security issues Archives

Winsage

June 11, 2025

Microsoft slows Windows 11 24H2 Patch Tuesday due to issues

Microsoft's June security update for Windows 11 24H2 introduced critical fixes but was quickly followed by a warning about a compatibility issue affecting a limited number of devices, leading to the throttling of the update. Microsoft plans to release a revised update that will include all security improvements from June 2025. The specifics of the compatibility issue remain unclear, with speculation about potential complications related to various CPU architectures and reports of installation errors from users. The rapid throttling of the patch raises questions about the quality control processes in place at Microsoft.

AppWizard

June 11, 2025

Forget WhatsApp And Telegram—Radical New Messenger Confirmed

WhatsApp and Telegram each have over a billion users but face scrutiny for security issues and tracking practices. A new state-controlled messaging app, VladsApp, has been approved by Russian lawmakers as an alternative to these platforms. Sergei Boyarsky, head of the Duma’s Committee on Information Policy, described it as a “secure, multifunctional alternative” aimed at enhancing digital security in Russia. The app will operate on state-controlled infrastructure and is expected to integrate with government services, allowing personal information transfer with user consent. The draft legislation must pass through parliament and receive President Vladimir Putin's signature to become law. There are concerns that the state may restrict access to foreign messaging services to promote VladsApp among users in Russia.

AppWizard

May 28, 2025

The best password managers for Android of 2025: Expert tested

Safeguarding personal information like login credentials and credit card details is crucial for Android users, and a password manager is essential for generating and securely storing strong, unique passwords. Bitwarden is highlighted as the best free password manager due to its open-source nature and robust encryption, allowing unlimited credential syncing across devices. It features autofill, secure note storage, a password generator, encrypted sharing, biometric unlock, and passkey support. 1Password is recommended for its user-friendly interface and security features, offering a library of over 20 credential types, autofill capabilities, and a feature called Watchtower for security alerts. It requires a subscription after a 14-day trial. Keeper is noted for its user-friendly onboarding process and enterprise-level security, accommodating various record types and offering features like account recovery and offline access, but it may be less appealing for budget-conscious users. Proton Pass, an open-source option from the creators of Proton VPN and Proton Mail, emphasizes privacy and offers features like password health alerts and hide-my-email aliases, although it currently lacks some functionalities of more established managers. Overall, Bitwarden is the top choice for cost-effective password management, while 1Password is recognized for its user experience.

Winsage

May 14, 2025

Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days

Microsoft has addressed 72 vulnerabilities in a recent update, including five classified as zero-days. This is the eighth consecutive month that Microsoft has tackled zero-day vulnerabilities without any being categorized as critical at the time of disclosure. The identified zero-days include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709, with CVSS scores ranging from 7.5 to 7.8. Two of these vulnerabilities are related to the Windows Common Log File Driver System (CLFS), which has been frequently targeted for exploitation. The Cybersecurity and Infrastructure Security Agency (CISA) has added all five zero-days to its Known Exploited Vulnerabilities (KEV) list. Experts suggest that some zero-day exploits may be linked to targeted espionage or financially motivated activities, including ransomware deployment. Additionally, Microsoft's update includes five critical vulnerabilities and 50 high-severity defects, with 18 vulnerabilities impacting Microsoft Office and three deemed “more likely” to be exploited. Eight vulnerabilities patched this month are considered “more likely” to be exploited, including two high-severity defects in Microsoft SharePoint Server.

AppWizard

May 5, 2025

How Signal Messenger has thrived after Mike Waltz’s inadvertent publicity boost

Signal has experienced a significant increase in its user base due to recent publicity stemming from a White House scandal related to a Houthi attack plan. The app's popularity has surged as individuals and organizations seek secure communication features, particularly its end-to-end encryption. This rise in interest aligns with a broader trend toward privacy-centric applications amid concerns about data security. In contrast, the U.S. National Security Adviser has faced severe consequences for misusing the platform, highlighting the tension between security and accountability in digital communications.

AppWizard

May 3, 2025

Photo appears to shows Mike Waltz using Signal-like app that can archive messages

White House Deputy Press Secretary Anna Kelly confirmed that the encrypted messaging application Signal is officially sanctioned for government use and installed on government-issued devices. The National Security Council has not commented on the related app, TeleMessage, which is derived from Signal and designed to help government entities comply with records retention laws. TeleMessage was founded in 1999, acquired by Smarsh in 2024, and has been involved in government contracts, including a .1 million contract with the Department of Homeland Security and FEMA that began in February 2023 and will conclude in August 2025. Tom Padgett, Smarsh’s president for enterprise business, stated that like Signal, messages sent through TeleMessage are encrypted, but the app does not address security issues raised by a recent incident involving Signal. The specifics of how government officials utilize TeleMessage remain unclear, and five cybersecurity experts admitted they were unfamiliar with the app prior to recent developments. TeleMessage licenses parts of its technology, including its encryption protocol, to other companies, but Signal clarified there is no formal agreement with TeleMessage and expressed concerns about the privacy and security of unofficial versions of their app.

Winsage

April 28, 2025

While Windows 10 users panic, Ubuntu makes extending support easy

Ubuntu offers a service called Ubuntu Pro that allows home users to extend support for Ubuntu 20.04 at no cost through Extended Security Maintenance (ESM), providing a decade of vulnerability management for critical, high, and select medium security issues. Ubuntu 20.04, launched in 2020, has five years of support remaining. Users can create a free Ubuntu Pro account to link their operating system to ESM, which can be done by executing the command "sudo pro attach TOKEN" after obtaining a unique token from their account. ESM is available for all Long Term Support (LTS) versions of Ubuntu, including 20.04, 22.04, and 24.04, with support lasting until 2030, 2032, and 2034, respectively.

Winsage

April 13, 2025

Microsoft is rolling out its controversial Recall feature to Windows Insiders

Microsoft is gradually introducing new preview features to Windows Insiders, including a feature called Recall, which allows users to return to previously accessed content by capturing screenshots of user activity. Recall was initially set for a broader rollout in June of last year but was delayed to meet security standards and further refine the user experience. It is an opt-in service requiring users to authenticate their identity with Windows Hello before accessing saved snapshots. Users can delete snapshots and pause screenshot saving at any time. Recall was previously available to a limited group of test users, and its release to all Insiders marks progress toward a broader launch.

Tech Optimizer

April 2, 2025

Bun 1.2 Improves Node Compatibility and Adds Postgres Client

Bun v1.2 has been released, enhancing compatibility with Node.js and introducing a native S3 object storage API and a built-in Postgres client alongside the existing SQLite client. The update focuses on Node.js compatibility, achieving a 90% pass rate on the Node.js test suite for core modules. The team adapted the Node test suite for Bun to address challenges with error message verification. New features include support for the node:http2 module, which offers a 2x speed enhancement, and additional support for node:dgram, node:cluster, and node:zlib. The built-in S3 support allows file operations with a 5x speed improvement over Node.js packages. The new Postgres client includes optimizations such as automatic prepared statements and connection pooling, potentially increasing read speeds by 50% compared to popular Node.js Postgres clients. Bun is developed in Zig and uses WebKit’s JavaScriptCore as its JavaScript engine, with the first version launched in September 2023.

Winsage

March 26, 2025

Hackers Exploit Windows MMC Zero-Day Vulnerability to Execute Malicious Code

Russian threat actors are exploiting a zero-day vulnerability in the Microsoft Management Console (MMC), identified as CVE-2025-26633, allowing them to bypass security features and execute harmful code. The hacking group Water Gamayun, also known as EncryptHub and Larva-208, is behind this campaign, using a weaponized version of the vulnerability called “MSC EvilTwin” to deploy various malicious payloads, including information stealers and backdoors. The vulnerability affects multiple Windows versions, particularly older systems like Windows Server 2016. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-26633 to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by April 1, 2025. Microsoft included this vulnerability in its March 2025 Patch Tuesday update. Recommended mitigations include applying security patches, restricting network access to MMC ports, and monitoring for unusual MMC activity.