risk Archives

Winsage

May 14, 2026

Windows 11 26H1: Microsoft keeps the special branch on track for new hardware

Microsoft has released an update to Windows 11 version 26H1, OS Build 28000.2113, through cumulative update KB5089548 on May 12, 2026. This update includes essential security fixes and non-security enhancements from the previous month's optional preview. Windows 11 version 26H1 is specifically designed for new devices launching in early 2026 and will not be available as an in-place update for existing systems running versions 24H2 or 25H2. The update focuses on maintenance for this branch, with improvements in SSDP notifications and gaming compatibility. It also includes AI enhancements exclusive to Copilot+-enabled PCs. Microsoft continues to support versions 24H2 and 25H2 for enterprise deployments, while 26H1 is relevant only for new hardware platforms. Currently, there are no known issues reported for Windows 11 26H1 or update KB5089548.

Winsage

May 14, 2026

Microsoft MDASH finds Windows security flaws with AI | ETIH EdTech News

Microsoft has developed an AI security system called MDASH that has identified 16 vulnerabilities in Windows networking and authentication frameworks, with four classified as Critical, allowing for remote code execution. MDASH uses over 100 specialized AI agents to analyze code from multiple perspectives, improving the accuracy of vulnerability detection. The system has successfully detected all 21 planted vulnerabilities in a private testing environment without false positives, achieving a 96 percent recall rate against historical cases and an 88.45 percent success rate on the CyberGym benchmark. The identified vulnerabilities include issues in tcpip.sys and IKEEXT, which can be exploited remotely without needing credentials.

BetaBeacon

May 13, 2026

Steam Deck becoming obsolete? Android gaming tablet runs PC games thanks to emulator

The Lenovo Legion Tab 5 was tested with GameHub, allowing for the playing of demanding PC games on an Android tablet through an emulator. Performance was decent, with some issues such as long loading times, inconsistent game downloads, occasional crashes, and difficulty syncing cloud saves. Despite these drawbacks, the emulator provides a way to play simpler titles from the Steam library on the go for those who already own a powerful Android tablet.

Winsage

May 13, 2026

Linux gains more critical Windows apps … 3D Movie Maker and Space Cadet Pinball

Several notable Windows applications, including Space Cadet Pinball and Microsoft 3D Movie Maker, have been successfully ported to Linux. Space Cadet Pinball, originally part of the Microsoft Plus Pack for Windows 95, has been decompiled and rebuilt, now available across 14 platforms, including Linux, thanks to Muzychenko Andrey. The source code for Microsoft 3D Movie Maker was released by Microsoft, and a new fork has been developed by Mark Cave-Ayland and Ben Stone, enabling it to run on Linux. Their project also includes bug fixes, 64-bit compatibility, and builds for ARM64 Windows, with plans for a Raspberry Pi version.

AppWizard

May 13, 2026

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google introduced a new opt-in feature for Android users called Intrusion Logging, which enhances the analysis of spyware attacks as part of the Advanced Protection Mode. Developed with Amnesty International and Reporters Without Borders, it logs daily device and network activities, including app activity, installations, network connections, file transfers, system certificate modifications, and device lock events. The log data is encrypted and stored securely, accessible only to the device owner. Logs are retained for 12 months and cannot be deleted by users before expiration, though they can be downloaded for offline storage. Intrusion Logging also records network events during Chrome's Incognito mode. This feature is beneficial for high-risk individuals who may be targets of surveillance. Users can access the logs through the Settings app, and the rollout is underway for devices with the Android 16 December update and newer. Additionally, Google announced other privacy and security features, including a verified financial call feature to combat scams, expansion of Live Threat Detection, evaluation of APK files for malware, revocation of accessibility services API access from non-designated apps, and enhancements to Find Hub's Mark as Lost feature. Other updates include improved device recovery options, enhanced privacy controls, introduction of AISeal with pKVM, expansion of Binary Transparency, protection against OTP theft, and strengthening data protection with post-quantum cryptography.

AppWizard

May 13, 2026

Playground Games confirms Forza Horizon 6 hack came from the inside

A 155 GB unencrypted build of Forza Horizon 6 has leaked online ahead of its release, confirmed by Playground Games to have originated from a reviewer, influencer, or industry insider, not a Steam employee or technical glitch. The leak includes thousands of assets, granting unauthorized early access to the game's content. This incident raises concerns about the handling of unreleased game builds and could impact future release plans and the game's success. Playground Games may be able to identify the source of the leak through attached identifiers in the early access copies sent for review.

Winsage

May 13, 2026

Windows 11 security update fixes critical Bing and Azure flaws

Microsoft released its May 2026 Patch Tuesday updates for Windows 11, addressing 97 security vulnerabilities across various components, including Windows, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, and .NET. The updates are encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevating systems to builds 26100.8457 and 26200.8457. Notable vulnerabilities include CVE-2026-32169, a critical flaw in Azure Cloud Shell with a CVSS score of 10.0, and CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program with a CVSS score of 9.8. Other critical vulnerabilities include CVE-2026-32191 and CVE-2026-32194, impacting Microsoft Bing Images, both with CVSS scores of 9.8. The update also addresses multiple Windows privilege escalation vulnerabilities and remote code execution vulnerabilities in Microsoft Office and Excel. Microsoft has warned of upcoming Secure Boot certificate expirations starting in June 2026 and has improved boot reliability related to BitLocker recovery issues. Users can install the updates via Settings → Windows Update, with a system restart required.

AppWizard

May 12, 2026

Android Apps on Windows 11: Safe Alternatives After WSA

In 2025, Microsoft announced it would discontinue support for the Windows Subsystem for Android (WSA), making Android applications non-functional on Windows 11. This decision surprised many users in Indonesia who relied on these applications. HP developed a guide outlining secure alternatives to WSA, which included reputable Android emulators like BlueStacks, LDPlayer, and NoxPlayer, as well as native Windows alternatives such as Microsoft Teams and Microsoft 365 apps. Users were advised against unverified APK sideloading, unofficial emulators, and modified apps due to security risks. Microsoft’s end of support means no further security updates or bug fixes will be provided, and integration with the Amazon Appstore will cease. Users can continue using WSA apps, but they will be exposed to potential security threats. To migrate data from WSA, users were instructed to inventory apps, research alternatives, and export app data before performing a clean uninstall. Best practices for running Android apps safely on Windows included downloading from official sources and keeping software updated.

AppWizard

May 12, 2026

TrickMo Android Malware Targets Banking, Wallet, and Authenticator Apps

TrickMo, an Android banking malware, has re-emerged with enhanced stealth and operational capabilities, targeting banking, fintech, wallet, and authenticator apps. It retains its core device takeover abilities while improving stealth, persistence, and flexibility. The malware persuades users to grant accessibility permissions, allowing full remote control, including real-time screen viewing. A significant advancement is its shift to The Open Network (TON) for command-and-control communication, complicating takedown efforts. TrickMo has been actively deployed in France, Italy, and Austria since early 2026, using fake login overlays to capture credentials while recording user activity. It communicates through .adnl endpoints within the TON network and employs DNS-over-HTTPS for encrypted DNS queries. The malware's modular design includes a primary application as a loader and a dynamically loaded APK module called “dex.module” for malicious capabilities. It features network reconnaissance and tunneling capabilities, allowing commands like HTTP probing and establishing SSH tunnels, which can bypass fraud detection systems. Dormant features suggest potential for future capabilities without altering the core application. Indicators of compromise include specific SHA-256 hashes and package names associated with TrickMo's various components.

AppWizard

May 11, 2026

Google warns 7 million Android users to delete these 28 fake apps

28 Android applications were removed from the Google Play Store after being identified as scams by security researchers at ESET. These apps, part of a campaign called “CallPhantom,” falsely claimed to provide access to private call logs, SMS records, and WhatsApp activity. They attracted millions of downloads despite lacking legitimacy, offering fabricated data such as fake phone numbers and bogus call durations. Some apps charged users for “detailed reports” that either never arrived or contained nonsensical information. The apps did not steal phone data or install malware but instead promised illicit access and generated fictitious data. The primary targets of this scam were users in India and the Asia-Pacific region.