risks Archives

Winsage

May 3, 2026

Microsoft Defender Adds Dashboard for 2011 Secure Boot Certificates

Microsoft has introduced a feature in the Microsoft Defender dashboard to help IT managers identify devices using 2011 Secure Boot certificates, which expire in June of this year. The recommendation view categorizes devices into three groups: Exposed Devices (trust outdated certificates), Compliant Devices (use new 2023 certificates), and Not Applicable Devices (Secure Boot disabled or unsupported). The dashboard provides a centralized overview of device security status and the distribution of 2023 certificates, allowing filtering by operating system and device context. Devices without the new certificates will still boot but may lack the latest protection during the early boot phase, exposing them to threats. Microsoft does not automatically distribute new certificates via Windows updates on servers, requiring manual action from administrators. The dashboard aids IT teams in prioritizing action on Exposed Devices and exporting data for collaboration.

Winsage

May 2, 2026

“Xbox mode is easily the headline feature”: In May’s Windows 11 update, I walk through the 11 upgrades that change how we use the OS, and why some of them surprised me

Microsoft will begin rolling out the May 2026 Security Update for Windows 11 on May 12, 2026. Key features of this update include: 1. Xbox Mode: Transforms PCs into a console-like experience, prioritizing system resources for gaming and freeing up to 2GB of memory. 2. Voice Typing Improvements: Redesign of Voice Typing elements on the touch keyboard. 3. New Arabic 101 Legacy Keyboard Layout: Available for addition from the Region page in Settings. 4. Drop Tray Changes: Renamed from Drag Tray and can be disabled in Settings > System > Multitasking. 5. Taskbar AI Agents Support: Allows monitoring of AI agents directly from the Taskbar, starting with the Microsoft 365 Copilot app. 6. Debloat Policy with Dynamic List Support: Enables administrators to specify additional apps for removal beyond the default list. 7. Windows Driver Policy Update: Changes how the kernel manages trust for third-party drivers, eliminating default trust for cross-signed drivers. 8. Batch File Security Changes: Enhances security for batch files and Command Prompt scripts, with an option for a hardened processing mode. 9. Format FAT32 up to 2TB: The format command-line tool now supports formatting volumes up to 2TB using FAT32.

AppWizard

May 2, 2026

Control Resonant dev Remedy didn’t use other triple-A games for inspiration, because “nobody is taking risks”

Control Resonant is a sequel that takes players from the isolated setting of the Oldest House to the reimagined streets of Manhattan, described as a "labyrinth." The game features a new protagonist, Dylan Faden, who can navigate the environment in unique ways. The developers aim for a grounded aesthetic to enhance the supernatural elements and have avoided references from other games to maintain originality. The narrative expands with multiple factions and a variety of enemy types, including a haunted bus. The Hiss remains a central threat, affecting both humans and animals. Dylan will use a radio to communicate with his handler, Zoe, and will encounter audio logs that deepen the lore. Control Resonant is set to launch in 2026.

Winsage

May 1, 2026

Microsoft fixes Remote Desktop warnings displaying incorrectly

Microsoft resolved an issue affecting the display of security warnings when opening Remote Desktop (.rdp) files across all supported Windows versions, including Windows 11, Windows 10, and Windows Server. This problem was particularly evident on devices with multiple monitors having different display scaling settings. The fix was included in the optional KB5083631 preview cumulative update for Windows 11. The issue arose after the installation of the April 2026 security update, which introduced security warnings to enhance protection against phishing attacks. Users reported misalignment and obscured buttons in the security dialog, making it difficult to interact with. Additionally, the April security updates caused issues with third-party backup applications on Windows 11 systems and led to restart loops and failures during update installations on Windows Server.

AppWizard

May 1, 2026

Battlefield 6 Season 3 completely transforms vehicle damage and repairs, in the name of “calculated risks”

DICE Game Designer Chris Matte announced significant updates to vehicle gameplay in Battlefield 6 Season 3, focusing on improving combat interactions based on player feedback. The update will enhance vehicle consistency, readability, and responsiveness, addressing issues with balance in vehicle strengths and weaknesses. Key changes include: - Most anti-tank weapons will now require three hits to destroy a tank, with some exceptions. - Damage calculations will be simplified, reducing variance based on impact location and angle. - Vehicle health pools will be rebalanced, and repairs will weaken over time during combat. - Vehicle health regeneration will occur after a 12-second delay, at nearly double the rate compared to Season 2. - Tanks will have improved acceleration, turning responsiveness, and turret rotation speeds. - Damage will no longer directly affect mobility but will be linked to specific tools. - Aircraft will receive additional UI indicators for threat awareness. - Vehicle and Engineer loadouts will be redesigned for clarity and balance. - A balance pass on launchers will enhance underutilized options and ensure distinct roles for each launcher. The update aims to create a more engaging vehicle gameplay experience, empowering players to make meaningful decisions and take calculated risks. Battlefield 6 Season 3 is set to launch in May, with detailed patch notes to follow.

AppWizard

April 30, 2026

LofyStealer Targets Minecraft Players via Node.js Loader and Browser Injection

Minecraft players are being targeted by a deceptive hacking tool called “Slinky,” which is actually an infostealer known as LofyStealer linked to the Brazilian cybercrime group LofyGang. The malware uses a Node.js-based loader and a C++ payload to extract sensitive browser data, disguising itself as a Minecraft hack. It primarily targets younger players who may unknowingly execute it. The malware operates through a two-stage architecture, with a 53.5 MB loader binary that injects a smaller 1.4 MB payload into browser processes, bypassing detection methods. It collects sensitive information such as cookies, passwords, and credit card details, compressing and encoding the data for exfiltration. The command-and-control (C2) infrastructure is hosted in Brazil, and the malware's design reflects advanced compilation techniques. The campaign is attributed to LofyGang, which has evolved into a more professional entity, posing severe risks to players who download cheats and cracked tools. Indicators of compromise include a specific C2 IP address and associated endpoints.

Winsage

April 30, 2026

If you held off upgrading your PC because of the price, it’s now only $10 to get Windows 11 Pro

Windows 11 Pro is currently available for a promotional price of .97, a significant reduction from the standard price of 9. It includes security enhancements such as TPM 2.0, secure boot, built-in antivirus protection, Smart App Control, and Windows Hello for biometric security. BitLocker provides hard drive encryption, while Snap layouts and virtual desktops enhance multitasking. Unique features include Windows Sandbox for safely opening untrusted files, Hyper-V for managing virtual machines, and Azure AD support for workplace accounts. The integrated Copilot feature assists with various tasks. This promotional offer ends on May 3 at 11:59 p.m. PT.

Tech Optimizer

April 30, 2026

Inside the Architecture of an MCP Server for PostgreSQL

The Model Context Protocol (MCP) serves as a standard interface between large language models (LLMs) and external systems like PostgreSQL, emphasizing the importance of control over mere connectivity. An MCP server must act as a mediation and policy layer, enforcing security boundaries and ensuring that connections default to read-only. It should validate AI-generated SQL as untrusted input, encapsulate queries within transactions, and apply execution-time controls. The server must separate query generation from execution approval to manage operational costs and enforce guardrails on query types, such as limiting the number of rows returned. Token efficiency is crucial, with design considerations for compact data representation and schema introspection. In production, connection management is vital to prevent data leakage among multiple AI agents, and observability through logging executed queries and metadata is necessary for debugging and compliance. Long-running sessions require support for paginated responses to manage context effectively. Overall, the MCP server must integrate security, query safety, token efficiency, and observability into its design from the outset.

AppWizard

April 30, 2026

Minecraft Players Targeted by LofyStealer Using Node.js Loader and In-Memory Browser Injection

A new infostealer malware called LofyStealer is targeting the gaming community, particularly Minecraft players, by disguising itself as a cheat tool named “Slinky.” It employs a two-stage attack to extract sensitive information from eight major web browsers, including Chrome and Firefox, while evading detection by security software. The malware siphons off cookies, saved passwords, payment card information, and session tokens. Researchers at Zenox.ai identified LofyStealer, linking it to the Brazilian cybercrime group LofyGang, which has been active since October 2022. The malware uses social engineering tactics to appear legitimate and operates as a Malware-as-a-Service platform, offering both Free and Premium tiers to buyers. Its technical sophistication is evident in its method of in-memory browser injection, which allows it to bypass security defenses. The stolen data is compressed and sent to a command-and-control server. Users are advised to avoid downloading unofficial game mods and enable multi-factor authentication to reduce the risk of credential theft. Security teams should monitor for specific behavioral indicators related to the malware's operations.

Winsage

April 30, 2026

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Attackers are exploiting CVE-2026-32202, a zero-click vulnerability in Windows Shell, allowing authentication of victims' systems without user interaction. This vulnerability stems from an incomplete patch for CVE-2026-21510 and has been used by the APT28 group with weaponized LNK files to bypass Windows security. Although Microsoft addressed these vulnerabilities in February 2026, the risk remains as opening a folder with a malicious LNK file can still connect victims' machines to the attacker's server, initiating an NTLM authentication handshake that exposes the victim’s Net-NTLMv2 hash. This affects various versions of Windows 10, 11, and Windows Server. Microsoft released a patch for CVE-2026-32202 on April 14, 2026, but did not label it as actively exploited until more than two weeks later, leaving security teams unaware of its urgency. Organizations are advised to apply the patch and consider blocking outbound SMB traffic to mitigate risks.