root Archives

Winsage

April 25, 2026

Windows 11 KB5083769 causing a death loop on 24H2 and 25H2 systems

Microsoft's April 2026 Patch Tuesday update, KB5083769, has caused significant boot issues for Windows 11 users on versions 24H2 and 25H2. Users reported problems such as distorted visuals and the Blue Screen of Death after restarting post-update. The issue affects various hardware configurations, including HP and Dell systems. Additionally, the update may trigger BitLocker recovery on some systems, complicating recovery for users without their recovery key. Users have also experienced an increase in the number of restarts required during installation. Microsoft has not yet provided an emergency fix. Affected users are advised to use the Windows Recovery Environment for troubleshooting, including System Restore and Startup Repair. To check if KB5083769 is installed, users can go to Settings → Windows Update → Update history, and if present, it is recommended to uninstall it and pause updates.

AppWizard

April 25, 2026

NoVoice malware hit 2.3 million Android devices through apps Google never should have approved

McAfee researchers discovered a complex Android rootkit campaign, dubbed Operation NoVoice, that infiltrated 50 applications on Google Play, exploiting vulnerabilities in the kernel that had been patched but not uninstalled. The malware was resilient enough to survive factory resets and was concealed within seemingly benign apps, which collectively garnered 2.3 million downloads. The malicious payload was hidden in the com.facebook.utils package and used steganography to embed an encrypted payload within a PNG image. The malware conducted multiple checks to avoid detection and established contact with a command-and-control server, polling for exploit packages every 60 seconds. It utilized 22 distinct exploits, including vulnerabilities that had received patches between 2016 and 2021. The malware disabled SELinux enforcement and installed a persistent rootkit that could survive factory resets. Google confirmed the removal of the infected apps but noted that users who had already downloaded them remained at risk, especially if their devices were running unpatched Android versions. McAfee advised affected users to treat their devices as compromised and consider professional inspection or hardware-level storage wiping for remediation.

Tech Optimizer

April 23, 2026

Take Control: Customer-Managed Keys for Lakebase Postgres

Encryption at rest is essential for cloud environments, especially in regulated sectors. Lakebase offers Customer Managed Keys (CMK), allowing organizations to control their encryption keys from preferred Key Management Services (KMS) like AWS KMS, Azure Key Vault, or Google Cloud KMS. Lakebase CMK manages both persistent storage and ephemeral compute, ensuring data security. Lakebase's architecture separates storage and compute layers, enabling elastic scaling and serverless operations. The storage layer maintains persistent data, while the compute layer consists of dynamic Postgres instances. This separation poses encryption challenges, addressed by Lakebase CMK through a hierarchical Envelope Encryption model. The key hierarchy includes: 1. Customer Managed Key (CMK): The Root of Trust in the cloud KMS, never accessed in plaintext by Databricks. 2. Key Encryption Key (KEK): A transient key for wrapping data keys. 3. Data Encryption Keys (DEKs): Unique keys for each data segment, stored in an encrypted state. When data access is needed, Lakebase retrieves DEKs by unwrapping keys from the KMS. If a key is revoked, access to the data is denied, and ephemeral compute instances are terminated. In practice, CMK applies to: 1. Persistence Layer (Storage): All data segments are encrypted with keys controlled by the CMK. 2. Ephemeral Layer (Compute): Each compute instance generates a unique ephemeral key, and upon revocation, the instance is terminated, destroying in-memory keys. CMK implementation follows a delegation model, allowing Security Admins to manage keys without accessing data. The process includes key configuration, workspace binding, and lifecycle management. Key rotation is seamless, requiring no data re-encryption. All cryptographic operations involving the CMK are logged by the cloud provider's audit service. Lakebase CMK is available for Enterprise tier customers, allowing organizations to manage their encryption keys effectively.

Winsage

April 22, 2026

Microsoft Teams 26072.519.4556.7438: Right-click bug on desktop

The Microsoft Teams desktop client has a bug affecting users on macOS and Windows after the update to build 26072.519.4556.7438, specifically with the right-click functionality not working. Users are advised to use keyboard shortcuts (Ctrl+C, Ctrl+X, Ctrl+V) for clipboard operations. The issue was first mentioned on the Patchmanagement.org mailing list, referencing issue TM1279908, which noted service degradation alerts from Microsoft 365. Users have reported problems with copying and pasting URLs, text, and images, with the paste option grayed out in the context menu. Microsoft has identified a potential root cause and is rolling out a fix while monitoring telemetry data, with the next status update expected on April 21, 2026.

BetaBeacon

April 21, 2026

How to Install Steam on Android with ROCKNIX

The text provides a list of Steam-compatible devices from different brands such as AYN, AYANEO, Retroid, and KONKR. It also gives detailed instructions on how to install ROCKNIX on these devices, back up existing ABL, flash ROCKNIX ABL, change boot mode, install Steam, enable Steam Input, change game configs, and adjust ROCKNIX Steam settings. Additionally, it compares the pros and cons of using ROCKNIX versus Android on compatible devices and recommends installing ROCKNIX on a microSD card rather than on the internal storage due to potential risks.

Tech Optimizer

April 20, 2026

Databricks Postgres Gets Customer Key Control

Databricks has introduced customer-managed keys (CMK) for its Lakehouse Postgres offering, allowing users to control their data encryption and utilize their own Key Management Service (KMS) from major cloud providers like AWS KMS, Azure Key Vault, or Google Cloud KMS. The Lakehouse Postgres architecture features a hierarchical envelope encryption model with three tiers: the customer-managed root key (CMK), a Key Encryption Key (KEK) used by Databricks' Key Manager Service, and unique Data Encryption Keys (DEKs) for each data segment. If a CMK is revoked, access to the data is denied, and active compute instances are terminated, serving as a failsafe for high-compliance workloads. The implementation allows for granular control over key management and supports seamless key rotation without data re-encryption or downtime. All cryptographic operations are logged within the customer's cloud audit services, available to Databricks Enterprise tier customers.

AppWizard

April 19, 2026

Government has carried out no modelling on under-16 social media ban impacts

Campaigners are urging caution regarding a proposed ban on social media for individuals under 16, as the Department for Science, Innovation and Technology (DSIT) has not conducted any internal modeling or analysis to assess the potential impacts of such a ban. The DSIT acknowledged that "clear, agreed evidence does not currently exist" in response to a Freedom of Information request. In legislative discussions, MPs rejected immediate restrictions on social media for minors, while Sir Keir Starmer emphasized the need for action without guaranteeing prompt implementation. The government is piloting measures such as app bans, time restrictions, and overnight curfews with approximately 300 teenagers involved in a trial. Research led by Professor Amy Orben indicates gaps in understanding the relationship between children's mental health and digital technology use, highlighting the need for high-quality studies. The DSIT confirmed it has internal research on the subject but is withholding it to avoid misinterpretation. Burrows advocates for stronger regulation targeting online harm instead of outright bans, suggesting bans may not effectively address safety concerns. A DSIT spokesperson reiterated the commitment to building a strong evidence base and seeking public input before making decisions.

Winsage

April 18, 2026

RedSun: Windows 0day when Defender becomes the attacker

A vulnerability has been discovered in Windows Defender that allows standard users to exploit a logic error in the file remediation process, enabling code execution with elevated privileges without administrative access. This flaw, identified by security researcher Chaotic Eclipse, occurs because Windows Defender does not verify if the restoration location of flagged files has been altered through a junction point. The exploit, named RedSun, takes advantage of a missing validation in the MpSvc.dll file, allowing attackers to redirect file restoration to the C:WindowsSystem32 directory. RedSun operates by chaining together four legitimate Windows features: Opportunistic Locks (OPLOCKs), Cloud Files API, Volume Shadow Copy Service (VSS), and Junction Points. The execution of the exploit involves monitoring shadow copies, triggering Defender's detection, synchronizing OPLOCKs, and ultimately writing malicious binaries to the System32 directory. The root cause is the lack of reparse point validation in the restoration process, and currently, no patch or CVE has been assigned for this vulnerability. It affects Windows 10, Windows 11, and Windows Server 2019 and later, and organizations are advised to implement behavioral detection strategies until a fix is available.

Winsage

April 18, 2026

Windows Server 2025 Update KB5082063: Error 0x80073712 due to Media Player; and Error 0x800F0983

Cumulative update KB508206, released on April 14, 2024, for Windows Server 2025, is causing installation failures for some administrators. Error code 0x800F0983 has been acknowledged by Microsoft as an issue related to the update process, while error code 0x80073712 has been linked to the legacy Windows Media Player application. Reports indicate that the installation of KB5082063 is problematic, particularly on systems configured in German, with users experiencing persistent failures despite attempts to use repair commands. The installation issues may be related to missing files associated with the Media Player language packs, affecting various language configurations.

Winsage

April 16, 2026

Microsoft: April Windows Server 2025 update may fail to install

Microsoft is investigating an issue with the installation of the KB5082063 security update on Windows Server 2025 systems, where users are encountering the 0x800F0983 error code during the deployment of April 2026 cumulative updates. A service alert indicated that a limited number of servers may experience installation failures with this error. Additionally, some Windows Server 2025 devices may unexpectedly boot into BitLocker recovery mode after the update, requiring a BitLocker key, although this is unlikely to affect home users. Microsoft has also resolved a long-standing bug that caused Windows Server 2019 and 2022 systems to upgrade to Windows Server 2025 unexpectedly. Furthermore, Microsoft has released several emergency updates this year to address various security vulnerabilities, including issues with the Routing and Remote Access Service, Bluetooth device visibility, Microsoft account sign-ins, and installation challenges related to the March 2026 non-security preview update.