servers Archives

AppWizard

May 5, 2026

FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware

A fraud network called FEMITBOT has emerged, using Telegram's Mini App feature to conduct investment scams and distribute malware. Identified by the research firm CTM360, the network operates through API responses and presents itself as organized. The scams involve Telegram Mini Apps that display phishing pages, fake dashboards showing fictitious earnings, and urgency tactics to pressure users into making quick decisions. FEMITBOT mimics well-known brands like Apple and Coca-Cola to enhance credibility and disseminates Android malware disguised as legitimate applications. The operation is highly organized, utilizing marketing tools to optimize their scams. Users are warned to be cautious of bots requesting deposits before granting access to funds.

AppWizard

May 5, 2026

North Koreans Spy on Defectors Via Android Game Apps

A North Korean hacking group has targeted a digital gaming platform popular among the Korean ethnic enclave in China, using a sophisticated strategy to infiltrate Android applications. Researchers from Eset discovered that an app on the platform contained a backdoor known as BirdCall, linked to North Korea. The official website for the gaming platform hosted the same suspicious APK file. A second Android file associated with another game on the same site was also found to contain the BirdCall backdoor. This supply-chain attack was attributed to the threat actor ScarCruft (APT37), active in Asia and extending into Europe and the Middle East since late 2024. The hackers likely compromised the web server to recompile original APKs with the backdoor, which can collect sensitive information such as contacts, SMS messages, call logs, documents, media files, and private keys, and can take screenshots and record audio. The malware disguises its command and control traffic among regular internet traffic, primarily using Zoho WorkDrive for operations.

AppWizard

May 4, 2026

How a ’90s Zelda PC port became a fangame factory, turning one legend into a thousand

Whale falls occur when whales die and their carcasses create nutrient-rich ecosystems that attract various marine life, including the bone-eating snot flower worm. In gaming, ZQuest Classic is a user-friendly game creation tool that allows fans to create their own games, often inspired by the Zelda series. The platform has a supportive community, with a database of custom games categorized by genre. Notable creations include The Deep, a metroidvania quest, and larger projects like Lost Isle and The Hero of Dreams. Developers like Eddy Oliveira have made significant contributions, and the dynamic between lead developers Emily Venezia and Clark is essential for the platform's evolution. They are preparing for the 3.0 release, which will introduce new features to enhance game development.

Tech Optimizer

May 4, 2026

Wiz ZeroDay.Cloud Event Reveals 20-Year-Old PostgreSQL Vulnerabilities

Cybersecurity researchers at Wiz’s ZeroDay.Cloud event in London exploited two significant vulnerabilities in PostgreSQL, tracked as CVE-2026-2005 and CVE-2026-2006, which were disclosed on May 4, 2026. The vulnerabilities were found in the pgcrypto extension, affecting public-key decryption and symmetric decryption functions. CVE-2026-2005 allows privilege escalation via a buffer overflow during public-key decryption, while CVE-2026-2006 enables attackers to corrupt memory through inadequate checks in symmetric decryption. PostgreSQL has released patches for these vulnerabilities across versions 14.21 to 18.2, and MariaDB addressed a related issue in versions 11.4.10 and 11.8.6. Database administrators are advised to apply updates and audit logs for suspicious activity.

Winsage

May 3, 2026

Microsoft Defender Adds Dashboard for 2011 Secure Boot Certificates

Microsoft has introduced a feature in the Microsoft Defender dashboard to help IT managers identify devices using 2011 Secure Boot certificates, which expire in June of this year. The recommendation view categorizes devices into three groups: Exposed Devices (trust outdated certificates), Compliant Devices (use new 2023 certificates), and Not Applicable Devices (Secure Boot disabled or unsupported). The dashboard provides a centralized overview of device security status and the distribution of 2023 certificates, allowing filtering by operating system and device context. Devices without the new certificates will still boot but may lack the latest protection during the early boot phase, exposing them to threats. Microsoft does not automatically distribute new certificates via Windows updates on servers, requiring manual action from administrators. The dashboard aids IT teams in prioritizing action on Exposed Devices and exporting data for collaboration.

AppWizard

May 2, 2026

Hit cowboy co-op shooter’s servers are struggling, developer says its service provider ‘is currently drinking mojitos instead of helping’

Progress is being made on the game Far Far West, developed by Evil Raptor, which has launched on Steam. The servers are operational, but some promotional codes are experiencing issues. The studio is working on a fix and exploring a workaround for online gameplay. A patch addressing server challenges is available on the beta branch, and players are encouraged to participate in testing. Far Far West has sold over 250,000 copies within two days of release and has an "overwhelmingly positive" rating on Steam from over 8,900 reviews. The game can be played solo or with friends using session codes or direct invites through Steam. A dedicated Beta Discord channel has been established for player feedback.

AppWizard

April 30, 2026

EVE Online dev pays out $80,000 to mod contest winners for its experimental survival MMO

CCP Games has announced the winners of its latest hackathon for EVE Frontier, a blockchain-based survival MMO. The main winner, CradleOS, received a prize of ,000 for its civilization-building tool. An additional ,000 was awarded to other notable projects. The winning projects include: - CradleOS: A user interface and system for managing in-game resources and territory with a narrative involving a mysterious AI. - Blood Contract: A bounty system for player-versus-player quests. - Civilization Control: A user interface for managing territory and assets in the game. Secondary category winners were Bazaar, which received the "Most Creative" award for transforming the marketplace menu into a playable social space, and Shadow Broker Intel, which won the "Weirdest Idea" accolade for a marketplace trading player activity intelligence. EVE Frontier is currently in early access, allowing players to participate in its modding experiment.

AppWizard

April 30, 2026

New Windrose update fixes your holey roofs with more building pieces, and its performance foundations are now much sturdier

Kraken Express has released an update for its pirate survival game, Windrose, addressing networking and performance issues while introducing new building components. The update includes a Force Relay Connection setting for enhanced online gameplay, resolving excessive CPU usage on idle servers, reducing SSD strain, and eliminating frame stuttering during inventory access. Approximately 40 missing wall triangle pieces and three triangular floor pieces have been added, along with reduced crafting costs for building pieces and a 20% increase in Hardwood drop rates. The Ashlands biome expansion is in development and expected to take at least six months to complete.

Tech Optimizer

April 30, 2026

Inside the Architecture of an MCP Server for PostgreSQL

The Model Context Protocol (MCP) serves as a standard interface between large language models (LLMs) and external systems like PostgreSQL, emphasizing the importance of control over mere connectivity. An MCP server must act as a mediation and policy layer, enforcing security boundaries and ensuring that connections default to read-only. It should validate AI-generated SQL as untrusted input, encapsulate queries within transactions, and apply execution-time controls. The server must separate query generation from execution approval to manage operational costs and enforce guardrails on query types, such as limiting the number of rows returned. Token efficiency is crucial, with design considerations for compact data representation and schema introspection. In production, connection management is vital to prevent data leakage among multiple AI agents, and observability through logging executed queries and metadata is necessary for debugging and compliance. Long-running sessions require support for paginated responses to manage context effectively. Overall, the MCP server must integrate security, query safety, token efficiency, and observability into its design from the outset.

Winsage

April 30, 2026

CISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)

Attackers are exploiting CVE-2026-32202, a zero-click vulnerability in Windows Shell, allowing authentication of victims' systems without user interaction. This vulnerability stems from an incomplete patch for CVE-2026-21510 and has been used by the APT28 group with weaponized LNK files to bypass Windows security. Although Microsoft addressed these vulnerabilities in February 2026, the risk remains as opening a folder with a malicious LNK file can still connect victims' machines to the attacker's server, initiating an NTLM authentication handshake that exposes the victim’s Net-NTLMv2 hash. This affects various versions of Windows 10, 11, and Windows Server. Microsoft released a patch for CVE-2026-32202 on April 14, 2026, but did not label it as actively exploited until more than two weeks later, leaving security teams unaware of its urgency. Organizations are advised to apply the patch and consider blocking outbound SMB traffic to mitigate risks.