security measures Archives

Winsage

April 30, 2026

Windows AI Recall is pushing data destruction upstream

The introduction of Copilot+ PCs has created new complexities in IT asset disposition (ITAD), as these devices may contain a comprehensive, time-stamped archive of user activity, which was not present on corporate laptops two years ago. Microsoft's Recall feature captures user activity screenshots and stores them securely, but recent research by Alexander Hagenah suggests that the safeguards may be ineffective, as his tool can extract sensitive data without breaking encryption. Microsoft defends the security of Recall, stating that observed access patterns align with intended protections. This situation presents challenges for ITAD operators, as pre-collection now constitutes a data-destruction event, requiring devices to be powered down or purged before leaving the client’s environment. Certificates of sanitization must evolve to address the specific destruction of Recall snapshot stores, and conversations with clients should differentiate between managed and unmanaged fleets regarding Recall settings. The presence of Recall shifts some data-destruction responsibilities upstream to clients, complicating traditional ITAD value propositions.

Winsage

April 30, 2026

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Attackers are exploiting CVE-2026-32202, a zero-click vulnerability in Windows Shell, allowing authentication of victims' systems without user interaction. This vulnerability stems from an incomplete patch for CVE-2026-21510 and has been used by the APT28 group with weaponized LNK files to bypass Windows security. Although Microsoft addressed these vulnerabilities in February 2026, the risk remains as opening a folder with a malicious LNK file can still connect victims' machines to the attacker's server, initiating an NTLM authentication handshake that exposes the victim’s Net-NTLMv2 hash. This affects various versions of Windows 10, 11, and Windows Server. Microsoft released a patch for CVE-2026-32202 on April 14, 2026, but did not label it as actively exploited until more than two weeks later, leaving security teams unaware of its urgency. Organizations are advised to apply the patch and consider blocking outbound SMB traffic to mitigate risks.

Winsage

April 29, 2026

Windows 11 April Patches Trigger Remote Desktop Bug

Microsoft has acknowledged a significant issue with the April updates to Windows 11, particularly affecting the Remote Desktop feature in mixed-scaling multi-monitor environments. Security warning dialogs may become unreadable, complicating the trust prompt process before initiating a connection. Temporary workarounds have been provided while a permanent solution is being developed. The issue arises from a new warning window introduced in April, which is difficult to read or interact with when different display scaling settings are used. Affected Windows 11 packages include KB5083769 and KB5082052. Users are advised to align scaling values across monitors or use keyboard navigation if the mouse fails to interact with the buttons. Microsoft added this bug to its known issues documentation on April 23 and updated it on April 27, indicating ongoing investigation and a cumulative update is anticipated to restore prompt clarity. The April release cycle also faced a separate regression related to BitLocker recovery, adding operational strain on administrators.

AppWizard

April 29, 2026

Are you still using Sign in with Google? Here’s why you should stop

Relying on a single Google account for access to various services poses significant vulnerabilities, including the risk of account lockout due to forgotten credentials, phishing attacks, or arbitrary bans. This centralized approach can lead to loss of access to critical data and services. Sophisticated phishing techniques, such as Adversary-in-the-Middle (AiTM) attacks, can compromise account security by mimicking legitimate login screens. Additionally, linking multiple services through a Google account contributes to a comprehensive digital footprint that Google can analyze, raising privacy concerns. To enhance digital security, users are advised to create standalone accounts for various services and utilize password managers like KeePass, Bitwarden, and 1Password to maintain unique credentials.

AppWizard

April 29, 2026

New Android spyware Morpheus linked to Italian surveillance firm

Morpheus is a new spyware identified by the nonprofit organization Osservatorio Nessuno, which spreads through counterfeit Android applications that appear as legitimate updates. Attackers use SMS messages to direct victims to a fraudulent website mimicking an Internet Service Provider (ISP). The spyware installs a dropper app that deploys a concealed payload, which disguises itself as legitimate system components and manipulates users into granting dangerous permissions, including Accessibility access. Once granted, Morpheus initiates a Permission Workflow that creates a fake update overlay, disabling the touchscreen to prevent user interaction. It ensures persistence by restarting after device reboots and can request device administrator privileges. The spyware exploits overlay windows and Accessibility features to gain control of the device and bypass security measures, including disabling antivirus solutions without requiring root access. Analysis suggests Morpheus has Italian origins, with connections to an Italian firm, IPS Intelligence, known for lawful interception technologies. The spyware is capable of invasive actions such as recording audio and video, linking to WhatsApp, and compromising device security. The report highlights a network of dubious companies and shared contacts linked to the spyware's distribution.

AppWizard

April 28, 2026

Denuvo dealt major blow as crackers claim all non-VR games with the anti-tamper have been bypassed

Every non-VR game utilizing Denuvo DRM has been successfully compromised due to the emergence of the Hypervisor bypass, a method that deceives Denuvo into believing it is functioning correctly. This technique requires users to disable Driver Signature Enforcement, raising security concerns. The CrackWatch subreddit reports that all non-VR Denuvo games have been cracked or bypassed to some degree, with Capcom's Pragmata being completely bypassed just two days before its official launch. Cracking Denuvo within the first week of a game's release can lead to revenue losses of up to 20% for developers and publishers. Irdeto is actively developing updated security versions to address the Hypervisor bypass, assuring that these measures will not compromise game performance.

Winsage

April 28, 2026

Microsoft: New Remote Desktop warnings may display incorrectly

Microsoft has identified an issue affecting the display of security warnings when users open Remote Desktop (.rdp) files across all supported versions of Windows, including Windows 11, Windows 10, and Windows Server. The security warning may not render correctly, making the text difficult to read and buttons misaligned, especially when multiple monitors with different display scaling settings are used. This issue often results in overlapping text or obscured buttons in the warning window. The problem is part of Microsoft's security enhancements introduced with the April 2026 cumulative updates, which aim to mitigate risks associated with malicious RDP connection files. Users receive a one-time educational prompt upon opening an RDP file for the first time, followed by a security dialog that provides information about the file's publisher and resource redirections. RDP files are commonly used in enterprise environments, but their exploitation in phishing campaigns has raised security concerns, particularly by groups like the Russian state-sponsored APT29.

Winsage

April 28, 2026

Incomplete Windows Patch Creates New Zero-Click Attack Risk

A new vulnerability in Microsoft Windows, designated as CVE-2026-32202, has been discovered due to an incomplete security patch for a previous flaw (CVE-2026-21510). This new vulnerability allows attackers to execute zero-click attacks by processing specially crafted shortcut files, enabling automatic authentication requests without user interaction. The vulnerabilities are linked to another flaw (CVE-2026-21513) in Microsoft’s MSHTML framework, and cybercriminals, specifically the APT28 group, have exploited these issues in attacks against Ukraine and the European Union. Microsoft has released a fix for the new vulnerability in its April 2026 security updates.

Tech Optimizer

April 27, 2026

The Best Internet Security Solutions Out There Right Now

Mysterium VPN offers a decentralized infrastructure with over 7,500 residential IPs across 100 countries, ensuring user privacy without requiring contributions of personal IPs. It features DNS and IP leak protection, a kill switch, ChaCha20 encryption, and a no-logs policy, complying with GDPR. Mysterium supports up to 15 devices simultaneously and is priced at .59 per month with a 7-day money-back guarantee. Bitdefender Total Security provides comprehensive antivirus protection, including malware detection, ransomware protection, firewall management, and device optimization tools, along with webcam protection and anti-phishing features. Kaspersky Premium delivers real-time antivirus protection, identity theft monitoring, secure payment tools, and parental controls, maintaining high threat detection capabilities. Proton VPN, based in Switzerland, emphasizes privacy and transparency, offering a solid free tier and premium features like Secure Core routing, although its speeds may vary. Malwarebytes Premium focuses on detecting newer or less common threats, evolving from a malware removal tool to a comprehensive security platform. Avast One integrates antivirus protection, VPN services, and performance optimization tools, providing identity monitoring and breach alerts, while working to enhance transparency after past scrutiny. 1Password specializes in secure password storage, generation, and autofill capabilities, along with features to alert users to compromised credentials and secure document storage.

AppWizard

April 27, 2026

Elon Musk’s XChat App Is More Like Facebook’s Messenger Than Signal

Elon Musk launched the XChat app, a stand-alone messaging service for X users, claiming it to be the only secure, encrypted messaging app. Critics have raised concerns about XChat's security, particularly its requirement to link an existing X account and the storage of cryptographic keys on X's servers. The app's rollout faced delays and confusion, with users in the UK experiencing access issues. Initial user experiences indicated limited messaging capabilities, as many contacts may not have X accounts. The app's privacy claims were questioned, as it still collects data linked to users. XChat shares similarities with Facebook's Messenger, both requiring account creation and linking to their respective platforms.