy Win32 UI elements with WinUI 3 components, improving performance and user experience.

Winsage

May 7, 2026

Upwind expands runtime protection to Windows Server VMs

Upwind has expanded its runtime protection and visibility offerings to include Windows Server virtual machines (VMs) on major cloud platforms such as Amazon Web Services, Google Cloud, and Microsoft Azure. This integration applies to Windows Server 2016 and later versions and enhances runtime monitoring and detection workflows. Upwind's Windows Sensor provides visibility into host activities, including process executions, network connections, and DNS requests, while also conducting continuous assessments for vulnerabilities and configuration issues. The telemetry collected aids in real-time detection of potential security threats and supports ongoing vulnerability scanning. The integration of Windows Server VMs into Upwind's Runtime Map, Detections, and Sensor components allows for unified monitoring and risk prioritization across cloud environments. This expansion aims to address the critical need for runtime behavior insights in cloud security, particularly for businesses relying on Windows Server for essential applications.

Tech Optimizer

May 7, 2026

What Is Endpoint Detection and Response?

Traditional endpoint security measures, such as antivirus software and firewalls, are increasingly ineffective against sophisticated cyberattacks, which can bypass these defenses. Endpoint Detection and Response (EDR) is a solution that emphasizes rapid detection and containment of threats, continuously monitoring endpoint activity and identifying suspicious behavior in real time. EDR platforms gather data from all connected endpoints and utilize AI-driven analytics to detect both known and unknown threats. In 2024, over 97 billion exploitation attempts were recorded, underscoring the need for robust endpoint protection. EDR tools operate in four stages: detection, containment, investigation, and elimination of threats. They collect telemetry data from endpoints to establish a baseline of normal activity, enabling the identification of anomalies that may indicate a threat. EDR can automatically isolate affected endpoints, terminate malicious processes, and execute remediation actions. EDR employs two methods for threat detection: comparing endpoint activity against indicators of compromise for known threats and using behavioral detection models for unknown threats. The system can generate reports on threat activity and response effectiveness, aiding compliance and operational decision-making. The telemetry data collected is stored in a centralized repository, supporting threat-hunting initiatives. Organizations that deployed EDR in 2024 experienced an average breach cost that was significantly lower than those that did not. EDR minimizes security blind spots, reduces the attack surface by identifying vulnerabilities, speeds up investigations and responses, blocks new threats through behavioral analysis, and strengthens other security measures when integrated with existing tools. Challenges in EDR implementation include alert fatigue, integration complexity, resource constraints, and limited scope. When choosing an EDR solution, organizations should prioritize features such as real-time threat detection, automated response capabilities, behavioral analysis, offline protection, low performance impact, and integration with existing tools. EDR functions effectively as part of a layered security strategy, complementing other tools like Endpoint Protection Platforms (EPP) and Extended Detection and Response (XDR). EDR focuses on endpoint activity, while EPP serves as a first line of defense against common threats, and XDR broadens the scope to include network traffic and cloud workloads. VPNs encrypt network traffic, providing an additional layer of protection for data in transit.

Winsage

May 6, 2026

Why are 25%+ gamers still using Windows 10 despite its EOL status?

A significant portion of gamers, over 25%, continues to use Windows 10 despite its end-of-life status declared on October 14, 2025. Reasons for this preference include: 1. Windows 10 has reached peak stability after years of updates, providing reliable performance. 2. It is compatible with older PCs, allowing gamers to use existing hardware without costly upgrades. 3. Windows 10 has fewer AI features, offering a streamlined experience preferred by many gamers. 4. Basic applications launch more swiftly in Windows 10 compared to Windows 11, enhancing performance. 5. Windows 10 has fewer ads and bloatware, resulting in a cleaner user interface. 6. Users can create a local account during setup in Windows 10, unlike the mandatory Microsoft account requirement in Windows 11. However, Windows 10 is no longer receiving security updates, which poses a risk as vulnerabilities may arise without patches.

AppWizard

May 6, 2026

Google expands Android Binary Transparency to counter supply chain attacks

Supply chain attacks targeting mobile software have increased due to the reliance on smartphones for essential functions. In response, Google has launched an enhanced Binary Transparency program for Android, which includes a public ledger that records cryptographic entries for production applications. This program initially covers two software layers: Google Applications and Mainline Modules. For Pixel device owners, it complements the Pixel System Image Transparency feature introduced in 2023, allowing users to verify the authenticity of system images and Google applications. The program aims to address the gap in software trust by distinguishing between digital signatures, which confirm the identity of the binary's creator, and binary transparency, which indicates the intent for public release. If a Google-signed application released after May 1, 2026, is not listed in the ledger, it means Google did not authorize it as production software. Verification tools are available on GitHub for assessing software against the ledger. Google employs "defense-in-depth" protocols to mitigate insider risks, ensuring that no single individual can publish a binary without triggering cryptographic verification. The ledger acts as a public record to deter unauthorized modifications. Google is also working to extend Binary Transparency to third-party developers to enhance the security of the global software supply chain.

Winsage

May 6, 2026

Microsoft enables Hotpatching by default: Windows updates without restarts become a reality

Beginning in May 2026, Microsoft will introduce Hotpatching as a default feature for compatible systems, allowing security updates to be applied without requiring a restart. Hotpatching updates code directly in the memory of running processes, enabling selective updates without interrupting the entire system. It does not replace monthly security updates but alters their activation process on eligible systems, categorized as security updates within the monthly B releases. Eligible systems must be running Windows 11 version 24H2 or newer and possess suitable licenses such as Enterprise, Education, Microsoft 365, or Windows 365. Management of these updates will be facilitated through Windows Autopatch or Microsoft Intune. Microsoft will continue to utilize baseline updates that require a restart, which will alternate with Hotpatch months. Hotpatching aims to reduce the frequency of restarts tied to security updates, particularly benefiting environments where uptime is critical. However, planned restarts will still be necessary, and robust telemetry and maintenance practices will be needed to ensure smooth operation.

AppWizard

May 5, 2026

Valorant’s latest patch brings heartbreaking Sage lore update, and the rework rumors are looking more likely

Sage from Valorant is experiencing side effects from her powers that are turning her into crystal. In Patch 12.08, a voicemail to Brimstone reveals her frustration with being told to take a break during a crisis. There are rumors of a potential rework for Sage, especially following Deadlock's comments about her losing her revive ability. Sage's struggles have been highlighted in various updates, including a music video where she loses control of her abilities and a recent update showing crystallization spreading to her neck and face. Despite her challenges, she remains a popular choice among players, with a 28.47% pick rate overall, though this decreases at higher competitive levels.

BetaBeacon

May 5, 2026

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

ScarCruft compromised a video game platform in a supply chain attack, trojanizing its components with a backdoor called BirdCall to target ethnic Koreans residing in China. The attack enabled the threat actors to target both Windows and Android devices, turning it into a multi-platform threat. The campaign targeted sqgame[.]net, a gaming platform used by ethnic Koreans in China, known as a transit point for North Korean defectors. BirdCall has features like screenshot capture, keystroke logging, and data gathering, and relies on legitimate cloud services for command-and-control. The Android variant collects various data and has seen active development.