security concerns Archives

AppWizard

May 4, 2026

Hacker tracks Australian police using Android app

Australian police officers can potentially be tracked through publicly available Bluetooth applications due to a design flaw in tasers and body-worn cameras manufactured by Axon. A hacker demonstrated this vulnerability by using Android apps to detect nearby Bluetooth devices, revealing the location of police equipment, including model and serial numbers. The flaw arises from the failure to implement MAC address randomization, which could enhance security. The hacker developed software capable of tracking devices from over 400 meters away, raising concerns about the potential for criminal activities targeting police. Despite warnings to various police agencies, responses indicated confidence in existing security measures, although similar risks have been noted in the US, leading to the cessation of Axon body camera use by US Border Patrol agents. The vulnerability is considered a hardware-level issue, requiring significant redesign efforts from Axon to address it.

AppWizard

May 4, 2026

‘F-Droid’ allows you to easily install and automatically update free, open-source Android apps other than those on Google Play.

Google Play is a primary platform for Android app distribution but poses challenges for developers of free and open-source software due to registration fees and a strict review process. As an alternative, users can install apps via APK files, which allow direct installation but come with security risks. F-Droid is a dedicated repository for free and open-source Android applications, offering built-in update notifications and support. To use F-Droid, users must manually install the app from its official website. After installation, users can navigate the interface to find and install apps, grant permissions for updates, and manage app installations, including enabling settings for unknown sources. F-Droid provides a user-friendly experience for locating and updating apps, ensuring that users have access to secure and regularly updated software.

AppWizard

April 28, 2026

Denuvo dealt major blow as crackers claim all non-VR games with the anti-tamper have been bypassed

Every non-VR game utilizing Denuvo DRM has been successfully compromised due to the emergence of the Hypervisor bypass, a method that deceives Denuvo into believing it is functioning correctly. This technique requires users to disable Driver Signature Enforcement, raising security concerns. The CrackWatch subreddit reports that all non-VR Denuvo games have been cracked or bypassed to some degree, with Capcom's Pragmata being completely bypassed just two days before its official launch. Cracking Denuvo within the first week of a game's release can lead to revenue losses of up to 20% for developers and publishers. Irdeto is actively developing updated security versions to address the Hypervisor bypass, assuring that these measures will not compromise game performance.

Winsage

April 28, 2026

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has identified an issue affecting the display of security warnings when users open Remote Desktop (.rdp) files across all supported versions of Windows, including Windows 11, Windows 10, and Windows Server. The security warning may not render correctly, making the text difficult to read and buttons misaligned, especially when multiple monitors with different display scaling settings are used. This issue often results in overlapping text or obscured buttons in the warning window. The problem is part of Microsoft's security enhancements introduced with the April 2026 cumulative updates, which aim to mitigate risks associated with malicious RDP connection files. Users receive a one-time educational prompt upon opening an RDP file for the first time, followed by a security dialog that provides information about the file's publisher and resource redirections. RDP files are commonly used in enterprise environments, but their exploitation in phishing campaigns has raised security concerns, particularly by groups like the Russian state-sponsored APT29.

Winsage

April 22, 2026

You can now run WSL on Windows 95, in case you’re crazy, too

Hailey has developed the Windows 9x Subsystem for Linux (WSL9x), which allows the 6.19 Linux kernel to run on Windows 9x systems without a graphical user interface, relying instead on a terminal experience. WSL9x consists of three main components: a modified Linux kernel that interacts with Windows 9x APIs, a virtual device (VxD) driver that initializes WSL9x and manages userspace events, and a simple 16-bit DOS client for passing commands to the Linux kernel. The system handles syscalls through a general protection fault handler due to limitations in the Win9x architecture. However, this setup poses security risks as both the Linux kernel and Windows kernel operate with the same CPU privileges, meaning instability could occur if either crashes. Comprehensive instructions for installation are available on Hailey's Codeberg page.

AppWizard

April 21, 2026

Xbox PC Project Might Have Solved How To Fix Hundreds Of ‘Broken’ Windows Games

The Xbox Collection Tracker project on GitHub addresses connectivity issues faced by Windows 8-era games in the Xbox PC app due to the transition from XBL2.0 to XBL3.0 token formats. Microsoft has deprecated the old XBL2.0-formatted XSTS tokens, causing many older titles like Microsoft Mahjong, Minesweeper, Hydro Thunder Hurricane, and others to encounter sign-in errors and lose access to features tied to Xbox Live identity. The project aims to create a compatibility layer that allows these games to connect to Xbox servers using the modern XBL3.0 format without needing extensive modifications. Developers are advocating for a server-side translation layer to restore the functionality of these classic games while acknowledging potential security concerns.

Winsage

April 20, 2026

“The vault is solid, the delivery truck is not” — strong key storage, shaky transfer: why this Windows Recall feature raises new security questions

Windows Recall, an AI-driven tool by Microsoft designed to capture and analyze users' screen content, was initially unveiled in 2024 but faced a delayed rollout due to significant security concerns. It launched in April 2025 with enhanced security features, including isolation within a "VBS Enclave" to protect against third-party access and filtering out sensitive information. However, security researcher Alexander Hagenah identified a flaw where data is transmitted to a less secure process, d AIXHost.exe, allowing tools like TotalRecall Reloaded to access sensitive data without administrative privileges. Despite reporting this vulnerability, Microsoft deemed it "not a vulnerability" and has not planned significant fixes. In response to user backlash, Microsoft is reassessing its AI initiatives, including Windows Recall, while privacy-focused organizations have introduced features to block the tool. Experts are calling for improved security protocols and user opt-out options.

Winsage

April 16, 2026

Windows 11’s Recall tool has been cracked open again, and Microsoft doesn’t see that as a problem

Alexander Hagenah has developed a tool called TotalRecall Reloaded that exploits a vulnerability in Microsoft's AI feature, Recall, which manages data. Recall was designed to store AI-generated insights but was found to potentially store sensitive information in plain text, prompting Microsoft to delay its rollout. The vulnerability lies in AIXHost.exe, which lacks essential security measures, allowing unauthorized processes to extract sensitive data, such as decrypted screenshots and metadata, after user authentication via Windows Hello. Microsoft has downplayed the risks, asserting that existing security controls mitigate unauthorized access. TotalRecall Reloaded is available on GitHub for further exploration.

AppWizard

April 9, 2026

Project Zomboid bans rogue mods deploying “malicious code” to players’ PCs

The Indie Stone has removed a series of malicious mods associated with the 'True Moozic' soundtrack expander for Project Zomboid, which were found to generate harmful files outside the game’s directory. These mods were not linked to their original creator and have been taken down from the Steam Workshop. The developer banned the individual responsible for these uploads and advised players who downloaded the affected mods to take security precautions. A total of 14 mods from the same user were identified, with installations estimated between 500 and 2,200. The Indie Stone clarified that the exploit was limited to Build 42 branches and emphasized that the malicious uploads were unauthorized and not part of the True Moozic mod. Additionally, they released a security update for Build 41 to address a separate vulnerability, which has not been found to be exploited. The 'outdated unstable' branch has also been updated to ensure it remains one content update behind the 'unstable' branch.

Winsage

April 8, 2026

Showing the Windows 10 desktop was the yeast they could do

A bakery in Ontario, Canada, displayed three Windows 10 desktops in a humorous signage mishap. The bakery advertises itself as "Artisan, Fresh, and Healthy," and has a security camera aimed at preventing baguette theft. The presence of Windows 10, despite its criticisms, is seen as more favorable than its successor, Windows 11. The bakery lacks typical enticing imagery, featuring instead the default Windows 10 wallpaper.