security issues Archives

AppWizard

November 21, 2025

After a fairytale rescue, Minecraft rival Hytale sets “aggressively low” price as it isn’t “waiting for perfection”

Hypixel Studios is set to revive the sandbox game Hytale after successfully repurchasing the rights from Riot Games. Co-founder Simon Collins-Laflamme emphasizes that the project is a passion endeavor aimed at benefiting the community, despite the financial risks involved. The game will be priced at .99, with additional supporter and founders packs available for .99 and .99, respectively. Collins-Laflamme aims to keep the price low to encourage player participation during challenging economic times. The team is currently finalizing the launch date, which involves hardware tests, legal documentation, and game stabilization. Pre-orders, name reservations, and account creation are expected to begin soon. The technical director has indicated that the game will be released before achieving perfection to allow for community experimentation, and Hytale will not take any revenue from modders and server owners for the first two years.

Winsage

November 20, 2025

Qualcomm Overhauls Windows on Arm Gaming with Downloadable GPU Drivers and AVX2 Support

Qualcomm has decoupled GPU updates from Microsoft's OS release cycle, allowing Snapdragon X Elite owners to download graphics drivers directly, which aligns the company with industry standards set by Nvidia and AMD. The company has transitioned to a direct "Upgradable Graphics Drivers" (UGD) model, enabling immediate access to driver updates through Qualcomm’s portal. The beta "Adreno Control Panel" has been rebranded to the "Snapdragon Control Panel," which now includes game-specific profiling and optimization features. Qualcomm has also integrated support for AVX and AVX2 instruction sets, addressing compatibility issues with games like God of War and Control. Kernel-level anti-cheat support has been introduced, making multiplayer gaming more accessible on Arm-based systems. The Snapdragon X2 Elite is set to launch in the first half of 2026, promising "Day 0" driver support and the ability to run 90% of top games, with performance expectations to outperform Intel’s Lunar Lake architecture.

Winsage

November 16, 2025

Microsoft’s Windows 11 AI backlash proves users want 2015 software with 2025 security

Microsoft is facing significant user dissatisfaction with Windows 11 due to core functionality issues, particularly following the KB5066835 update that compromised the Windows Recovery Environment. This update caused mouse and keyboard operations to fail for many users, coinciding with the discontinuation of free security updates for Windows 10. Users are frustrated with the introduction of AI features, such as the Recall AI, which raises privacy concerns and cannot be fully removed. Feedback indicates a desire for a more reliable operating system, akin to Windows 10, without disruptive AI elements. Recent updates have also introduced regressions affecting developers and peripheral functionality, leading to doubts about Microsoft's prioritization of user needs. Historically, Microsoft has responded to user backlash by making adjustments, but the current situation highlights a disconnect between the company's AI ambitions and user expectations for stability and reliability.

Winsage

November 13, 2025

Windows Moves To Agentic OS As Backlash Erupts

Microsoft's Windows chief, Pavan Davuluri, introduced the concept of an "agentic" operating system, which aims to integrate applications, cloud services, and devices for a more autonomous user experience. This vision has generated skepticism among users, who fear it may lead to intrusive AI interactions. The term "agentic" refers to systems capable of performing multi-step tasks on behalf of users, potentially enhancing integration with file systems, notifications, and cloud services. However, past experiences with intrusive advertisements and privacy concerns have led to a trust deficit among users. The introduction of such systems raises privacy and security issues, prompting regulatory scrutiny and calls for explicit permissions, human confirmation for significant actions, and robust local processing. Hardware manufacturers are investing in AI PCs to support these developments, while developers will have access to new APIs for application integration. Microsoft faces a messaging challenge in promoting this vision, needing to demonstrate clear benefits and prioritize user agency to alleviate concerns.

Winsage

November 8, 2025

Microsoft’s Free Windows Update—You Have 48 Hours To Act

Microsoft is transitioning away from Windows 10, which will reach its end-of-life on October 14. Users have 48 hours to take action regarding potential vulnerabilities. Windows 10 users will receive their last general security updates in October, but ongoing protection will only be available through enrollment in the Extended Security Updates (ESU) program, which is free until October 13, 2026. Approximately 40% of Windows users, or around 560 million, are still on Windows 10. Failing to enroll in the ESU could leave devices vulnerable to security threats. Enrollment requires a licensed Windows 10 PC, a Microsoft Account, and saving settings to OneDrive. Users can also upgrade to Windows 11 for enhanced security if their hardware qualifies. The ESU is a temporary measure, and enterprise users have alternative, potentially more costly options for long-term solutions.

Winsage

November 6, 2025

Windows security update triggers BitLocker recovery in some systems — bug mostly impacts Intel PCs with Modern Standby support

Microsoft has issued a service alert regarding the October 2025 Windows security update, warning that it may trigger BitLocker recovery on certain systems, specifically those running Windows 11 versions 24H2 and 25H2, as well as Windows 10 version 22H2. Affected devices may boot into the BitLocker recovery screen after installing updates released on or after October 14, 2025, requiring users to enter their recovery key. Similar issues have occurred in previous updates in May 2023, 2024, and 2022. Users should verify if BitLocker is enabled and retrieve their recovery key from their Microsoft account if needed. BitLocker is a security feature that protects data but can complicate access to local accounts if activated unexpectedly.

Winsage

October 17, 2025

Denial of Fuzzing: Rust in the Windows kernel

Check Point Research (CPR) identified a significant security vulnerability in the Rust-based kernel component of the Graphics Device Interface (GDI) in Windows, reported to Microsoft in January 2025. The issue was resolved in OS Build 26100.4202, part of the KB5058499 update released on May 28, 2025. The vulnerability was discovered during a fuzzing campaign targeting the Windows graphics component through metafiles, revealing multiple security issues including information disclosure and arbitrary code execution. The specific bug was linked to a crash occurring during the execution of a NtGdiSelectClipPath syscall in the win32kbasers.sys driver, triggered by an out-of-bounds memory access when processing malformed metafile records. Microsoft classified the vulnerability as moderate severity and addressed it in a non-security update, implementing substantial changes to the affected kernel module.

AppWizard

October 15, 2025

Researchers expose critical Android flaw allowing apps to steal sensitive data

Security researchers have identified a data theft technique called Pixnapping that exploits vulnerabilities in Android devices, specifically targeting sensitive information from various applications without needing special permissions. This method allows malicious apps to capture data from other apps or websites, including sensitive information from platforms like Google Maps, Gmail, Signal, Venmo, and two-factor authentication codes from Google Authenticator. The technique utilizes a hardware side channel known as GPU.zip to read screen pixel data by measuring rendering times. The data leak rate is between 0.6 to 2.1 pixels per second, sufficient to reconstruct sensitive information. The vulnerability is designated as CVE-2025-48561 and affects Android versions 13 through 16, including devices like the Pixel 6 to 9 and Galaxy S25. A partial patch was released in September 2025, with a comprehensive solution expected in December. The attack allows benign applications from the Google Play Store to potentially spy on sensitive on-screen data, highlighting broader concerns regarding side-channel vulnerabilities that arise from hardware data processing rather than software bugs. While Google has stated there is no evidence of exploitation currently, the existence of this attack suggests that malware could bypass traditional security measures. Google is working on additional fixes to limit misuse of the blur API and improve detection capabilities, but the underlying GPU.zip vulnerability remains unresolved. Users are advised to avoid untrusted apps and keep their devices updated, as more side-channel attacks similar to Pixnapping may emerge in the future.

Winsage

October 14, 2025

5 reasons you should ditch Windows for Linux today

The author installed Linux on their first computer, a Pentium 75, after experiencing frustration with Windows 95. They highlight five reasons to switch from Windows to Linux: 1. Windows 11 Home requires a Microsoft account for setup, raising privacy concerns, while Linux allows local account creation. 2. Support for Windows 10 ended on October 14, prompting users to consider alternatives like Linux, which can revitalize older hardware with Long Term Support distributions. 3. Linux installations often outperform Windows in terms of performance, even on older machines. 4. Linux offers superior flexibility and customization options compared to Windows. 5. The author has experienced very few security issues with Linux, contrasting with the need for antivirus software on Windows systems.

AppWizard

September 30, 2025

Holy data grab Meet Zosima, Russia’s Orthodox Christian messenger app no one asked for

Zosima, an Orthodox Christian messaging app from Russia, briefly appeared on Google Play in late September before being removed. Officially launching on October 30, the app is designed for believers to connect with local parishes, receive updates about churches, request prayers, and interact with church leaders. Initially conceived as a project for the Yaroslavl region, Zosima's vision expanded to create a nationwide platform. It was intended for a limited trial launch in November 2024 but faced delays, with no official launch occurring by summer 2025. Zosima resurfaced on Google Play in September 2025, although access was restricted after media interest. The app is developed by a team of about 30 people, with Denis Osipov listed as the developer. Promised features include personal and group chats, photo and video sharing, livestreaming, and donation capabilities for churches, but many functionalities are currently unavailable, and testers found the app unfinished. Registration options include email, VK accounts, or the Gosuslugi portal, but the app's privacy policy raises concerns about data collection. Comparisons to Russia's state-backed Max app highlight Zosima's lack of functionality and potential security issues, with some users mocking it in reviews. Agapov insists it is an "Orthodox" messenger, welcoming all faiths, but its future remains uncertain amidst concerns over user privacy and data security.